Happy to help! I try not to go into exuviating detail in this videos. Just quick and to the point. I always figure if I can help get you started, you can take it the rest of the way and fill in any of the gaps on your own.
Thanks for watching! I've been criticized for not talking about security or performance or other things, but I figure smart people just want to get it working, and once it's working, they can figure out the details. Keeps these videos short and to the point. Having said that, make sure you harden your proxies before deployment!
CONGRATULATIONS, VERY GOOD VIDEO. I have a question how I could do it with docker compose by creating a letsencrypt container to make the https certificates and view them through no-ip. Could you please advise me?
Oh boy, you're are playing this docker compose game on expert level! I'm not sure if I can answer that with certainty, as I always get blocked with SSL connections and I haven't used letsencrypt. Maybe ask on stackoverflow and tag me? I'd love to see what the experts have to say!
There are a lot of tutorials out for that kind of thing, but I would suggest you to use Traefik as your reverse proxy. It will make things a lot easier if you are using docker-compose files also it will create your SSL certificates.
Why not use Docker Compose with a configured volume for each configuration item you want persistent access to on the host machine. Then any modifications you make to the file from the host is also applied withing the mounted volume in the container. Also useful to start NGINX along with all your applications that it should function as a reverse proxy for. Take it another step further and automate cert management with Acme Certbot to get publicly validated certificates that are automatically renewed.
All great ideas! I try to keep my videos short and to the point. I figure once smart people like you get the basics down, you'll fill in the blanks and do something more brilliant like you suggest. Thanks for watching!
Brilliant video, I do have a question if anyone can help me please? I have a flask app in a docker container and I also have an nginx container. I'm finding it impossible to connect the 2 together. I know my nginx.conf file needs something in there but I cannot figure it out. I'm an apprentice devops engineer and been tasked with deploying 2 docker containers using jenkins to an azure VM. I need to understand what needs to be included in the nginx.conf file please. Any help is appreciated.
Nice one. Just curious ? Is this cp from host to container permanent or ephemeral ? will the copied file still be there if the containers is restarted ?
If the container is stopped and started the file remains there. However, if the container is stopped and deleted, and a new instance of the image is run, the new instance/container will not have the file. If you want to make the change permanent you can take a snapshot of the Docker image with the docker commit command. All containers run off that new image will have the file in it. Lots of options!
You'd have to invent your own new operating system to do that, which might be a lot of effort. Even in 2024, computers really only allow one process per port. You can't have two containers fighting it out for port 80. You could put all your apps in one container in different subfolders and run it all on port 80. Or, you could run one on port 80, another on port 81, and have a reverse proxy in front spray requests to them. Similarly, Kubernetes can create a 'service' that routes requests through one port to other ports behind the scenes. Point is, your problem isn't a new one. It's one that's dogged admins since the dawn of time. But there are strategies out there. Does that make sense?
I try to do the whole thing without any cuts. That way people know I haven’t left anything out. Hopefully the edits are helpful and not too distracting. Thanks for watching!!!
@@ricko13 if you install and set it up correctly it does not do that. As you can see.... this WAS supposed to be a tutorial and one would expect it to be properly installed
thanks. But i have question, is this app is running on another container or in our system.? What if this app run on another container just like tomcat etc?
What if, the application is running at :8080/. What I want is configure the nginx reverse-proxy such that if I request localhost/example; it redirects to the application running on port 8080. I have tried location /example and proxy_pass :8080/; But it is not working. Any help?
You've probably already figured this out, but ill comment for anyone else who has trouble Modify the docker run command to bind the container port 8080 to the desired host machines port. In this case I'm using port 80 "sudo docker run -d --name nginx-base -p 80:8080 nginx:latest" This is what my location block looks like for reference location / { proxy_pass {ipaddress}:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }
can i use a docker service name instead of an ip address? i was supposed to do a reverse proxy to connect my front-end(React) to my back-end(node.js/express), both running in docker via docker compose, since i can't use the service name on the front-end fetch calls cause the request is send by the browser, so docker cannot parse the service name to an ip address in this situation, how could i fix this?
People who come to a 10 minute video on configuring nginx as a reverse proxy are looking to get things set up quickly. Nobody in their right mind would think that a 10 minute video would address every production level vulnerability and enterprise wide penetration issue. People who come to a video like this just want to get things up and running to see how it works. People are smart enough to put the proper measures in place once they figure out how things work. If people aren't that smart, they won't be in a position where they'll be configuring nginx as a reverse proxy in a production environment. For the most part, my viewers are pretty smart.
Exactly, it helped me understand this concept of NGINX, but obviously there's more if you want to setup something secure, you did a great job explaining the basics of this man, thanks.@@cameronmcnz
Thank you for this easy example. Now I understand how to make a reverse proxy finally.
Happy to help! I try not to go into exuviating detail in this videos. Just quick and to the point.
I always figure if I can help get you started, you can take it the rest of the way and fill in any of the gaps on your own.
Simple, concise and straight to the point. Thank you sir, a great video!
Thanks for watching! I've been criticized for not talking about security or performance or other things, but I figure smart people just want to get it working, and once it's working, they can figure out the details. Keeps these videos short and to the point.
Having said that, make sure you harden your proxies before deployment!
CONGRATULATIONS, VERY GOOD VIDEO. I have a question how I could do it with docker compose by creating a letsencrypt container to make the https certificates and view them through no-ip. Could you please advise me?
Oh boy, you're are playing this docker compose game on expert level! I'm not sure if I can answer that with certainty, as I always get blocked with SSL connections and I haven't used letsencrypt. Maybe ask on stackoverflow and tag me? I'd love to see what the experts have to say!
There are a lot of tutorials out for that kind of thing, but I would suggest you to use Traefik as your reverse proxy. It will make things a lot easier if you are using docker-compose files also it will create your SSL certificates.
me salvou demais, por causa do seu vídeo mudei o default e conseguir obter o objetivo necessário, PARABENS
Omg. I was missing a slash after the :port/
Most times we miss a semicolon but I suppose with nginx, slashes can be culprits as well.
Thank you
This is what we must suffer through as developers. Countless hours lost from a semi-colon or a backslash. Glad you figured it out!
@@cameronmcnz and the worst in that nginx -t says All is well. SMH 🤦♂️
Why not use Docker Compose with a configured volume for each configuration item you want persistent access to on the host machine. Then any modifications you make to the file from the host is also applied withing the mounted volume in the container. Also useful to start NGINX along with all your applications that it should function as a reverse proxy for. Take it another step further and automate cert management with Acme Certbot to get publicly validated certificates that are automatically renewed.
All great ideas! I try to keep my videos short and to the point. I figure once smart people like you get the basics down, you'll fill in the blanks and do something more brilliant like you suggest. Thanks for watching!
Brilliant video, I do have a question if anyone can help me please? I have a flask app in a docker container and I also have an nginx container. I'm finding it impossible to connect the 2 together. I know my nginx.conf file needs something in there but I cannot figure it out. I'm an apprentice devops engineer and been tasked with deploying 2 docker containers using jenkins to an azure VM. I need to understand what needs to be included in the nginx.conf file please. Any help is appreciated.
0:48 i can not display localhost message -> not working please help
Nice one. Just curious ? Is this cp from host to container permanent or ephemeral ? will the copied file still be there if the containers is restarted ?
If the container is stopped and started the file remains there. However, if the container is stopped and deleted, and a new instance of the image is run, the new instance/container will not have the file. If you want to make the change permanent you can take a snapshot of the Docker image with the docker commit command. All containers run off that new image will have the file in it. Lots of options!
@@cameronmcnz really appreciate your feedback
When I mispeel in the CLI, the ctrl+t swaps the characters before and after where the cursor is.
That is a pro tip!
How to get that IP address that starts with 192.168?
I believe that's the address my router gave me.
you can setup a static DHCP
Can I use this setup up with Nginx to force all client traffic to https if the backend application is not encrypted? Thx
Yes
How would i go about doing this for 2 containers that want to listen on port 80?
You'd have to invent your own new operating system to do that, which might be a lot of effort.
Even in 2024, computers really only allow one process per port. You can't have two containers fighting it out for port 80.
You could put all your apps in one container in different subfolders and run it all on port 80.
Or, you could run one on port 80, another on port 81, and have a reverse proxy in front spray requests to them.
Similarly, Kubernetes can create a 'service' that routes requests through one port to other ports behind the scenes.
Point is, your problem isn't a new one. It's one that's dogged admins since the dawn of time. But there are strategies out there.
Does that make sense?
great video and good explanation, thank you!
nice editing!
I try to do the whole thing without any cuts. That way people know I haven’t left anything out. Hopefully the edits are helpful and not too distracting.
Thanks for watching!!!
curious. why are you running all the commands with sudo?
because as you can see it throws an error "got permission denied"
@@ricko13 if you install and set it up correctly it does not do that. As you can see.... this WAS supposed to be a tutorial and one would expect it to be properly installed
how do you rotate ssl certificates while on docker using certbot ?
I'm trying to accomplish something similar via proxy manager, considering you can't indicate sub-directories in the proxy settings.
Hmm, i was hoping this solved what I am trying to do, but i already get stuck that my system insists that there is no directory /etc/nginx/conf.d/
:-(
thanks a lot, i have had some cors errors with my app and now their are gone! thanks a lot
Super glad I could help!
thanks. But i have question, is this app is running on another container or in our system.? What if this app run on another container just like tomcat etc?
It's running in a container.
Liked to cee you do a wonkle xced variance next.
I'll put it on the list!
@@cameronmcnz trankz!
What if, the application is running at :8080/. What I want is configure the nginx reverse-proxy such that if I request localhost/example; it redirects to the application running on port 8080. I have tried location /example and proxy_pass :8080/; But it is not working. Any help?
You've probably already figured this out, but ill comment for anyone else who has trouble
Modify the docker run command to bind the container port 8080 to the desired host machines port. In this case I'm using port 80
"sudo docker run -d --name nginx-base -p 80:8080 nginx:latest"
This is what my location block looks like for reference
location / {
proxy_pass {ipaddress}:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
thank you, very useful
can i use a docker service name instead of an ip address? i was supposed to do a reverse proxy to connect my front-end(React) to my back-end(node.js/express), both running in docker via docker compose, since i can't use the service name on the front-end fetch calls cause the request is send by the browser, so docker cannot parse the service name to an ip address in this situation, how could i fix this?
you only configured it for a single path, its not a full reverse proxy xd
thank you so much!
Thank you so much!
Thanks
Can you please provide code
I know any video requires a huge amount of work but this displays bad and insecure practice. For the safety of your server don't do it this way.
People who come to a 10 minute video on configuring nginx as a reverse proxy are looking to get things set up quickly. Nobody in their right mind would think that a 10 minute video would address every production level vulnerability and enterprise wide penetration issue. People who come to a video like this just want to get things up and running to see how it works. People are smart enough to put the proper measures in place once they figure out how things work. If people aren't that smart, they won't be in a position where they'll be configuring nginx as a reverse proxy in a production environment. For the most part, my viewers are pretty smart.
Exactly, it helped me understand this concept of NGINX, but obviously there's more if you want to setup something secure, you did a great job explaining the basics of this man, thanks.@@cameronmcnz