• 7
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I have two services, both neatly dockerized, each with their own docker-compose.yml.

Each services has its own domain name.

Both services uses HTTPS and have Lets Encrypt certificates.

Both services are completely self contained and listen on 80 and 443.

.--[http]-[https]--.    .--[http]-[https]--.
|                  |    |                  |
|    Service A     |    |    Service B     |
|                  |    |                  |
'------------------'    '------------------'

How do I set up a reverse proxy so that I can launch both services on the same host?

.--------------[http]-[https]--------------.
|                                          |
|              REVERSE PROXY               |
|                                          |
'---+--------+---------------+--------+----'
    |        |               |        |
   http     https           http     https
   req.     req.            req.     req.
   domainA  domainA         domainB  domainB
     |        |              |        |
     V        V              V        V
.--[http]-[https]--.    .--[http]-[https]--.
|                  |    |                  |
|    Service A     |    |    Service B     |
|                  |    |                  |
'------------------'    '------------------'

I would like to keep the services self contained. I.e. I would like to avoid extracting the certificates from the service containers.

From my experiments, it seems like nginx can't forward HTTPS requests without the certs, although it seems like it should be possible to achieve this. Perhaps with some other reverse proxy software?

I have control over both services docker-compose.yml. I can change ports and so on if needed.

Ideally I would like to find a simple daemon that accepts a config that looks something like

[service a]
domain: domainA.tld
localPort: 8080

[service b]
domain: domainB.tld
localPort: 8081

I've searched like crazy but haven't found any such tool.

      • 2
    • HAProxy can do this trick where it extracts the SNI and uses that information to forward HTTPS to a certain host as a TCP Proxy. nginx does not support this feature.
      • 1
    • you aren't getting it, SNI is an application layer abstraction, you are implementing network layer abstraction (tcp ports), you cannot do SNI between two separate systems. You MUST share nginx/ssl termination if you want to share IP addresses, data will be decrypted and optionally re-encrypted (if you use backend ssl) on the nginx container.

You could use the jwilder/nginx-proxy, which offers automate reverse-proxy functionality and it comes with an easy docker-compose integration (you only need to specify a couple of environment variables: the ports where the service is running and the domain where the service will be available).

You can also automate the Let's Encrypt certificate generation with jrcs/letsencrypt-nginx-proxy-companion.

  • 0
Reply Report
      • 2
    • Yeah, I stumbled across that. However, as I wrote in my question "I would like to keep the services self contained. I.e. I would like to avoid extracting the certificates from the service containers."

Trending Tags