コンテンツにスキップ

Nginx

Nginx は Nginx の Docker イメージである。

Docker Compose

オレオレ証明書を使って HTTPS 通信に対応させる。

証明書は/path/to/server.crt/path/to/server.keyとして格納済みのものとする。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
services:
  nginx:
    image: nginx:1.27.4-bookworm
    restart: always
    ports:
      - 443:443
      - 80:80
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
      - $SERVER_CRT:/etc/certificate/server.crt:ro
      - $SERVER_KEY:/etc/certificate/server.key:ro

1
2
SERVER_CRT=/path/to/server.crt
SERVER_KEY=/path/to/server.key

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
server {
    # listen       80;
    # listen  [::]:80;
    server_name  localhost;
    listen 443 ssl;
    ssl_certificate /etc/certificate/server.crt;
    ssl_certificate_key /etc/certificate/server.key;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

docker compose up --buildしたあとはhttps://localhostで Nginx の Welcome ページが表示される。

なおhttp://servicename:3000のリバースプロキシとして使う場合は以下のような設定になる。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
server {
    # listen       80;
    # listen  [::]:80;
    server_name  localhost;
    listen 443 ssl;
    ssl_certificate /etc/certificate/server.crt;
    ssl_certificate_key /etc/certificate/server.key;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://servicename:3000;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

コンテナ内の設定ファイルの確認方法

1
$ docker compose exec -u root nginx cat /etc/nginx/conf.d/default.conf

Basic 認証ありのリバースプロキシ

1
2
3
4
5
.
├── docker-compose.yml
└── nginx
    ├── .htpasswd
    └── default.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
services:
  nginx-basic:
    image: nginx:latest
    container_name: nginx-basic
    restart: always
    ports:
      - "8080:80"
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
      - ./nginx/.htpasswd:/etc/nginx/.htpasswd:ro
    extra_hosts:
      - "host.docker.internal:host-gateway"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    location / {
        proxy_pass http://host.docker.internal:3002/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /hoge/ {
        proxy_pass http://host.docker.internal:3002/hoge/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        auth_basic "Authorization Required";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

ハッシュ値を作成するためにパッケージをインストールする。

1
$ sudo apt install -y apache2-utils

ユーザー名とパスワードのハッシュ値を設定する。

1
2
3
4
$ sudo htpasswd -cB ./nginx/.htpasswd admin
New password:
Re-type new password:
Adding password for user admin