Setting up an Nginx reverse proxy to host multiple websites (Uses Docker)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
nginx is a part in reverse proxy server and today I'll be looking at how you can deploy your own multiple websites using nginx as a reverse proxy server I'll be using docker to instantiate a couple of different websites and I would pretend as if things are different hosts and nginx will be installed on the main server where it would be forwarding the websites the relevant traffic to the relevant websites so I'll be hosting two websites blog dot R and V block comm I know creative name and just run read block comm they're both pointing to the same IP address this is the IP address of my reverse proxy server running nginx of course and then later I will use let's encrypt to issue a free SSL certificate for this website for both the website and the SSL would be terminated at nginx and the traffic would then flow unencrypted between the reverse proxy server and the backend server so that's something you might want to keep in mind if I'm using docker so the reverse proxy and other back-end servers are on the same virtual machine but if you are using remote locations to serve your website you might want to be careful about this because you don't want unencrypted traffic between your reverse proxy and your back-end servers so just a heads up if in case you are following this tutorial be a little careful I'll be using sort bots of course to issue certificates and of course docker is what I'm going to use to soap my back and web sites all right enough ramble let's get started let's start with installing nginx I think I have it installed here no I haven't so let's install that and I should increase the font size so you guys can read oh okay that's good enough so I have nginx installed and I can show that to you by going to my website for crying out loud yeah so if I visit this website it says welcome to nginx that's fine and if I go to the other website my other domain name or anybody same it says cannot be reached which is fine I guess so that's bad no enginex source website as per its configuration file so if I go do let's see nginx you will see that there are different folders here there is confidant D and this is your default configuration folder for almost all the distributions out there there are two different folders that you may have noticed that site enabled and sites available this is a little bit of ubuntu debian convention of doing things and if i list all the files and sites enabled you will see that the default websites configuration are saved here the this file the default file is in fact a symlink a shortcut for sites available default configuration file and the sites available folder but that's by the by we don't need this because this page and its contents are irrelevant to us we want nginx to work as an edited as a reverse proxy not as a webserver so let's remove sites enabled default and that's that and we will be adding files to our County just quantity there's nothing in there and that's alright we will add these details but first let's create our back-end servers for that I'll be using dr. and I'll be using so let's create a network I have docker and sort what pre-installed on this so that's just by the by so let's create a network post because if I am using the default docker Network then that I'll have to expose ports and it will be messy so a cleaner approach is to create a Alice Alice I'll see that there is a bridged Network which was the default one and now that is a new network called my network which is using the same driver as bridge network so to talk pretty much the same way with an added benefit that I won't have to expose ports for each container that are idols that's great let's add a few containers in ghost which would pull a really nice CMS ghost block if you don't know what it is I highly encourage checking out ghost dot-org it's low let's give it a second come on you can do it come on VDS yes you can come on yeah excellent so I have imported an image no that's the containers themselves I'll run docker di T would be my network so the containers will be deployed on that network with different IP addresses and subnet masks which is fine let's from the same command one more time so there will be two containers ts would show that there are two containers determined bernal and unruffled Banach creative names and we need the IP addresses of these containers they are private IP addresses so if I go I have config I can see that well there is my public IP address for this virtual machine which is this at ethion then there is the default docker at address for this host which we are not using because i have created a custom network and that network is this one BR whatever the gibberish is and how do I know that well most of it is just guesswork but you can see the state of the VM before enough tried on that command and you will see that there is a new interface which is this one and then there are a couple of other interfaces this one and the this these interfaces are not connected to our host machine these interfaces connect the containers to this network so our host machine has this IP address to communicate with the dock docker machines and our docker containers will have IP address 170 2.1 8.0 dot-to-dot 0.3 that's what I am guessing but let's look at what the actual IP addresses are so I'll just copy this see what's the command docker inspect it yep docker inspect run low-level information on docker objects and we can see its IP address right here is dot 0.3 and that is another one whose IP addresses dot 0 dot - in fact I am so confident that I'm not even going to check for it which is a stupid thing let's not send the wrong message in traveled in fact checking under for Vondrak copy yes dot 0 dot to the gateway is 0.1 which is our host machine which I have repeated a thousand times panel so that's all right so now we can actually write our count file right let's do that let's clear all of it see angelarts Alice Edie I'll do a configuration files here there will be them let's give them these little names in your blog Don let's be a little cheeky here and I'll be adding the contents of this file in there so I'll just okay let's compete okay let's see what this thing does so it's a server directory it tells nginx that that is a new server to be added to the configuration file for this server we'll be listening on port 80 regardless of whether or not the interface uses ipv4 or ipv6 the server's name is run vblog comm location the root is this we are doing a proxy pass to an IP address I haven't mentioned what the IP address is going to be so let's do that port number 2 3 6 8 because the ghost block that we just imported exposes that code number and how do I know that well you look at the documentation and ghost is a free and open source blogging platform blah blah blah let the web page load why it's going to read slow and yeah there you go you can see that this is the port number that this container exposes that's the choice of the designers and developers were behind this blog platform asked me vizor the way it is in any case so we have one thing going on here and that's yeah we know the IP address we have given it a reasonable name that's all right let's do the same for our second website which is blocked or twenty eight o'clock calm which is a weird name but it's 5:00 in the morning and I don't even know what anymore let's change the name six eight is there anything else let's check our concentration file and see if Tanner in the errors to do that just on engine X minus D says everything is okay so time to reload this engine X let's see what we have going on for us see so there is a blog here or this domain name that's good whereas a 3.22 HTTP probably some caching issues for crying out loud there he goes so both the domain names are pointing to presumably two different blocks we don't know could be the same block maybe I just made a huge mistake we'll see next step is well to issue an SSL certificate and we'll be using let's encrypt for that let's say encrypt if you don't know is a free SSL certificate provider and a very renowned certificate authority and the job of a certificate provider is to ensure that their domain names are in fact controlled by well they give an IP address so when I say that this domain name wants to this IP address let's encrypt wants to know whether or not that's true whether or not that's legitimate or not and for that they have an entire process in place which is kind of tedious and you don't want to do it manually so we'll use a client for that and that client assert what it automatically enables HTTPS on your website as the description says and we will be using nginx is it probably this is the version that I'm using if you go to I'm not sure let's roll the dice with this one so we'll be using this if you want to follow along there are detailed instructions sites please use that we just need to know how to issue a certificate and that's done using this command so I bought nginx so let's do that I have it installed by the way that or I may not have installed it in yes please give it a minute oh and yeah we need a plug-in for nginx because thought God would helpfully configure everything for us yeah so instead of running this command you should actually run this one if you are using nginx that are appropriate packages for other web servers if you don't trust it and everything is done that's wrong so what eugenics and it asks us to give it a an email address and then read this I'll just I'm not gonna put it online examples I agree screw it yeah I agree with your terms and conditions no I'm not willing to share now here's the attractive part so I entered my email address then it prompted me to a fee for its terms and conditions which well you have to do if you want their services did that and then yes you're not willing to share your email address or you can sign up for that email address a newsletter which by the way are a great resource to learn about how the web works but here's the interesting part and then goes through your nginx configuration files and picks up the domain names for which you have created configuration files so I have added server named Randy blog comm and it picked up on that then it picked up on the second one which is great so it will automatically fetch certificates for both of them select the appropriate number separated by commas and or spaces or leave their input blank to select all options shown so I'm just gonna hit enter and not gain the certificates for me I do not have to do anything deploying certificates to virtual hosts then it asks whether or not I want to redirect my traffic and I would recommend go with the second option although it says use the second option a bit more carefully but the second option would essentially edit your configuration files the two files that we have created it would edit them in such a way that all the traffic coming at port 80 which is HTTP will be redirected to port 443 which is HTTPS there by securing all the connection between you and your clients and you kind of need that it's important because you can't trust your users to use HTTPS despite what chrome might think that prompting them would do people are just careless can't take any risks so I'll be redirecting all of the traffic to HTTPS and here it has shown that yeah your certificate and chain have been saved at this directory so your full chain which is a cryptographic key essentially is saved at this in this file full chain dot BM your private key which is something you want to keep secret is saved at this bear in mind that this certificate although it is saved in rugby blog.com is actually for both the domain names blog blog dot Randy block and just that vanilla domain name that I had created earlier so these are all certificate files they are created and then they're there that's that now let's look at our configuration file and let's look at the situation over there so we had these two files right let's look at the first one you can see that nginx is added quite a bit of stuff in here and it also it has also helpfully commented the things out so it says managed by third board so ok my bad let's end it hasn't added it sort what has added it for us that's encrypted gesture or authority but sort what is the client so it's listening on port 443 SSL and then it's telling nginx that hey listen here's where the keys are you want to use these keys to encrypt the connection which is good and we don't have to do thing to change this and I love that about it a hit a hit editing configuration files so this is really good and it has added a few extra stuff here and there like yeah someone even who brought up convert and 404 there's a nice 404 page for us now and if someone tries to when I do when we block at code 80 it will just return 3 0 1 and then HTTP to this one which is just a treat addict that is nothing fancy about it it would redirect all the HTTP connection to this one and then yeah the encryption everything will just follow let's just skip this and go to our browser and reload the pages and see if anything has changed well it says the connection is secure what about this website let's see if things are better or if we are beings of the same site are two different domain names or if they are indeed two different web sites let's create our account [Music] your password Oh for crying out loud he'll do that later let's edit this website update I can just sign out and you can see that the two websites are different because this one sells this is the second website and this one is just the vanilla welcome to ghost lorem ipsum stuff so there you go multiple websites using nginx let's encrypt and talk
Info
Channel: Ranvir
Views: 35,585
Rating: undefined out of 5
Keywords: reverse proxy, nginx, letsencrypt, multiple websites, docker, certbot
Id: bXcBLcVz8UQ
Channel Id: undefined
Length: 25min 42sec (1542 seconds)
Published: Tue Dec 25 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.