Originally, I have a website with nginx and Ubuntu 20.04 port at 80(http) and 443(https), the URL is https://mysite.cc (It works well)
And now, I want to set another site with Spring Cloud (Docker) with the URL https://new.mysite.cc
How to set the nginx or the docker of Spring cloud?
Right now, all of the two sites can separatly work well, but how to integrate with them together in one Ubuntu server?
The config of nginx of https://mysite.cc is:
server {
server_name mysite.cc;
root /var/www;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ /index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.cc/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.cc/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mysite.cc) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name mysite.cc;
return 404; # managed by Certbot
}
The new site is docker with spring cloud, the part of config file docker-compose.yml is like:
(Right now, it works at http://localhost)
version: "3"
services:
newsite-nacos:
image: nacos/nacos-server:1.4.2
container_name: newsite-nacos
restart: always
ports:
- ${NACOS_PORT:-8848}:8848
healthcheck:
test: curl -f http://${NACOS_HOST:-172.20.0.4}:8848/nacos/index.html || exit 1
interval: 6s
timeout: 10s
retries: 10
networks:
newsite-network:
ipv4_address: ${NACOS_HOST:-172.20.0.4}
newsite-backend:
......................
ports:
- ${BACKEND_PORT:-6688}:${BACKEND_PORT:-6688}
networks:
newsite-network:
ipv4_address: ${BACKEND_HOST:-172.20.0.5}
newsite-frontend:
image: ...........
container_name: newsite-frontend
restart: always
environment:
- SERVER_NAME=localhost
- BACKEND_SERVER_HOST=${BACKEND_HOST:-172.20.0.5}
- BACKEND_SERVER_PORT=${BACKEND_PORT:-6688}
- USE_HTTPS=false
ports:
- "80:80"
- "443:443"
networks:
newsite-network:
ipv4_address: 172.20.0.6
networks:
newsite-network:
driver: bridge
ipam:
config:
- subnet: ${SUBNET:-172.20.0.0/16}
Advertisement
Answer
You can setup another server block in your nginx configuration to make it work as a proxy.
You should also change exposed ports for the dockerized application not to collide with the first one.
So change this:
ports:
- "80:80"
- "443:443"
Into for example this:
ports:
- "8088:80"
Proxied communication on one machine doesn’t need to be enciphered as the https config would be set up on the proxy (nginx)
Then the server block could look similarly as this:
server {
server_name new.mysite.cc;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
// the port has to match the exposed one of the spring app
proxy_pass http://127.0.0.1:8088;
proxy_read_timeout 90;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.cc/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.cc/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I am not mentioning obtaining of the TLS certificate, as you managed to do that for the first application and the process is equal.