Nginx as a Reverse Proxy

Custom Nginx Docker Image

FROM nginx:1.17.9-alpineVOLUME [ "/etc/nginx/conf.d" ]
VOLUME [ "/data/www" ]
>> docker build . -t inginxSending build context to Docker daemon  2.048kB
Step 1/3 : FROM nginx:1.17.9-alpine
---> 377c0837328f
Step 2/3 : VOLUME [ "/etc/nginx/conf.d" ]
---> Using cache
---> b1fca48d47f8
Step 3/3 : VOLUME [ "/data/www" ]
---> Using cache
---> 26e85fbde6b0
Successfully built 26e85fbde6b0
Successfully tagged inginx:latest
server {
listen 80;
location /static {
root /data/www/;
autoindex on;
}
}
docker run -p 80:80 \
-v $PWD/nginx.conf/:/etc/nginx.conf \
-v $PWD/data:/data/www \
--name inginx inginx:latest

Nginx Reverse Proxy Configuration

DNS Resolution for Services

  • resolver: The server that provides DNS resolution
  • upstream: Defines one or a group of servers to which the traffic will be forwarded. Each server can be defined as an IP address or with a domain name.
http {
resolver 192.168.2.201 valid=10s;
upstream grafana {
server grafana.service.consul:9090;
}
}

Forward Incoming Requests

  • server: Defines a request handler
  • server_name: This directive defines for which domain name the request handler is responsible, you can use multiple servers or wildcards in the domain name
  • listen: The ports on which Nginx listens
  • location: Each location block defines what to do when the URL matches a specific route
  • proxy_pass: The server to which the incoming requests will be forwarded to
server {
server_name grafana.infra;
listen 80;
location / {
proxy_pass http://grafana;
}
}
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
  • proxy_redirect - Do not bounce traffic back to the receiving end
  • Host - Keep the same host name from the original request
  • X-Real-IP: Keep the original requests IP address
  • X-Forwarded-For: A list of IP addresses telling the service how this request was routed
  • X-Forwarded-Proto: Keep the requests scheme

Final Configuration File

http {
resolver 127.0.0.1 valid=10s;
upstream grafana {
server grafana.service.consul:9090;
}
}
server {
server_name grafana.infra;
listen 80;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
proxy_pass http://grafana;
}
}

Running the Nginx Reverse Proxy

docker run --network host \
-v $PWD/nginx.conf/:/etc/nginx.conf \
-v $PWD/gateway.conf/:/etc/gateway.conf
--name inginx inginx:latest

Conclusion

Footnotes

  1. And another reason is that Traefik was not verbose in access and error logs, I was trying to get it working but the system did not help me. Also, the official Traefik documentation seems to be written for very experienced admins, it lacks context and troubleshooting information.
  2. In case you did not follow the complete series: Consul is a service registry and discovery software that provides a DNS interface to find the dynamic IP and port of other services. I use this to register services, such as Prometheus, which are running as Docker containers.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store