How to use FQDNs to access internal Docker based services?

charles · March 4, 2021, 9:38pm

My primary goal, in simplest terms, is to be able to type something such as cookbook.charles.home into my web browser and be brought to the webUI of a Docker container I use as a cookbook

Currently I must type dockerserver:8888 dockerserver is the host name that pfSense provides the Ubuntu server I am using to run Docker. 8888 is the port assigned to the specific container running my cookbook.

I should note that I am only talking about accessing these services while on my local LAN (or connected to it via VPN).

I’m a bit new to running Docker containers by way of using Docker compose on an Ubuntu server. I’ve been using Docker for a few years by way of unraid. Unraid was great, but after a while I wanted to learn how to do it the standard way with Docker-compose.

Could anyone point me to what I am looking for? I’ve heard about tropics such as reverse proxies and let’s encrypt but all the info I’ve found about those two related to hosting publicly accessibly services which (at this point anyway) I have no need to exposes the services to the public internet.

Thanks!

ameinild · March 5, 2021, 8:44am

You’ll need 2 things setup for this to work - a DNS resolver and a reverse proxy.

The DNS resolver points the right FQDN to your reverse proxy.
The reverse proxy serves the FQDN as an “overlay” to ip-address:port, so for instance cookbook.charles.home would show the content of 192.168.1.120:8888 (the port exposed by the docker cointainer).

An added benefit of using a reverse proxy is that you can use a wildcard (*) certificate for all your services, so you don’t need to renew certificate for each service.

I’m doing it the following way:

Using unbound for internal DNS resolver
Using nginx-proxy-manager for reverse proxy

There are other options as well, but this is working for my needs.

I’m not sure if Jay has some videos covering those topics - I think it would be very well suited for the “How to Homelab” series…

charles · March 5, 2021, 1:59pm

Thank you.

I am already using a DNS resolver- I’m using unbound built into pfSense. So it looks like I need to look at a few reverse proxy options and see which is best for me. I’ll dive into the nginx offering first and see what I find.

Thanks for the pointers.

ameinild · March 8, 2021, 9:46am

I think Nginx Proxy Manager is fairly easy to setup and use - fits my needs perfectly.

charles · March 9, 2021, 5:27pm

To update-

I looked into various options and I concluded that I’d agree with you Nginx Proxy Manager seems to be the best option for me.

Thanks for the suggestion!

If anyone is looking for some more info on Nginx Proxy Manager, these setup instructions may be helpful to you.
Full Setup Instructions using Docker Compose

jay · March 13, 2021, 7:43pm

And here I am manually configuring NGINX reverse proxies. Proxy Manager seems like a cool thing to check out, thanks for sharing!

charles · March 13, 2021, 10:10pm

So I spun up the container last weekend but didn’t end up spending time trying to actually configure some reverse proxies…

Is a reverse proxy something that I can take advantage of by just using my local domain name? (domain ending in .home)

At this point, I do not have a need to have these services accessible from the public internet, only within my own network.

I’m not sure I fully understand the concept behind a reverse proxy, but could it be used without a public domain name?

ameinild · March 15, 2021, 8:23am

Hi. Yes, you can use it on your local network only. As long as your local DNS entries point to the local reverse proxy host.

If you want to use it on an internet domain, your public DNS point to your WAN IP, and you set up a port forward on port 80 and 443 to your local reverse proxy host. But this is entirely optional.

ameinild · March 16, 2021, 11:02am

I just want to point out one thing with Nginx Proxy Manager.
As it is right now, the log files grow indefinitely, so you have to setup some way to clean the logs periodically.

It is described in this issue: Logs grow indefinitely · Issue #183 · jc21/nginx-proxy-manager · GitHub

I’m currently using a script that trim the logs to 1000 lines each week, but you can also do a standard log rotation, or whatever you prefer.

Just be aware that this is an issue that need to be handled manually. It’s the only “major flaw” I’ve encountered with it so far.

The logfiles are located in: /path/to/npm-docker-data/data/logs

charles · March 20, 2021, 4:16am

Thanks for the advice on both counts.

I’ll look into setting this up further as well as ensuring the logs are periodically cleaned.