Below are steps to configure nginx-proxy on your docker host. The tutorial assumes the following:
|sub-domain for virtual hosts||demo.example.com|
Now that we have a reverse proxy, we can secure the port using HTTPS. In this example, we are creating a wildcard certificate to match the wildcard DNS entry. In this example, the "Common Name" is "
|A wildcard certificate only covers one level of subdomains. For example, you cannot use *.example.com as a wildcard certificate for sampletown-usas.demo.example.com because, in this case there are two subdomain levels. The wildcard certificate needs to be *.demo.example.com.|
Create a certificate and CSR in the proxy's ./certs directory (this volume was mounted in the proxy's docker-compose.yml file above).
data/proxy# mkdir -p certs data/proxy# cd certs data/proxy/certs# # Create a private key: data/proxy/certs# openssl genrsa -out demo.example.com.key 2048 data/proxy/certs# # Create a CSR from the new key: data/proxy/certs# openssl req -new -sha256 -key demo.example.com.key -out demo.example.com.csr ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Ohio Locality Name (eg, city) :Archbold Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Organization name Organizational Unit Name (eg, section) :Your OU Common Name (e.g. server FQDN or YOUR name) :*.demo.example.com. Email Address :email@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
Send the CSR to your favorite signing authority, or self sign it:
data/proxy/certs# openssl x509 -req -sha256 -days 3650 -in demo.example.com.csr -signkey demo.example.com.key -out demo.example.com.crt
Configure nginx to listen on port 443. Add port mapping to the proxy's docker-compose.yml file:
proxy: image: jwilder/nginx-proxy restart: always volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - ./certs:/etc/nginx/certs:ro - ./vhost.d:/etc/nginx/vhost.d - ./html:/usr/share/nginx/html environment: - DEFAULT_HOST=demo.example.com ports: - "80:80" - "443:443"
Recreate the proxy container with:
docker-compose up -d