Configure SSL with Nginx
Happy devOps
Nginx reverse proxy
Nginx can be use as a reverse proxy with SSL or without SSL. On my previous post I have discussed about configuring nginx as a reverse proxy without SSL. In this post I’m gonna discuss about configuring nginx as a reverse proxy with SSL. All the source codes which related to this post available on gitlab. Please clone the repo and continue the post.
Scenario
I have two domains that needs to be serve with SSL through nginx. Architecture of the system show in following diagram. Requests come to https://lekana.com:443
redirects to http://lekana-api:7654
and requests come to https://siddhi.com:443
redirects to https://siddhi-api:7655
via nginx. siddhi-api
and lekana-api
are simple REST APIs which built with golang
.
Generate certificates
First I have generated SSL keys/certificates to lekana and siddhi services. I have used self signed certificates with own certificate authority in here. Following is the way to generate SSL certificates.
Nginx config
Then I have created nginx config files to serve lekana
and siddhi
domains. This config file defines the serving port, domain names, SSL certificate locations, and redirecting hosts.
Dockerize nginx
Then I have dockerized the nginx. Following is the nginx Dockerfile
. It adds config files, server keys and certificate into the docker image.
Run services
I have three services nginx
, lekana-api
and siddhi-api
. Following is the docker-compose.yaml
file that I have used to run these services. I have used linked containers to communicate between nginx and API services.
Following is the way to start and run these services via docker-compose
. If want you can start all the services at once by docker-compose up -d
command.
Test services
To test the services in local environment I had to define lekana.com
and siddhi.com
domains on /etc/hosts
file with my local machine ip. Then the requests comes to those domains redirects to my local machine(in production environment I setup the domains with DNS server). Following are the entries I have added to /etc/hosts
file.
I have tested the lekana-api and siddhi-api via curl
. Since I have used self signed SSL certificates, I had to disable the security check on curl when doing the requests. Following is the way I have consumed the APIs.
Reference
- https://medium.com/rahasak/tls-mutual-authentication-with-golang-and-nginx-937f0da22a0e
- https://medium.com/rahasak/nginx-as-reverse-proxy-with-docker-c9ead938fffd
- https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-nginx-on-ubuntu-12-04
- https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
- https://www.freecodecamp.org/news/docker-compose-nginx-and-letsencrypt-setting-up-website-to-do-all-the-things-for-that-https-7cb0bf774b7e/
- https://www.digitalocean.com/community/questions/nginx-ssl-multiple-domains