Docker and Running your self-hosted applications in a more secure way behind a reverse proxy.
Рет қаралды 23,406
Күн бұрын========== LINKS ===========
ShowNotes
wiki.opensourceisawesome.com
Support my Channel and ongoing efforts through Patreon:
www.patreon.com/bePatron?u=23...
Links to other Portainer Videos
Install Docker, Portainer-CE, NPM in les than 5 Min • Install Docker-CE, Doc...
Install Portainer and Portainer Agent - • Installing Portainer a...
Use Portainer to Update your Docker Containers - • Use Portainer to updat...
Portainer - An Amazing Web UI for your Docker Setup - • Portainer, a free, ope...
Docker Install Script
github.com/bmcgonag/docker_in...
NGinX Proxy Manager Quick Setup
nginxproxymanager.com/guide/#...
Docker and Firewalls video
• Docker and Firewalls -...
=========== TIMESTAMPS =============
00:00 Beginning
00:09 Introduction
02:45 Thank you to my Patrons at Patreon
03:20 Prepping our Docker Setup
04:50 Install NGinX Proxy Manager
10:19 Test our NGinX Proxy Manager Page
12:20 Looking at our Docker Networks
12:55 Create a new Docker Network
14:10 Attach Containers to our new Network
15:10 Attach Container to our Network with Portainer
16:20 Add a new Proxy Host by Container Name
17:40 Test our Container Proxy
18:40 Review what we did
=== Contact ===
Twitter: @mickintx
Telegram: @MickInTx
Mastodon: mastodon.partecipa.digital/ @MickInTX
Try out SSDNodes VPS Services! Amazing Specs for incredibly low costs. I'm running a 32 GB RAM / $ CPU Server for only $9 a month! Seriously. FOr long term server usage, this is the way to go!
www.ssdnodes.com/manage/aff.p...
Get a $50.00 credit for Digital Ocean by signing up with this link:
m.do.co/c/a6a61ae55242
Use Hover as your Domain Name Registrar to get some great control over you domains / sub-domains:
hover.com/SHPaiirr
Support my Channel and ongoing efforts through Patreon:
www.patreon.com/bePatron?u=23...
What does the money go to?
To Pay for Digital Ocean droplets, donations to open source projects I feature, any hardware I may need to purchase for future episodes (which I will then give to a subscriber in a drawing or contest).
=== Attributions ===
Intro and Outro music provided by www.bensound.com
@MauiTech 2 жыл бұрын
Im new to all of this and have struggled with this for over 30 hours and your video was so detailed it got me through!!! Bless you good sir!
@AwesomeOpenSource 2 жыл бұрын
Glad it helped!
@szymonpogodzinach2495 Жыл бұрын
That is what I call a quality content!!
@AwesomeOpenSource Жыл бұрын
I appreciate it.
@DimitriPappas 2 жыл бұрын
As amazing as this tutorial is, 18:38 has got to be my favourite part even if it has nothing to do with the topic. I wish everyone shared information this way!
@AwesomeOpenSource 2 жыл бұрын
I appreciate it. I want to give as much information as I can, and reinforce the concepts, even if they are tangential.
@Deamonication 2 жыл бұрын
Thank you Brian…it took me even longer than you to get it…
@AwesomeOpenSource 2 жыл бұрын
As long as we all get there eventually.
@effectentertainment7882 9 ай бұрын
Portainer is giving 3 free business licenses right now.
@AwesomeOpenSource 9 ай бұрын
That's awesome!
@P1aenkl3r 2 жыл бұрын
Awesome!
@AwesomeOpenSource 2 жыл бұрын
Thank you! Cheers!
@fbifido2 2 жыл бұрын
Thanks for this video, i did ask once about the network part of docker, but by questions was remove from your video.
@AwesomeOpenSource 2 жыл бұрын
I haven't figured out yet why KZfaq flags some questions to be removed, but not others. I do know if you try to put some links in, it will autoremove comments.
@TritonB7 2 жыл бұрын
Great video. I had asked a question earlier, but for some reason my longer comments aren't making it through.
@AwesomeOpenSource 2 жыл бұрын
I appreciate it. Try to ask again, or jump over to my RocketChat server and ask there. I'm happy to try and help if I can.
@curtish3481 2 жыл бұрын
Brian you are just amazing. Wondering if this is why I have issues with 523 errors w/t cloud flare and Fios. Can you cover trouble shooting such issues in the future
@AwesomeOpenSource 2 жыл бұрын
Let me see what I can do. Those cloudflare 523 errors are kind of odd, and sometimes hard to pin down. I think 523 is their generic code for something isn't setup right.
@smokeyjoee4835 2 жыл бұрын
Cheers mate. Whenever I try to do a jellyfisn docker it says running but I can't get to the set up page. I just found Ur channel gonna binge it lol.
@AwesomeOpenSource 2 жыл бұрын
I hope it helps. If you have issues, let me know.
@cryptot3ch Жыл бұрын
Awesome tutorial Brian! Thank you! I just had one question.. I followed your 5 minute docker/portainer/nginxpm/navidrome tutorial, which was awesome! However, why do I not see a nginx-proxy-manager_db_1 container like you have? I only have the nginx-proxy-manager_app_1. Thanks a ton!
@AwesomeOpenSource Жыл бұрын
NGinX Prxy Manager was updated, and the need for a separate db was removed at some point. So, given the age of the video, it's just a little outdated on what you'll see afterward.
@tubejim101 Жыл бұрын
Do you have to setup the databases for nginx proxy manager? If you don't will it just use an internal default one?
@AwesomeOpenSource Жыл бұрын
It used to use a separate mysql db, but it's all built into one docker file now, so you don't even need that part anymore. Recommend you go to the Nginx Proxy Manager page, and just use the quick start docker-compose.yml he shows there.
@zer0r00t 2 жыл бұрын
The same can be done by prefixing hostport:containerport with 127.0.0.1 in docker run or compose. So instead of 6767:80, you do 127.0.0.1:6767:80 and then reverse proxy port 6767.
@AwesomeOpenSource 2 жыл бұрын
Good to know, thank you.
@totagopinathdas5141 2 жыл бұрын
Thanks, great video. Can you please make a video on how to setup portainer under NPM proxy network, so I can close port 9443? Thanks
@AwesomeOpenSource 2 жыл бұрын
Let me see what I can do.
@totagopinathdas5141 2 жыл бұрын
Thanks. I am thinking to run portainer under a subdomain rather than /portainer/
@Avalance987 Жыл бұрын
Hi, First I would like to say thank you for your videos, I was able to discover some very nice software tools that I didn't know existed :) Related to your current video, I have been trying for some day's to make it the same but whenever I'm trying to access Heimdall I'm receiving a "Error 520" From the net, showing that Cloudflare is working but on the Host can't access it. If i try the IP of the docker host i'm reaching the Nginx page but if i add the port for the Heimdall I can't... and I can't think were it's stucking. Also a nice video idea if you want to do, check the open source Password Manager called "Passbolt" it can run also on docker though having issues deploying too... It's a nice local kinda like Keypass for teams with browser addons for auto-fill password.
@AwesomeOpenSource Жыл бұрын
I've been looking at Passbolt, want to do a video on it in the future for sure. AS for Heimdall, can you reach it only by host IP and port?
@Avalance987 Жыл бұрын
@@AwesomeOpenSource no I can't... If I would install Heimdall without the nginx with the default ports, I can. But if I do it the same way as yours, removing the ports, having the docker network connected with nginx and Heimdall I can't.
@krdesigns 2 жыл бұрын
Great information, however, let per se I need to hide port 81 Nginx-Proxy-Manager and 9000 Portainer from the public but allowing port 80 and 443 expose from the outside. It's going to be tricky to do this. I end-up making NPM and Portainer together into a single docker-compose in order to make it run correctly. Else it won't work at all. And you don't actually need to create a new network for NPM since it already creates one for you.
@metal-beard 2 жыл бұрын
How'd you hide port 81 from public?
@krdesigns 2 жыл бұрын
@@metal-beard In my case the way I do it is to run NPM first and setup the link and port 81 first. Then edit docker-compose.yml and remove port 81:81 so it wont get expose. Adding portainer to the list make it work easily.
@AwesomeOpenSource 2 жыл бұрын
If you're running on a Public facing VPS, then you can use something like the firewall in DigitalOcean or Linode that sits like a virtual appliance in front of your server, and simply block access to 81, then just use NPM to proxy the traffic to 81. You can also use something like Cloudflare for similar purposes. IF it's on your home network, again, just make sure the only ports you forward for incoming requests are 80 and 443, and block 81. Now you can only access 81 from inside your LAN.
@metal-beard 2 жыл бұрын
@@krdesigns Can you do a short video on it please? I removed 81:81 from compose after creating a link but then I get 400-Bad Gateway.
@metal-beard 2 жыл бұрын
@@AwesomeOpenSource yea, unfortunately, I'm using a cheap VPS with no bells and whistles. Setting up UFW just blocks it on proxied link as well.
@VicenteMMOSilva 5 ай бұрын
By using this setup i can only have a single open port in my modem, is that it?
@AwesomeOpenSource 5 ай бұрын
You would setup 2 ports, 80, and 443. 80 for non-SSL traffic (esentially LetsEncrypt uses 80 to verify it can reach the site), and 443 for the encrypted / secure SSL traffic.
@mamadou4707 Жыл бұрын
Your work is fantastic. Most of the things I know about docker great open source projects are from your channel. I have a workload running on digital ocean and I tried to use portainer and letsencrypt but I am having an issue setting the host for portainer. everything works except the host for portainer. after setting the host name from NPM with all the certificate, I am unable to connect to the portainer UI using URL. The request is just timing out. All other containers work like a charme. I don't know how to debug this issue. I tried joining your discourse channel but is apparently out of service. I would be grateful if you could direct me to resources that can help me fix it. I don't really want to be accessing portainer UI throught the IP address. Thank you again and thank you in advance
@AwesomeOpenSource Жыл бұрын
I responded to you on my discussion (Rocketchat). I'll help you over there.
@jothreat3172 Жыл бұрын
howd you know the ip address of the nginixpm ?
@AwesomeOpenSource Жыл бұрын
Do you mean the Docker0 IP, or the private IP of the server host it's running on?
@mrwrenchysus 2 жыл бұрын
Sir, do you have a Discord channel? I would like to join there cause I need some help on some stuff
@AwesomeOpenSource 2 жыл бұрын
I don't, but you can find me and assistance at discuss.opensourceisawesome.com.
@RayHorn5128088056 2 жыл бұрын
Good boy. Now tell us how to do this same thing when you cannot attach Docker Network because that is maybe the more interesting use case. So far you managed to do this the super-easy way.
@AwesomeOpenSource 2 жыл бұрын
I suppose I'm not understanding what you're asking for. Why wouldn't we do things the easy way?
@RayHorn5128088056 2 жыл бұрын
@@AwesomeOpenSource Because none of the easy stuff is all that useful in real terms. Just saying.
@Daaell 2 жыл бұрын
Am I an idiot and missed WHY this is more secure? The only benefit I see that the container cannot access the host's network. The downside is that this way you have to expose EVERYTHING to the internet because you can only reach them though they subdomain, since there are no exposed ports to the container (talking about Lan access). Am I seeing this wrong?
@AwesomeOpenSource 2 жыл бұрын
Not exactly. Think of this from the perspective of a VPS, or a shared LAN where you may not want others to be able to access these services via the host IP and port, but instead want them to go through the SSL encrypted domain name. You can still setup a proxy for internal use on your LAN as well. Does that help? The security part being that now you force SSL vs. allowing someone to access your site via http only, or you having to login over http with no SSL encryption, and on an open LAN you could have someone sniffing your unencrypted traffic. For general home use, with no one else on the LAN, no need to do this, it's just an option.
@Daaell 2 жыл бұрын
@@AwesomeOpenSource ok I see your point on the local access. Obv. I'm self hosting locally but being able to access my services is a benefit. But if others are on he network who shouldnt access them or access it though https, this is the way. Also for services in exposing to the net, I might do this. Thanks for clarification!
@AwesomeOpenSource 2 жыл бұрын
@@Daaell you bet!
@markstanchin1692 2 жыл бұрын
I’m trying to understand this as well. I’m self hosting. If I don’t publish the port how can I access it on my local network without going through a prox. Wonder if there’s a way to accomplish the best of both worlds. For instance Nextcloud. I’m not publishing the port is accessible through the proxy but how can I access directly from my home network and include in Heimdall dashboard?
Awesome Open Source
Рет қаралды 12 М.
Awesome Open Source
Рет қаралды 131 М.
Securing NGinX Proxy Manager - follow up - securing your admin console for this Open Source Software
Awesome Open Source
Рет қаралды 86 М.
Awesome Open Source
Рет қаралды 118 М.
Techno Tim
Рет қаралды 564 М.
Awesome Open Source
Рет қаралды 37 М.
Typecase
Рет қаралды 4,6 МЛН
LED Screen Factory-EagerLED
Рет қаралды 15 МЛН
notebook-31
Рет қаралды 126 М.