Local Reverse Proxy
Laziness drove me to install NGINX as a reverse proxy and to set up a local domain name with a self-signed certificate.
Context
On my Mac, I have installed Docker and deployed several applications within their containers. I don't need to access these applications over the Internet, so I keep them local, accessing them with my browser using localhost
and their exposed ports.
However, I'm tired of remembering the ports. To simplify access, I decided to install NGINX on my Mac to set up a local reverse proxy.
Installation
I'm using Homebrew, so the installation is straightforward:
brew install nginx
Now, NGINX is installed on my Mac, nothing complicated.
NGINX Configuration
By default, NGINX serves content on port 8080. I want to change it to port 80:
vim /usr/local/etc/nginx/nginx.conf
Search for the http
block. Inside it, there is a server
block. In this server
block, change listen 8080;
to listen 80;
.
SSL Configuration
If you're going to use a custom local domain name, you might as well use a self-signed SSL certificate. I'll use OpenSSL for this:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \
-nodes -keyout home.arpa.key -out home.arpa.crt -subj "/CN=home.arpa" \
-addext "subjectAltName=DNS:home.arpa,DNS:*.home.arpa,IP:127.0.0.1"
You can replace home.arpa
with your custom domain name.
Once you have your .key
and .crt
files, store them carefully. I chose to copy them to a folder next to nginx.conf
:
mkdir -p /usr/local/etc/nginx/ssl
mv home.arpa.key home.arpa.crt /usr/local/etc/nginx/ssl/
Server Block Creation
Instead of having one large nginx.conf
file with all my server declarations, I decided to use the servers/
directory in /usr/local/etc/nginx/servers
:
vim /usr/local/etc/nginx/servers/portainer.home.arpa.conf
Configuration Example
server {
listen 443 ssl;
server_name portainer.home.arpa;
ssl_certificate /usr/local/etc/nginx/ssl/home.arpa.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/home.arpa.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass https://127.0.0.1:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name portainer.home.arpa;
return 301 https://$host$request_uri;
}
NGINX Restart
To apply the changes, restart NGINX with:
sudo brew services restart nginx
Local DNS
Don't forget to update your local DNS. Add this line to your /etc/hosts
file:
127.0.0.1 portainer.home.arpa
Conclusion
That's it! Now, you can browse your application using https://portainer.home.arpa
instead of https://127.0.0.1:9443
.
Happy me! 🌱