Thanks for watching! I've been criticized for not talking about security or performance or other things, but I figure smart people just want to get it working, and once it's working, they can figure out the details. Keeps these videos short and to the point. Having said that, make sure you harden your proxies before deployment!
CONGRATULATIONS, VERY GOOD VIDEO. I have a question how I could do it with docker compose by creating a letsencrypt container to make the https certificates and view them through no-ip. Could you please advise me?
Oh boy, you're are playing this docker compose game on expert level! I'm not sure if I can answer that with certainty, as I always get blocked with SSL connections and I haven't used letsencrypt. Maybe ask on stackoverflow and tag me? I'd love to see what the experts have to say!
Nice one. Just curious ? Is this cp from host to container permanent or ephemeral ? will the copied file still be there if the containers is restarted ?
If the container is stopped and started the file remains there. However, if the container is stopped and deleted, and a new instance of the image is run, the new instance/container will not have the file. If you want to make the change permanent you can take a snapshot of the Docker image with the docker commit command. All containers run off that new image will have the file in it. Lots of options!
You'd have to invent your own new operating system to do that, which might be a lot of effort. Even in 2024, computers really only allow one process per port. You can't have two containers fighting it out for port 80. You could put all your apps in one container in different subfolders and run it all on port 80. Or, you could run one on port 80, another on port 81, and have a reverse proxy in front spray requests to them. Similarly, Kubernetes can create a 'service' that routes requests through one port to other ports behind the scenes. Point is, your problem isn't a new one. It's one that's dogged admins since the dawn of time. But there are strategies out there. Does that make sense?
can i use a docker service name instead of an ip address? i was supposed to do a reverse proxy to connect my front-end(React) to my back-end(node.js/express), both running in docker via docker compose, since i can't use the service name on the front-end fetch calls cause the request is send by the browser, so docker cannot parse the service name to an ip address in this situation, how could i fix this?
@@ricko13 if you install and set it up correctly it does not do that. As you can see.... this WAS supposed to be a tutorial and one would expect it to be properly installed
thanks. But i have question, is this app is running on another container or in our system.? What if this app run on another container just like tomcat etc?
What if, the application is running at :8080/. What I want is configure the nginx reverse-proxy such that if I request localhost/example; it redirects to the application running on port 8080. I have tried location /example and proxy_pass :8080/; But it is not working. Any help?
You've probably already figured this out, but ill comment for anyone else who has trouble Modify the docker run command to bind the container port 8080 to the desired host machines port. In this case I'm using port 80 "sudo docker run -d --name nginx-base -p 80:8080 nginx:latest" This is what my location block looks like for reference location / { proxy_pass {ipaddress}:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }
People who come to a 10 minute video on configuring nginx as a reverse proxy are looking to get things set up quickly. Nobody in their right mind would think that a 10 minute video would address every production level vulnerability and enterprise wide penetration issue. People who come to a video like this just want to get things up and running to see how it works. People are smart enough to put the proper measures in place once they figure out how things work. If people aren't that smart, they won't be in a position where they'll be configuring nginx as a reverse proxy in a production environment. For the most part, my viewers are pretty smart.
Exactly, it helped me understand this concept of NGINX, but obviously there's more if you want to setup something secure, you did a great job explaining the basics of this man, thanks.@@cameronmcnz
Simple, concise and straight to the point. Thank you sir, a great video!
Thanks for watching! I've been criticized for not talking about security or performance or other things, but I figure smart people just want to get it working, and once it's working, they can figure out the details. Keeps these videos short and to the point.
Having said that, make sure you harden your proxies before deployment!
me salvou demais, por causa do seu vídeo mudei o default e conseguir obter o objetivo necessário, PARABENS
Omg. I was missing a slash after the :port/
Most times we miss a semicolon but I suppose with nginx, slashes can be culprits as well.
Thank you
This is what we must suffer through as developers. Countless hours lost from a semi-colon or a backslash. Glad you figured it out!
@@cameronmcnz and the worst in that nginx -t says All is well. SMH 🤦♂️
great video and good explanation, thank you!
thanks a lot, i have had some cors errors with my app and now their are gone! thanks a lot
Super glad I could help!
CONGRATULATIONS, VERY GOOD VIDEO. I have a question how I could do it with docker compose by creating a letsencrypt container to make the https certificates and view them through no-ip. Could you please advise me?
Oh boy, you're are playing this docker compose game on expert level! I'm not sure if I can answer that with certainty, as I always get blocked with SSL connections and I haven't used letsencrypt. Maybe ask on stackoverflow and tag me? I'd love to see what the experts have to say!
When I mispeel in the CLI, the ctrl+t swaps the characters before and after where the cursor is.
That is a pro tip!
Liked to cee you do a wonkle xced variance next.
I'll put it on the list!
@@cameronmcnz trankz!
Nice one. Just curious ? Is this cp from host to container permanent or ephemeral ? will the copied file still be there if the containers is restarted ?
If the container is stopped and started the file remains there. However, if the container is stopped and deleted, and a new instance of the image is run, the new instance/container will not have the file. If you want to make the change permanent you can take a snapshot of the Docker image with the docker commit command. All containers run off that new image will have the file in it. Lots of options!
@@cameronmcnz really appreciate your feedback
thank you, very useful
How would i go about doing this for 2 containers that want to listen on port 80?
You'd have to invent your own new operating system to do that, which might be a lot of effort.
Even in 2024, computers really only allow one process per port. You can't have two containers fighting it out for port 80.
You could put all your apps in one container in different subfolders and run it all on port 80.
Or, you could run one on port 80, another on port 81, and have a reverse proxy in front spray requests to them.
Similarly, Kubernetes can create a 'service' that routes requests through one port to other ports behind the scenes.
Point is, your problem isn't a new one. It's one that's dogged admins since the dawn of time. But there are strategies out there.
Does that make sense?
I'm trying to accomplish something similar via proxy manager, considering you can't indicate sub-directories in the proxy settings.
Can I use this setup up with Nginx to force all client traffic to https if the backend application is not encrypted? Thx
Yes
can i use a docker service name instead of an ip address? i was supposed to do a reverse proxy to connect my front-end(React) to my back-end(node.js/express), both running in docker via docker compose, since i can't use the service name on the front-end fetch calls cause the request is send by the browser, so docker cannot parse the service name to an ip address in this situation, how could i fix this?
thank you so much!
Hmm, i was hoping this solved what I am trying to do, but i already get stuck that my system insists that there is no directory /etc/nginx/conf.d/
:-(
Thank you so much!
Thanks
curious. why are you running all the commands with sudo?
because as you can see it throws an error "got permission denied"
@@ricko13 if you install and set it up correctly it does not do that. As you can see.... this WAS supposed to be a tutorial and one would expect it to be properly installed
thanks. But i have question, is this app is running on another container or in our system.? What if this app run on another container just like tomcat etc?
It's running in a container.
you only configured it for a single path, its not a full reverse proxy xd
What if, the application is running at :8080/. What I want is configure the nginx reverse-proxy such that if I request localhost/example; it redirects to the application running on port 8080. I have tried location /example and proxy_pass :8080/; But it is not working. Any help?
You've probably already figured this out, but ill comment for anyone else who has trouble
Modify the docker run command to bind the container port 8080 to the desired host machines port. In this case I'm using port 80
"sudo docker run -d --name nginx-base -p 80:8080 nginx:latest"
This is what my location block looks like for reference
location / {
proxy_pass {ipaddress}:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
0:48 i can not display localhost message -> not working please help
Can you please provide code
I know any video requires a huge amount of work but this displays bad and insecure practice. For the safety of your server don't do it this way.
People who come to a 10 minute video on configuring nginx as a reverse proxy are looking to get things set up quickly. Nobody in their right mind would think that a 10 minute video would address every production level vulnerability and enterprise wide penetration issue. People who come to a video like this just want to get things up and running to see how it works. People are smart enough to put the proper measures in place once they figure out how things work. If people aren't that smart, they won't be in a position where they'll be configuring nginx as a reverse proxy in a production environment. For the most part, my viewers are pretty smart.
Exactly, it helped me understand this concept of NGINX, but obviously there's more if you want to setup something secure, you did a great job explaining the basics of this man, thanks.@@cameronmcnz
how do you rotate ssl certificates while on docker using certbot ?