NGINX Proxy Manager

This is part of 2nd lab of day 1 i.e running containers in production. Proceed with this lab only after the theory of running containers in production is finished.

Setup NGINX Proxy Manager

(U) Step 1 - Create docker-compose.yml for NGINX Proxy Manager

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '81:81'
      - '80:80'
      - '443:443'      
    volumes:
      - data:/data
      - letsencrypt:/etc/letsencrypt

volumes:
  data:
  letsencrypt:

Step 2 - Bring up the container

docker-compose up -d

Access NGINX proxy manager on: http://a01.apnicdemo.the-net.work:81 and login with username admin@example.com and changeme

(U) Step 3 - Reverse Proxy Smokeping running on 8090 port

Click on hosts
Select proxy hosts
Add proxy host
Add smokeping.a01.apnicdemo.the-net.work in the domain names
In the Forward Hostname / IP put 10.10.10.10 and in forward port put 8090
Click on SSL tab and select request new SSL certificate
Check “force SSL” and agree to the Letsencrypt terms
Click save and wait for reverse proxy vhost to be deployed with a TLS certificate

Once done, ensure that you are able to access your app on https://smokeping.a01.apnicdemo.the-net.work

Step 4 - Reverse proxy NGINX proxy manager behind itself

Reverse proxy NGINX proxy manager behind itself. Use 10.10.10.10 port 81 and proxy the hostname npm.a01.apnicdemo.the-net.work

Step 5 - Update docker-compose.yml for NGINX Proxy manager and smokeping

Ensure that port 81 is bind only on loopback IP i.e 10.10.10.10

Updated config for ports will look as:

    ports:
      - '10.10.10.10:81:81'
      - '80:80'
      - '443:443'

Similarly for smokeping ensure that port 8090 is bind only on 10.10.10.10.

This will ensure NGIX proxy manager is not available over any direct access anymore.