Why Choose NGINX for Your Web Server?

  • It’s lightweight and high-performance
  • Excellent for serving static content and as a reverse proxy
  • Simple configuration syntax
  • Very popular in containerized environments

So, let’s create a Docker container with Nginx and SSL!

  1. First, create a directory structure:
cd ~
aws s3 cp s3://BUCKET NAME/ . --recursive
sudo yum install unzip tree -y

mkdir nginx-ssl
unzip certs.zip
mv certs nginx-ssl/
unzip html.zip
mv html nginx-ssl/

cd nginx-ssl
mkdir conf
  1. Create nginx.conf in the conf directory: Change server_name.
server {
    listen 443 ssl;
    server_name d11-vdi-lin04.gcs.cloud;
    
    root /usr/share/nginx/html;
	    location / {
		    index index.html;
		    }
		    
    ssl_certificate /etc/nginx/certs/server_001.crt;
    ssl_certificate_key /etc/nginx/certs/server.key;
    ssl_trusted_certificate /etc/nginx/certs/ca-bundle.crt;
    ssl_protocols TLSv1.2 TLSv1.3;
}
  1. Create the full certificate chain by concatenating the certificates in the correct order:
cd certs
cat mid-ca.crt ca.crt > ca-bundle.crt
cat server_001.crt mid-ca.crt ca.crt > server-bundle.crt
  1. Create Dockerfile:
FROM nginx:alpine

RUN mkdir -p /etc/nginx/certs

# Copy SSL certificates
COPY certs/ca-bundle.crt /etc/nginx/certs/
COPY certs/server_001.crt /etc/nginx/certs/
COPY certs/server.key /etc/nginx/certs/

COPY conf/nginx.conf /etc/nginx/conf.d/default.conf
COPY html /usr/share/nginx/html

EXPOSE 443

CMD ["nginx", "-g", "daemon off;"]
  1. Make sure your HTML content is organized in a directory structure like this:
 .
└── nginx-ssl
    ├── Dockerfile
    ├── certs
    │   ├── ca-bundle.crt
    │   ├── ca.crt
    │   ├── mid-ca.crt
    │   ├── server-bundle.crt
    │   ├── server.key
    │   ├── server_001.crt
    │   └── server_001.pfx
    ├── conf
    │   └── nginx.conf
    └── html
        ├── colour.conf
        ├── img
        │   └── GCS-AWS-logo_32_v02.png
        ├── index.html
        └── swagger
            └── ui
                └── index
                    ├── img
                    │   └── Tech-Task-v07.png
                    └── index.html
  1. Build and run the container:
# Build the image
sudo docker build -t my-secure-nginx:latest .

# Run the container
sudo docker run -d --name secure-nginx \
-p 443:443 \
--restart always \
my-secure-nginx:latest
  1. Check the status using curl command.
# -k flag to allow insecure connections
curl -k https://localhost
# Or specify your domain
curl -k https://your-domain.com
# To get more detailed with -v (verbose) flag
curl -kv https://localhost

See also:

Deploy a Amazon Linux 2023

NGINX Load Balancer - Bare Metal

NGINX Load Balancer for WCF & gRPC

NGINX Container - Load Balancer

NGINX Load Balancer for WCF App

Haproxy Container - Load Balancer