NGINX Reverse Proxy

This is an Alpine-based container hosting NGINX to act as a reverse proxy allowing access to other containerized web applications and centralizing SSL configuration. You can also serve simple HTML websites with it, of course. It includes certbot/letsencrypt to handle SSL certificates and renewal.

Supported Tags

• nginx-ssl:1.29.4: NGINX Mainline 1.29.4
• nginx-ssl:1.28.1: NGINX Stable 1.28.1

Software

• Alpine Linux
• Skarnet S6
• s6-overlay
• NGINX
• Certbot

Configuration

These are the configuration and data files you will likely need to be aware of and potentially customize.

• /mnt/config/etc/mime.types
• /mnt/config/etc/nginx.conf
• /mnt/config/etc/nginx.d/*

Modifications to some of these may require a service restart to pull in the changes made.

You can place simple html/css files in the following location to serve them with the default settings:

• /mnt/config/www/default/*

Container Variables

• TZ: Time Zone (i.e. America/New_York)
• PUID: Mounted File Owner User ID
• PGID: Mounted File Owner Group ID
• ADMINIP: Administrator IP
• TRUSTSN: Trusted Subnet (i.e. 192.168.0.0/16)
• DNSADDR: DNS Servers (i.e. 8.8.8.8 8.8.4.4)
• SSLEMAIL: LetsEncrypt Email
• SSLDOMAINS: LetsEncrypt Domains
• B_MODULI: dhparam.pem Key Sizes
• B_RSA: RSA SSL Key Size
• B_ECDSA: Use ECDSA SSL Keys (0 for RSA)

Testing

docker-compose

services:
  nginx-ssl:
    image: nephatrine/nginx-ssl:latest
    container_name: nginx-ssl
    environment:
      TZ: America/New_York
      PUID: 1000
      PGID: 1000
    ports:
      - "80:80/tcp"
      - "443:443/tcp"
      - "443:443/udp"
    volumes:
      - /mnt/containers/nginx-ssl:/mnt/config

docker run

docker run --rm -ti code.nephatrine.net/nephnet/nginx-ssl:latest /bin/bash