最新的帖子

使用portainer将nginx docker安装为反向代理,并使用Certbot将Letsencrypt证书部署到Nginx

实际上,这篇文章是继续我以前的帖子: 使用Portainer安装Ubuntu Desktop Docker并从浏览器访问它(VNC / Novnc).

在该帖子中,我使用Portainer部署了Ubuntu Desktop Docker并通过Web浏览器访问它。它只适用于端口6080,不支持HTTPS。在这篇文章中,我将Ubuntu Desktop Docker前面的Nginx Docker作为反向代理。我也部署了CERTBOT来发布让'S加密Ubuntu Desktop Docker的证书'S域名。通过这种方式,我可以在端口443上使用自己的子域名而不是6080来访问我的Ubuntu桌面Docker。很简单,更专业的方式。 


使用portainer安装nginx docker

确保您的域名novnc.51sec.org指向您的VPS's public ip.

在Portainer中创建一个新的容器:

我们现在拥有三个包含Portainer:Nginx,Novnc和Portainer的集装箱。



使用nginx作为反向代理服务器 

在此实验中,Nginx将被配置为反向代理,可将Novnc.51sec.org的所有流量重定向到Port 80或443到Proxied Docker,Novnc。 

apt update && apt install nano



nano /etc/nginx/conf.d/novnc.conf.conf.



nano /etc/nginx/conf.d/novnc.conf.conf.
server {
    listen       80;
    server_name  novnc.51sec.org;

location / {
    proxy_pass       http://172.31.23.170:6080;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }
}
服务nginx重启

Once nginx service restarted, the configuration will take effect. We will able to access Ubuntu desktop using sub domain name on port 80 ,  http://novnc.fabiandinkins.com


安装certbot.

CERTBOT. 是一个免费的开源软件工具,用于自动使用ver在手动管理的网站上加密证书以启用HTTPS。

与certbot.'S HELP,我们可以轻松转换HTTP站点使用非营利性证书颁发机构来保护HTTPS站点提供SSL / TLS证书。 

不幸的是,安装指令 CERTBOT. 不适用于我的nginx docker。但是我可以运行以下两个命令来安装certbot。 

  • apt安装certbot.
  • Apt安装python-certbot-nginx

CERTBOT为您的域名发出证书

最后一步是运行Certbot以为我们的Nginx网站应用SSL / TLS证书。它将在我们的nginx配置上自动配置必要的配置。 

以下是应用证书的命令并在配置文件上进行更改:
  • CERTBOT - 尼诺克斯

novnc.conf配置文件已更改为:

[email protected]:/# cat /etc/nginx/conf.d/novnc.conf 
server {
    server_name  novnc.51sec.org;

location / {
    proxy_pass       http://172.31.23.170:6080;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/novnc.51sec.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/novnc.51sec.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = novnc.51sec.org) {
        return 301 //$host$request_uri;
    } # managed by Certbot


    listen       80;
    server_name  novnc.51sec.org;
    return 404; # managed by Certbot


[email protected]:/# 


After restart nginx service, //novnc.fabiandinkins.com is up and it is using a valid certificate to encrypt the traffic between the client and server. 

YouTube:





1条评论: