Actually, this post is to continue my previous post: Install Ubuntu Desktop Docker Using Portainer and Access it From Browser (VNC/noVNC).

In that post, I deployed a Ubuntu Desktop Docker using Portainer and access it through a web browser. It only works on port 6080 and does not support https. In this post, I am putting a Nginx docker in front of Ubuntu Desktop Docker as a reverse proxy. Also I  deployed CertBot to issue a Let’s Encrypt certificate for Ubuntu Desktop Docker’s domain name. In this way, I can use my own sub-domain name on port 443, rather than 6080, to access my Ubuntu Desktop docker. Much easy and more professional way. 

Make sure your domain novnc.51sec.org is pointing to your VPS’s public ip.
Create a new Container in Portainer:

We are having three containers now managed by Portainer: Nginx, noVNC, and Portainer.

Use Nginx As Reverse Proxy Server 

In this lab, Nginx will be configured as reverse proxy to redirect all traffic for novnc.51sec.org on port 80 or 443 to proxied docker, noVNC. 

apt update && apt install nano

nano /etc/nginx/conf.d/novnc.conf
nano /etc/nginx/conf.d/novnc.conf
server {
    listen       80;
    server_name  novnc.51sec.org;

location / {
    proxy_pass       http://172.31.23.170:6080;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }
}
service nginx restart
Once nginx service restarted, the configuration will take effect. We will able to access Ubuntu desktop using sub domain name on port 80 ,  //novnc.51sec.org

Install Certbot

Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
With Certbot’s help, we can easily convert a http site to secure https site using a nonprofit certificate authority provided ssl/tls certificate. 
Unfortunately the install instruction from Certbot is not working for my Nginx docker. But I can run following two commands to get Certbot installed. 
  • apt install certbot
  • apt install python-certbot-nginx

Certbot issue certs for your domain

Last step is to run Certbot to apply a SSL/TLS certificate for our Nginx website. It will automatically configure necessary configuration on our Nginx configuration. 
Here is the command to apply certificate and make changes on configuration file:
  • certbot –nginx

The novnc.conf configuration file has been changed to :

[email protected]:/# cat /etc/nginx/conf.d/novnc.conf 
server {
    server_name  novnc.51sec.org;

location / {
    proxy_pass       http://172.31.23.170:6080;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/novnc.51sec.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/novnc.51sec.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = novnc.51sec.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen       80;
    server_name  novnc.51sec.org;
    return 404; # managed by Certbot


[email protected]:/# 

After restart nginx service, https://novnc.51sec.org is up and it is using a valid certificate to encrypt the traffic between the client and server. 

from Blogger //blog.51sec.org/2021/02/use-portainer-to-install-nginx-docker.html

By Jon

Leave a Reply