Skip to main content

Domainnames and SSL

Now that we have configured the static website in our ProxyServer, we need to talk about Domainnames and SSL.

The ProxyServer will receive requests from the Internet. And those request will be coming in over port 443, the SSL Port.

It is the Nginx Server-configurations (in proxyserver/deployment/etc/nginx/conf.d) where the SSL certificate needs to be specified. Like the default.conf of the static website we defined in the previous paragraph.

Where to place the certificates

Since the ProxyServer needs those certificates, lets place them in the proxyserver directory of the deployment project. I am putting them in proxyserver/deployment/etc/ssl/private.

Changing the Nginx definition of static website

To implement the SSL Certificates, the static_website.conf (or what name you've given it) Nginx config file needs to be changed:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.mydomain.com;

    ssl_certificate         /etc/ssl/private/star_mydomain_com_full_chain.txt;
    ssl_certificate_key     /etc/ssl/private/star_mydomain_com.key;

    access_log      /var/log/nginx/www_mydomain_access.log  main;
    error_log       /var/log/nginx/www_mydomain_error.log;

    location / {
        proxy_pass      http://172.30.0.20:7777;
    }
}

It shows the proxyserver will only listen to port 443 for this domain.

Directory structure so far

With all these files, let's do a recap of which files we have now in our Deployment Project: Directory Structure

And if you collapse all directory but the main ones, you see where we are going: 1 Directory for each Docker Container

  • proxyserver
  • staticsite

Then, last section before we are going to create more Containers: "Domainnames"

Domainnames

The proxyserver is listening to port 443 and domainname www.mydomain.com.

But we will have many more subdomains or other domains in out deployment. For example:

  • api-production.mydomain.com (Written in NodeJS)
  • api-development.mydomain.com (Written in NodeJS)
  • microservice-handling-images.mydomain.com (Written in Python FastAPI)
  • app.mydomain.com (The UI written in ReactJS)

All these domains are set up at our Hosting Provider and all pointing to the Host we are working on.

Advantage

The big advantage is that moving Containers around to other Hosts is a very easy task:

  • 'git pull' the whole deployment project on another Host
  • Start proxyserver there
  • Start the containers there (only the ones which need to run on this host)
  • Flip the IP addresses of these (sub)domains at your Domainname-provider.

If the same Container is also running at another Host, no harm done, because that other host just does not get the requests since the domainname is not pointing to that host.