Public | Automated Build

Last pushed: 2 days ago
Short Description
A docker nginx reverse proxy with ssl termination to run rancher server over https.
Full Description

Nginx reverse proxy with ssl termination for rancher server

maintained by codedevote

Overview

This Dockerfile gives you a secured nginx reverse proxy that terminates ssl and proxy passes to a rancher server.
This image is based on marvambass/docker-nginx-ssl-secure and adds a nginx configuration file for rancher server (rancher/rancher).

View in Docker Hub codedevote/nginx-ssl-proxy-rancher

View in GitHub codedevote/docker-nginx-ssl-proxy-rancher

Environment variables and defaults

Inherited from base image

  • DH_SIZE
    • default: 2048 (which takes a long time to create), for demo or unsecure applications you can use smaller values like 512

Required by this image

  • RANCHER_URL

    • default: localhost
  • RANCHER_PORT

    • default: 8080
  • RANCHER_CONTAINER_NAME

    • default: rancher

Running codedevote/nginx-ssl-proxy-rancher container

All the information on running the base image also applies to this container.

Assumptions

  • Since the nginx container needs to communicate with the rancher container, you need to make sure, there is a link between those two containers. You can either use the (deprecated) --link option to link the rancher container to the nginx container or you put both containers on a docker network (by creating one useing docker network create). There seems to be an issue (see #2) using the default docker bridge network, so make sure, you create a dedicated network and hook both containers to this network by adding the --net option to your docker run command.
  • The rancher server can be reached from nginx container on the docker network at http://$RANCHER\_CONTAINER_NAME:$RANCHER\_PORT (for information on how to setup a rancher server refer to https://github.com/rancher/rancher).
  • You bind-mount a directory to /etc/nginx/external with the following minimum contents:
    • SSL certificate (chained for intermediate CAs) in a file called cert.pem
    • Private key in a file called key.pem
    • You can also put a dh.pem file here (see base image docs). If not, one will be created on first start.

Run command

To run this image you can use the following command:

docker run -d \
-p 80:80 -p 443:443 \
-e 'RANCHER_URL=rancher.example.org' \
-e 'RANCHER_CONTAINER_NAME=rancher' \
-e 'RANCHER_PORT=8080' \
-v $EXT_DIR:/etc/nginx/external/ \
codedevote/nginx-ssl-proxy-rancher
Docker Pull Command
Owner
codedevote

Comments (3)
ltutar
3 months ago

ashbyj: I am not sure if you still have the problem. Adding --link option to the command 'docker run --link <rancher container name> xxx xxx' should solve the problem.

codedevote
a year ago

Hi, sorry for late response, I did not receive a notification on this comment.
It should be quite simple to use another rancher server. The rancher.conf file has this hard-coded, but I can make it an environment variable.
Would that help you?

ashbyj
a year ago

Hi, is there a way to pass the rancher server to use, other than assuming rancher:8080? I'm getting the following

foo.example.com> docker run -d -p 80:80 -p 8443:443 -e 'RANCHER_URL=foo.example.com' -v /etc/nginx/external/:/etc/nginx/external/ codedevote/nginx-ssl-proxy-rancher
codedevote/nginx-ssl-rancher-server
  based on marvambass/nginx-ssl-secure

Nginx reverse proxy with ssl termination
for running rancher/server over https.

>> no $DH_SIZE specified using default
>> setting rancher url to foo.example.com
>> copy /etc/nginx/external/*.conf files to /etc/nginx/conf.d/
>> exec docker CMD
nginx
2016/04/22 18:33:27 [emerg] 1#1: host not found in upstream "rancher:8080" in /etc/nginx/conf.d/rancher.conf:5
nginx: [emerg] host not found in upstream "rancher:8080" in /etc/nginx/conf.d/rancher.conf:5

Thanks!