Nginx in a Docker Container (Quick and Dirty)

Why should you consider running Nginx in a docker container? Containerizing Nginx reduced sysadmin overheard, plain and simple. As most of us know containerizing services, apps and, programs is simply easier. Running Nginx, along with others, means that we no longer have to build it from source or that we have to maintain it through a package manager. Simply put, its a lot more efficient and easier to maintain.

Go ahead and run the command below. Make sure your system has docker and compose installed on it before you proceed.

docker run --name mynginx1 -p 80:80 -d nginx

Using compose, you can easily stand up a docker container without having to use the “\” at the end of each line or just type out the whole specifications for the container. Instead its neatly organized in a yml or yaml file. I recommend creating a simple file called docker-compose.yml. Save the file and exit the text editor once you have added proper commands.

nginx: 
    image: nginx:latest
    containe_name: nginx
    ports:
      - 80:80
      - 443:443
    volumes:
      - /srv/nginx:/etc/nginx

To run the docker container:

docker-compose up -d

- OR - 

docker-compose -f /path/to/docker-compose.yml up -d

Finally, were going to add the nginx.conf. Up above you may have noticed that we added a “volumes” command in the yml file. /srv/nginx is where we’re going to store our nginx.conf file so we can make changes without having to jump into the docker container. Without going in to too much detail “Volumes are the preferred mechanism for persisting data generated by and used by Docker containers.” Inside of this volume, the nginx config file can be edited and then read by the nginx container. Again, the /etc/nginx is the container stores and sees the nginx.conf file.

Below is a quick and easy nginx config that should work for most use cases. For more complex cases, I recommend checking out the Admin Guide on their website.

events {

}
http {
  server {
        listen 80 default_server;
        server_name <servername>;
        return 301 https://$host$request_uri;
}
  server {
        listen 443 ssl;
        server_name                <servername>;

        
        #ssl on;
        #ssl_session_cache  builtin:1000 shared:SSL:10m;
        ssl_certificate                  /etc/nginx/ssl/server.domain.com.crt;
        ssl_certificate_key              /etc/nginx/ssl/server.domain.com.key;
        ssl_protocols                    TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_session_cache                shared:SSL::1m;
        ssl_prefer_server_ciphers        on;

        location / {
                proxy_pass       http://<servername>:port;
    }
 }
}

Depending on your distro, you may need to allow traffic through the host’s firewall. Firewalld on RHEL and CentOS, specifically CentOS 7.7, may not always play nice with each other. Either way, use the following commands open up the ports or services.

- UBU -
sudo ufw allow 80 
sudo ufw allow 443

- Cent/RHEL - 
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
- UBU -
sudo ufw allow http
sudo ufw allow https

- Cent/RHEL - 
sudo firewall-cmd --permanent --add-port=http
sudo firewall-cmd --permanent --add-port=https

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s