Continuing from our last post about self-hosting your own cloud environment
lets start by setting up our reverse proxy server. You might be asking why we
need something called a reverse proxy.

A reverse proxy server in our case usage, will allow us to accept HTTP data on
port 80 and HTTPS data on port 443 and direct it to the correct
application/server running on our docker server. Because you cannot have a
duplicate port running on an IP address we need a reverse proxy server. Think
of this reverse proxy server as somebody directing traffic based on the type
of vehicle and contents of said vehicle.

The software we are going to use to accomplish this is called Nginx.
The docker container we will pull is named Nginx Proxy Manager. This is a
great setup that will give us a nice web interface to manage our reverse
proxy.

Lets begin!

:: Nginx Reverse Proxy Manager

Start by logging into your Portainer install by visiting the public address of
your VPS on port 9000.

http://ipaddress:9000/

Click "Containers" on the left and then "Add container" at the top row of
buttons.

In the "Name" box I will give it the name of "nginxproxymanager" and then for
"Image" I will be using "jc21/nginx-proxy-manager:latest".

Under "Network ports configuration" we will click the "publish new network
port" three times so we get three rows to add mappings for. Make it look like
the following:

Host: 80   -> Container: 80
Host: 6080 -> Container: 81
Host: 443  -> Container: 443

Moving down the page, click on the button labeled "Restart policy" under
"Advanced container settings" then choose "Always" for your restart policy.

Now lets move to "Volumes" under "Advanced container settings". We are going
to use two volume bind mappings here. Click on "map additional volume" twice.
Choose "Bind" on the right side for both.

Make your volumes look something like the following:

Container: /data -> Host: /media/nginxproxymanager/data
Container: /etc/letsencrypt -> /media/nginxproxymanager/letsencrypt

What you are doing here is mapping a file system path inside the docker
container your going to deploy, to the host operating system. We now need to
create these folders on the host system. Note that you can choose a different
path on the host, just replace your paths with the above example and the below
commands.

SSH into your VPS and execute the following commands:

:~$ sudo -i
:~# mkdir -p /media/nginxproxymanager/data
:~# mkdir -p /media/nginxproxymanager/letsencrypt

With the directories created, lets deploy the new container. In your web
browser on the Portainer page click on "Deploy the container". Give this some
time, you should be presented with the list of containers on your docker host
and should see one named "nginxproxymanager" with some published ports as
such.

443:443 443:443 80:80 80:80 6080:81 6080:81

:: Firewall Configuration

If you enabled the firewall during in the last article, we need to allow two
ports open to the public and then lock one down to your administrative IP
address.

Switch back to your SSH session on the VPS and run the following commands to
modify your firewall:

:~# ufw allow 80
:~# ufw allow 443

If you do not have a specific administrative IP address to securely access
your resources, you can allow the last port open to the world, but you will
need to take care of securing this service using some other methods and a
strong password when configuring Nginx Proxy Manager.

:~# ufw allow 6080

If you do have an administrative IP address you can use this command instead,
just replace the IP address with yours:

:~# ufw allow from 203.201.202.108 proto tcp to any port 6080

Now that we are allowing traffic into our docker server on ports 80, 443, and
6080 docker will handle the traffic and pass it into the container listening
on those ports which are for our Nginx Proxy Manager.

Go ahead and open the Nginx Proxy Manager administrative portal in your web
browser visit the following page in your browser:

http://ipaddress:6080/

The default credentials are as below:

Email:    admin@example.com
Password: changeme

Once you get into the portal, change your username and password to something
much more secure especially if you are not locking down the administrative
interface (port 6080) using the firewall.

You now have a working reverse proxy server setup on your docker server. We
will use this interface as well as continuing to use Portainer to direct web
traffic and manage docker.

Our next step, and first application will be installing our self-hosted search
engine.
<!DOCTYPE html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="canonical" href="gemini://bbs.archaicbinary.net/blog/self-hosting/2022.04.20-Self-Hosted Cloud Environment (Reverse Proxy).txt" /><title>gemini://bbs.archaicbinary.net/blog/self-hosting/2022.04.20-Self-Hosted Cloud Environment (Reverse Proxy).txt</title><style>.c{max-width:80em;margin-left:auto;margin-right:auto;}.l{margin:0;color:lightgray;}.m{margin-top:0;margin-bottom:0;}.b{display:list-item;list-style-type:disc;list-style-position:inside;}</style></head><body><p class="l">-- Leo's gemini proxy</p><p class="l">-- Connecting to bbs.archaicbinary.net:1965...</p><p class="l">-- Connected</p><p class="l">-- Sending request</p><p class="l">-- Meta line: 20 text/plain;lang=en-US</p><p class="l">-- Response ended</p><p class="l">-- Page fetched on Mon May 20 14:20:25 2024</p></body></html>