Nginx revers proxy for cocroachdb web ui with password authentification and personal ssl certificates

poster-cockroachdb.jpg

https://www.cockroachlabs.com/docs/stable/install-cockroachdb.html

https://www.cockroachlabs.com/docs/stable/secure-a-cluster.html

https://github.com/denisgolius/cockroach-installer

https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04

https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-nginx-on-ubuntu-14-04

My ufw block all requests from Internet to 7005 port, so WEBUI will be run as subdomain by nginx:

cat /etc/systemd/system/cockroach.service

[Unit]
Description=Cockroach db auto starter

[Install]
WantedBy=multi-user.target

[Service]
ExecStart=/usr/local/bin/cockroach start --certs-dir=/opt/cocroach/certs --store=/var/data/cockroachdb/ --port=26257 --http-port=7005 --logtostderr=ERROR
ExecStop=/usr/local/bin/cockroach quit --certs-dir=/opt/cockroach/certs
SyslogIdentifier=cockroachdb
Restart=always
LimitNOFILE=35000

upstream cocroach  {
        server localhost:7005;
}

server {
    listen your_ip:443 ssl;
    server_name your_domain;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"; # managed by Certbot


    location / {
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
    proxy_pass https://localhost:7005;
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    proxy_redirect default;
    proxy_buffering off;
    client_max_body_size 50m;
    client_body_buffer_size 512k;
    proxy_set_header	Host	$host;
    proxy_set_header	X-Real-IP	$remote_addr;
    proxy_set_header	X-Forwarded-For	$proxy_add_x_forwarded_for;
#	fastcgi_read_timeout 6000;
    }

    location = /favicon.ico {
    log_not_found off;
    }

    location = /robots.txt {
       add_header Content-Type text/plain;
       return 200 "User-agent: *\nDisallow: /\n";
    }

    location ~ /\. { deny all; }

    access_log /var/log/nginx/cocroach-webui.access.log;
    error_log /var/log/nginx/cocroach-webui.error.log;


}

server {
    listen your_ip:80;
    server_name your_domain;
    return 301 https://your_domain$request_uri;
}

Installing WordPress in Docker using Nginx and Php-Fpm 7

Wordpress_Docker.png

It is evident that you don’t need an introduction to Docker, WordPress or Nginx. So there is no point whatsoever in blabbering about each of these technologies, let’s just jump right into the matter.

In this article, we will be looking into how you can setup a WordPress site in a Docker container that will be using Nginx along with php7-fpm.

What’s included in this Dockerfile? The Docker image you create using the following Dockerfile will have the following

  • Ubuntu 16.04 Nginx (latest available for Ubuntu 16.04) PHP-FPM7 WordPress (latest)

Please note that this does not include a MySQL server. You either need a remote MySQL server or another container with MySQL setup properly to allow remote database access

Okay, How to get things done? I have made a github repository HERE Which contains all the information about how to set it up. I am too lazy to have the instructions in here as well.

If you need any help with any of it, leave a comment below and I shall try my best to address that, which is the purpose of this blog post.

Evolution of your git repository

Bildschirmfoto-2015-03-20-um-08.03.44_leadimage.png

gource --path path/to/repo --seconds-per-day 0.15 --title "gogs" -1280x720 --file-idle-time 0 --auto-skip-seconds 0.75 --multi-sampling --stop-at-end --highlight-users --hide filenames,mouse,progress --max-files 0 --background-colour 000000 --disable-bloom --font-size 24 --output-ppm-stream - --output-framerate 30 -o - | ffmpeg -y -r 60 -f image2pipe -vcodec ppm -i - -i path/to/music.mp3 -shortest -vcodec libx264 -preset ultrafast -pix_fmt yuv420p -crf 1 -threads 0 -bf 0 path/to/output.mp4

GitHub – denisgolius

Denis

Ukraine

https://www.linkedin.com/in/denis-golius-1088b79b https://www.facebook.com/michaelweiss1234