HomeTutorsContact
Letsencrypt - Certificate Authority
How to Run Nginx Docker Container?
Anton Putra
March 21, 2021
2 min

Prerequisites

  • Required: Docker (Get Docker)
  • Optional: Docker Compose (Install Compose)
  • Optional: AWS account (AWS Free Tier Sign Up)
  • Optional: AWS CLI (Installation guide)
  • Optional: SSL certificate and private key (How to Generate Self Signed Certificate?)

Sections

  • Build and Run Nginx Docker Container Locally
  • Secure Nginx with SSL Certificate
  • Create IAM User, ECR, and Push Docker Image
  • Create IAM Policy and IAM Role for EC2 Instance
  • Create EC2 Instance and attach IAM Role
  • Install Docker on Ubuntu 20.04
  • Run Nginx Docker Container with SSL Certificate

Build and Run Nginx Docker Container Locally

  • Create nginx folder
  • Create Dockerfile
  • Get the latest version of nginx docker image from Docker Hub
  • Create FROM statement
  • Create index.html with the following content
  • Add index.html to docker image inside Dockerfile
  • Create nginx config file devopsbyexample.conf
  • Add devopsbyexample.conf file to the docker image
  • Create nginx.conf main configuration file
  • Copy nginx.conf to the docker image and replace original
  • Build the new docker image
  • List docker images that you have Locally
  • Run Nginx docker container

Secure Nginx with SSL Certificate

  • Update Nginx configuration file devopsbyexample.conf to listen on port 443 and redirect from poty 80 to 443
  • Build new image

Create IAM User, ECR and Push Docker Image

  • Create web private ECR repository via AWS console
  • Create IAM group ECRAdmin and attach AmazonEC2ContainerRegistryPowerUser policy
  • Create developer IAM user, put it to the ECRAdmin IAM group and download credentials
  • Create default AWS profile
  • Authenticate your Docker client (use command from View push commands)

  • Tag and push your docker image to ECR

Create IAM Policy and IAM Role for EC2 Instance

  • Create IAM policy AmazonEC2ContainerServiceWebReadOnlyAccess to be able to pull docker images from the private ECR repository
  • Create IAM Role PullECRImages and Instance Profile via AWS Console

Create EC2 Instance and attach IAM Role

  • Create devops key-pair, download it and update permissions chmod 0600 devops.pem
  • Create web Security Group with Allow external traffic description
  • Add 2 inbound rules to allow incoming traffic on port 22, 80, and 443
  • Create EC2 instance

Install Docker on Ubuntu 20.04

  • SSH to your Ubuntu server
  • Install Docker
  • To apply the new group membership, log out of the server and back in

Run Nginx Docker Container with SSL Certificate

  • Create certs folder on Ubuntu
  • Upload SSL certificate and key that we created in the previous lesson to the Ubuntu server
  • Run Nginx Docker Container with SSL certificate
  • Install AWS cli
  • Authenticate with ECR using commands from “View push commands”

  • Verify docker container with docker ps command

  • Update DNS records for your domain, create two A records for apex and www subdomain. If you used not self-signed cert it should work.

  • Upload CA to the MAC

  • Install and create docker-compose file

  • Create docker-compose.yaml file
  • Start docker image

Clean Up

  • Delete EC2 Ubuntu 20.04 instance
  • Delete developer user
  • Delete IAM group ECRAdmin
  • Delete AmazonEC2ContainerServiceWebReadOnlyAccess policy
  • Delete PullECRImages AWS IAM role
  • Delete web ECR repository
  • Delete web AWS security group
  • Delete devops key pair
  • Delete local private devops.pem RSA key and new_user_credentials.csv
  • Remove DNS records
  • Remove CA
  • Remove all local docker containers and images docker rm -vf $(docker ps -a -q) && docker rmi -f $(docker images -a -q)

Tags

#nginx#docker#ssl

Anton Putra

DevOps Engineer

Big Data | DevOps engineer with hands-on experience in building large, scalable batch and real-time applications with Apache Spark, Hive, Flink on top of Kubernetes; designing and developing CI/CD pipelines.

Expertise

Kubernetes
Terraform
AWS
GCP

Social Media

youtubefacebooklinkedinwebsite

Related Posts

Wildcard Certificate
Letsencrypt Wildcard Certificate
November 16, 2020
1 min
© 2021, All Rights Reserved.

Quick Links

About UsContact Us

Social Media