实际上,这篇文章是继续我以前的帖子: 使用Portainer安装Ubuntu Desktop Docker并从浏览器访问它(VNC / Novnc).

在该帖子中,我使用Portainer部署了Ubuntu Desktop Docker并通过Web浏览器访问它。它只适用于端口6080,不支持HTTPS。在这篇文章中,我将Ubuntu Desktop Docker前面的Nginx Docker作为反向代理。此外,我也部署了Certbot来发出Let's加密Ubuntu Desktop Docker域名证书。通过这种方式,我可以在端口443上使用自己的子域名而不是6080来访问我的Ubuntu桌面Docker。很简单,更专业的方式。 

确保您的域名Novnc.51sec.org指向您的VPS的公共IP。
在Portainer中创建一个新的容器:

我们现在拥有三个包含Portainer:Nginx,Novnc和Portainer的集装箱。

使用nginx作为反向代理服务器 

在此实验中,Nginx将被配置为反向代理,可将Novnc.51sec.org的所有流量重定向到Port 80或443到Proxied Docker,Novnc。 

apt update && apt install nano

nano /etc/nginx/conf.d/novnc.conf.conf.
nano /etc/nginx/conf.d/novnc.conf.conf.
server {
    listen       80;
    server_name  novnc.51sec.org;

location / {
    proxy_pass       http://172.31.23.170:6080;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }
}
服务nginx重启
Once nginx service restarted, the configuration will take effect. We will able to access Ubuntu desktop using sub domain name on port 80 ,  http://novnc.fabiandinkins.com

安装certbot.

CERTBOT. 是一个免费的开源软件工具,用于自动使用ver在手动管理的网站上加密证书以启用HTTPS。
通过CERTBOT的帮助,我们可以轻松地将HTTP站点转换为使用非营利性证书颁发机构的HTTPS站点提供SSL / TLS证书。 
不幸的是,安装指令  CERTBOT.  不适用于我的nginx docker。但是我可以运行以下两个命令来安装certbot。 
  • apt安装certbot.
  • Apt安装python-certbot-nginx

CERTBOT为您的域名发出证书

最后一步是运行Certbot以为我们的Nginx网站应用SSL / TLS证书。它将在我们的nginx配置上自动配置必要的配置。 
以下是应用证书的命令并在配置文件上进行更改:
  • certbot -nginx.

novnc.conf配置文件已更改为:

[email protected]:/# cat /etc/nginx/conf.d/novnc.conf 
server {
    server_name  novnc.51sec.org;

location / {
    proxy_pass       http://172.31.23.170:6080;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/novnc.51sec.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/novnc.51sec.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = novnc.51sec.org) {
        return 301 //$host$request_uri;
    } # managed by Certbot


    listen       80;
    server_name  novnc.51sec.org;
    return 404; # managed by Certbot


[email protected]:/# 

After restart nginx service, //novnc.fabiandinkins.com is up and it is using a valid certificate to encrypt the traffic between the client and server. 

来自Blogger. http://blog.fabiandinkins.com/2021/02/use-portainer-to-install-nginx-docker.html

经过 Jon.

发表评论