Nginx Reverse Proxy Container with a self-signed Certificate
The title is a bit long, because I wanted it to describe exactly the task at hand. Create an Nginx reverse proxy container, with self-signed certificate.
The purpose of this post is to create a quick-guide for this purpose. I happen to need it from time to time, for various purposes, such as:
- For self-contained environments, for environments without a direct access to the Internet
- For test labs
- For internal web services which are behind a forward SSL termination were the customer does not want clear text data running on the wire.
Self-signed certificate is good enough for such cases, encrypting the data on wire, at an acceptable price and complexity.
It is important to stress that you need to implement this configuration wisely. Do not implement it on a public web site. Do not use it instead of the correct solution -LetsEncrypt and renewal SSL certificate (I will write about my web sites design sometime in the future). Use it responsively.
The concept, in general, is to run an Nginx proxy with the minimal required configuration to support this setup. It can be used as a service within a docker-compose stack. It can be a front-end on another docker tier (different networking and so on) for another stack of web applications. It’s up to you. In my case – I used ports 443 and 80, so, with a single host IP address, and no special docker networking – there can be only one.
You will need a small nginx configuration file (default.conf), a certificate (cert.pem ; key.pem) and a small docker-compose.yaml file and all should work just fine. You can find working examples of these files in my public Github scripts repository, under the self-explaining name docker-compose-nginx-rp-self-signed. Setting this correctly (following the examples, and even using the files from the repository almost-unaltered) will result in a simple Nginx reverse proxy container, using self-signed certificate.
I believe that the Github repository provides all the information required to handle this task. If you have any questions or corrections, feel free to post them here.
