Simply record the process of forwarding the ports mapped by Docker and forwarding them to another server.
Install Nginx#
1. Installation on Debian system#
sudo apt-get update
sudo apt-get install nginx
2. Verify if NGINX is successfully installed. Enter the following command in the terminal:#
sudo service nginx start
Apply for SSL certificate#
1. Get CerBot client#
install certbot
2. Get the certificate#
certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com
This command will generate a certificate for the two domains example.com and www.example.com. Using the --webroot mode will create a .well-known folder in /var/www/example, which contains some verification files. Certbot will verify if your domain is bound to this server by accessing example.com/.well-known/acme-challenge. This command can meet most requirements,
but sometimes some of our services do not have a root directory, such as some microservices. In this case, using --webroot will not work. Certbot has another mode called --standalone, which does not require specifying the website's root directory. It will automatically enable port 443 of the server to verify the ownership of the domain. If we have other services (such as nginx) occupying port 443, we must stop these services first, and then enable them after the certificate is generated.
certbot certonly --standalone -d example.com -d www.example.com
After the certificate is generated, we can see the corresponding domain folder in the /etc/letsencrypt/live/ directory, which contains some shortcuts pointing to the certificate.
At this point, our first certificate generation is completed, and the next step is to configure our web server and enable HTTPS.
Create forwarding configuration#
1. Configure NGINX reverse proxy. Enter the following command in the terminal:#
blog.xxxx.xxx I used the domain name as the configuration file
touch /etc/nginx/sites-available/blog.xxxx.xxx
2. Configuration file reference#
This means forwarding to port 3000 on localhost
server {
listen 80;
listen [::]:80;
server_name wqq.xxxx.xxx;
return 301 https://$server_name$request_uri;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
port_in_redirect off;
proxy_redirect http://localhost:3000 https://wqq.xxxx.xxx;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name wqq.xxxx.xxx;
ssl_certificate /etc/letsencrypt/live/wqq.xxxx.xxx/fullchain.pem; # Replace with your certificate path
ssl_certificate_key /etc/letsencrypt/live/wqq.xxxx.xxx/privkey.pem; # Replace with your certificate private key path
# Force HTTPS
if ($scheme != "https") {
return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
port_in_redirect off;
proxy_redirect http://localhost:3000 https://wqq.xxxx.xxx;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
}
3. Enable the sites-enabled symbolic link#
Afterwards, you need to create a symbolic link in /etc/nginx/sites-enabled to the above /etc/nginx/sites-available/blog.xxxx.xxx file. The command is as follows:
ln -s /etc/nginx/sites-available/blog.ryujinx.top /etc/nginx/sites-enabled/
Then check if the nginx configuration file is correct: sudo nginx -t. If it prompts "Syntax OK", the configuration is correct. Then execute sudo systemctl reload nginx to restart nginx, and the configuration is complete.