DEV Community

Cover image for Local Reverse Proxy
Tiffanie BOREUX
Tiffanie BOREUX

Posted on

Local Reverse Proxy

#nginx #macos #docker #certificates

Laziness drove me to install NGINX as a reverse proxy and to set up a local domain name with a self-signed certificate.

Context

On my Mac, I have installed Docker and deployed several applications within their containers. I don't need to access these applications over the Internet, so I keep them local, accessing them with my browser using localhost and their exposed ports.

However, I'm tired of remembering the ports. To simplify access, I decided to install NGINX on my Mac to set up a local reverse proxy.

Installation

I'm using Homebrew, so the installation is straightforward:

brew install nginx
Enter fullscreen mode Exit fullscreen mode

Now, NGINX is installed on my Mac, nothing complicated.

NGINX Configuration

By default, NGINX serves content on port 8080. I want to change it to port 80:

vim /usr/local/etc/nginx/nginx.conf
Enter fullscreen mode Exit fullscreen mode

Search for the http block. Inside it, there is a server block. In this server block, change listen 8080; to listen 80;.

SSL Configuration

If you're going to use a custom local domain name, you might as well use a self-signed SSL certificate. I'll use OpenSSL for this:

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \ -nodes -keyout home.arpa.key -out home.arpa.crt -subj "/CN=home.arpa" \ -addext "subjectAltName=DNS:home.arpa,DNS:*.home.arpa,IP:127.0.0.1"
Enter fullscreen mode Exit fullscreen mode

You can replace home.arpa with your custom domain name.

Once you have your .key and .crt files, store them carefully. I chose to copy them to a folder next to nginx.conf:

mkdir -p /usr/local/etc/nginx/ssl mv home.arpa.key home.arpa.crt /usr/local/etc/nginx/ssl/
Enter fullscreen mode Exit fullscreen mode

Server Block Creation

Instead of having one large nginx.conf file with all my server declarations, I decided to use the servers/ directory in /usr/local/etc/nginx/servers:

vim /usr/local/etc/nginx/servers/portainer.home.arpa.conf
Enter fullscreen mode Exit fullscreen mode

Configuration Example 

server { listen 443 ssl; server_name portainer.home.arpa; ssl_certificate /usr/local/etc/nginx/ssl/home.arpa.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/home.arpa.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass https://127.0.0.1:9443; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 80; server_name portainer.home.arpa; return 301 https://$host$request_uri; }
Enter fullscreen mode Exit fullscreen mode

NGINX Restart

To apply the changes, restart NGINX with:

sudo brew services restart nginx
Enter fullscreen mode Exit fullscreen mode

Local DNS

Don't forget to update your local DNS. Add this line to your /etc/hosts file:

127.0.0.1 portainer.home.arpa
Enter fullscreen mode Exit fullscreen mode

Conclusion

That's it! Now, you can browse your application using https://portainer.home.arpa instead of https://127.0.0.1:9443.

Happy me! 🌱

Top comments (0)