Open in app

Sign in

Write

Sign in

Configure SSL with Nginx

Happy devOps

(λx.x)eranga
Effectz.AI
3 min readSep 2, 2019

--

Nginx reverse proxy

Nginx can be use as a reverse proxy with SSL or without SSL. On my previous post I have discussed about configuring nginx as a reverse proxy without SSL. In this post I’m gonna discuss about configuring nginx as a reverse proxy with SSL. All the source codes which related to this post available on gitlab. Please clone the repo and continue the post.

Scenario

I have two domains that needs to be serve with SSL through nginx. Architecture of the system show in following diagram. Requests come to https://lekana.com:443 redirects to http://lekana-api:7654 and requests come to https://siddhi.com:443 redirects to https://siddhi-api:7655 via nginx. siddhi-api and lekana-api are simple REST APIs which built with golang.

Generate certificates

First I have generated SSL keys/certificates to lekana and siddhi services. I have used self signed certificates with own certificate authority in here. Following is the way to generate SSL certificates.

Nginx config

Then I have created nginx config files to serve lekana and siddhi domains. This config file defines the serving port, domain names, SSL certificate locations, and redirecting hosts.

Dockerize nginx

Then I have dockerized the nginx. Following is the nginx Dockerfile. It adds config files, server keys and certificate into the docker image.

Run services

I have three services nginx, lekana-api and siddhi-api. Following is the docker-compose.yaml file that I have used to run these services. I have used linked containers to communicate between nginx and API services.

Following is the way to start and run these services via docker-compose. If want you can start all the services at once by docker-compose up -d command.

Test services

To test the services in local environment I had to define lekana.com and siddhi.com domains on /etc/hosts file with my local machine ip. Then the requests comes to those domains redirects to my local machine(in production environment I setup the domains with DNS server). Following are the entries I have added to /etc/hosts file.

I have tested the lekana-api and siddhi-api via curl. Since I have used self signed SSL certificates, I had to disable the security check on curl when doing the requests. Following is the way I have consumed the APIs.

Reference

  1. https://medium.com/rahasak/tls-mutual-authentication-with-golang-and-nginx-937f0da22a0e
  2. https://medium.com/rahasak/nginx-as-reverse-proxy-with-docker-c9ead938fffd
  3. https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-nginx-on-ubuntu-12-04
  4. https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
  5. https://www.freecodecamp.org/news/docker-compose-nginx-and-letsencrypt-setting-up-website-to-do-all-the-things-for-that-https-7cb0bf774b7e/
  6. https://www.digitalocean.com/community/questions/nginx-ssl-multiple-domains
Nginx
DevOps
Docker
Golang
Ssl

--

--

(λx.x)eranga
Effectz.AI

Written by (λx.x)eranga

2.6K Followers

Ego = 1/Knowledge

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams