The goal of this repository is to make it easy to set up a reverse proxy and SSL certificate for a website running locally or on a VPS. When running locally, the SSL certificate is self-signed. When running on a VPS, the SSL certificate is provided by LetsEncrypt.
Heavily inspired by this article. If you're looking for someone to thank, it is them!
| Dependency | Purpose | Version |
|---|---|---|
| Nginx | Reverse proxy server | latest |
| Docker | Container handler | latest |
- If not running locally, must have a website name and access to its DNS settings
- If not running locally, must have access to a Virtual Private Server (VPS). Here are some good sites:
- DigitalOcean (Referral link)
- Vultr
- Linode
- Must have Dockerfiles or docker-compose files to start your website's services. Each service that interfaces with Nginx (i.e. is connected to with a port) can be configured using the following environment variables:
- VIRTUAL_HOST - the website's name(s), separated by a comma with no spaces (e.g.
examplesite.com,www.examplesite.com) - VIRTUAL_PORT - the container's port
- LETSENCRYPT_HOST - website name used by LetsEncrypt. Most likely the same as VIRTUAL_HOST
- LETSENCRYPT_EMAIL - the email address to be associated with the LetsEncrypt process
- VIRTUAL_HOST - the website's name(s), separated by a comma with no spaces (e.g.
- Clone repository:
git clone https://github.com/MattHalloran/NginxSSLReverseProxy && cd NginxSSLReverseProxy - Run setup script:
chmod +x ./scripts/fullSetup.sh && ./scripts/fullSetup.sh - Start docker:
a.sudo docker-compose -f docker-compose.local.yml up -d
- Set up VPS (example).
- Edit DNS settings to point to the VPS. Here is an example:
Host Name Type TTL Data examplesite.comA 1 hour your.vps.ip.addresswww.examplesite.comA 1 hour your.vps.ip.address - Connect to your VPS. I use an Ubuntu server with Docker pre-installed, but the script in this repo can also set up Docker:
ssh -6 [email protected] - Clone repository:
git clone https://github.com/MattHalloran/NginxSSLReverseProxy && cd NginxSSLReverseProxy - Run setup script:
chmod +x ./scripts/fullSetup.sh && ./scripts/fullSetup.sh - Start docker:
a.sudo docker-compose -f docker-compose.remote.yml up -d
- Find docker container IDS:
docker ps -a - Check nginx configuration file (auto-generated):
docker exec <nginx-proxy-containier_id> cat /etc/nginx/conf.d/default.conf
Custom proxy configurations can be put in the nginx/conf.d/local.conf or nginx/conf.d/remote.conf file, depending on if this will be running locally or remotely.
By default, the local version contains the standard configuration for self-signed SSL setup. Both versions also contain client_max_body_size 100m;. This raises the maximum payload size for uploading files. This is useful if you'd like users to have the ability to upload multiple images in one request, for example.
If you are not using custom configurations, you can remove the docker-compose line - ./my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro.