Nginx Proxy Manager(NPM) 當 Revers Proxy Server(Docker)

  • 編輯 yml 檔案

    vi docker-compose.yml

    services:
      nginx-proxy-manager:
        image: jc21/nginx-proxy-manager:latest
        container_name: nginx-proxy-manager
        restart: always
        ports:
          - '80:80'
          - '81:81'
          - '443:443'
        volumes:
          - ./data:/data
          - ./letsencrypt:/etc/letsencrypt
    
      goaccess:
        image: xavierh/goaccess-for-nginxproxymanager:latest
        container_name: goaccess
        restart: always
        ports:
          - '7880:7880'
        environment:
          - TZ=Asia/Taipei
          - SKIP_ARCHIVED_LOGS=False #optional
          - DEBUG=False #optional
          - BASIC_AUTH=False #optional
          - BASIC_AUTH_USERNAME=user #optional
          - BASIC_AUTH_PASSWORD=pass #optional
          - EXCLUDE_IPS=127.0.0.1 #optional - comma delimited
          - LOG_TYPE=NPM #optional - more information below
          - ENABLE_BROWSERS_LIST=True #optional - more information below
          - CUSTOM_BROWSERS=Kuma:Uptime,TestBrowser:Crawler #optional - comma delimited, more information below
          - HTML_REFRESH=5 #optional - Refresh the HTML report every X seconds. https://goaccess.io/man
          - KEEP_LAST=30 #optional - Keep the last specified number of days in storage. https://goaccess.io/man
        volumes:
          - ./data/logs:/opt/log
    
      watchtower:
        image: containrrr/watchtower
        container_name: watchtower
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
        environment:
          - TZ=Asia/Taipei
          - WATCHTOWER_SCHEDULE=0 0 4 * * *
          - WATCHTOWER_CLEANUP=true
        labels:
          - "com.centurylinklabs.watchtower.enable=true"
        restart: unless-stopped
  • 啟動服務

    docker compose up -d

  • http://192.168.11.231:81 (預設帳號密碼 : [email protected] / changeme)
  • 登入後會要求更改與設定 Administrator 的帳號密碼

  • 新增一個 Proxy Host :
    • Hosts → Porxy Hosts → Add Proxy Host → Exp. www.ichiayi.com ichiayi.com
      • Detail → Exp. 內部實際主機的 IP 是 https://192.168.11.233
      • Custom locations → Add location → Exp. 將之前的 /wiki 導到現在的沒有 /wiki 的網址
      • SSL → Exp. 設定由 Let's Encrypt 簽發 SSL 憑證, 並透過 Cloudflare DNS 進行驗證
        • 需要至 Cloudflare 的管理介面產生一個可以修改 Domain Name 權限的 API Token

        • 將產生的 API Token 設定到 dns_cloudflare_api_token
        • 要勾選同意 Let's Encrypt 服務條款, 點下 Save 如果沒問題大概 10 秒左右就可以產生SSL憑證
  • 只要執行以下命令就可以直接更版

    docker compose pull && docker compose up -d

  • 查看啟動過程 Logs

    docker compose logs -f

  • Proxy Host 是 NextCloud 要提供檔案下載時發現預設下載檔案大小限制為 1GB
  • 另外 NextCloud/all-in-one 會開啟 TRACE and TRACK method, 會造成主機弱點, 也順便設定關閉
  • 編輯 Proxy Host → Advanced → Custom Nginx Configuration 加入

    client_body_buffer_size 512k;
    proxy_read_timeout 86400s;
    client_max_body_size 0;
    if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS)$) {
        return 405;
    }

  • 無 IPv6 的環境啟動時 log 內會出現類似以下的錯誤訊息

    :
    app-1  | ❯ Starting nginx ...
    app-1  | nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
    app-1  | ❯ Starting nginx ...
    app-1  | nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
    :

  • 只要在 docker-compose.yml 內的環境變數加上 DISABLE_IPV6=true 即可 Exp.
    version: '3'
    services:
      app:
        image: 'jc21/nginx-proxy-manager:latest'
        restart: unless-stopped
        ports:
          - '80:80'
          - '81:81'
          - '443:443'
        environment:
          - DISABLE_IPV6=true
        volumes:
          - ./data:/data
          - ./letsencrypt:/etc/letsencrypt
  1. 在來源主機匯出

    cd nginx-proxy-manager
    tar -cvf data.tar data/
    tar -cvf letsencrypt.tar letsencrypt/

  2. 將 data.tar 與 letsencrypt.tar 複製到目標主機 Exp.

    scp *.tar 172.16.1.99:/root/

  3. 在目標主機匯入

    mv *.tar nginx-proxy-manager/
    cd nginx-proxy-manager
    
    docker compose down
    
    mv data data.org
    mv letsencrypt letsencrypt.org
    
    tar -xvf data.tar
    tar -xvf letsencrypt.tar
    
    docker compose up -d
    docker compose logs -f

  • tech/nginx_proxy_manager.txt
  • 上一次變更: 2024/09/11 10:38
  • jonathan