Root shell access - yes Explanation of querry:
Currently, I have Nextcloud installed on rpi and it uses ports 80 and 443
I want to install a service with docker container and this service needs to be certified for its web connection.
Any advice please or recommended resources?
For clarification - Nextcloud (without docker) installed and certified.
Now I am trying to add a docker service which will need certification - all the online solutions explain the usage of nginx reverse proxy with various docker containers.
I am trying to avoid the need to reinstall nextcloud within a docker container.
Please ignore whatever nginx proxy manager story they're selling you. That's usually a mess.
You can have your current webserver proxy a different fqdn to a different service. Just add a virtualhost (Apache) or a server block (nginx) and follow documentation/examples on how to reverse proxy another service.
To clarify a little bit more: you'd run your services in Docker on different ports than your current Nextcloud webserver is running (80 and 443). I'm not that familiar with Docker, but I believe you can map external "listening" ports in Docker to different "internal" ports.
E.g., on the "outside" of docker, you could have:
Nextcloud listening on 80 and 443;
Docker service A listening externally on 81 and 444, mapped to internally 80 and 443 respectively;
Docker service B listening externally on 82 and 445, mapped to internally 80 and 443 respectively;
Then, you could add a reverse proxy virtualhost in your Apache (which would be running your Nextcloud I assume) for those Docker services A and B, reverse proxying to localhost:81 and localhost:82 respectively.
Note that for connections to localhost, it's usually not required to have HTTPS. That's usually handled by the reverse proxy. So you could leave out the "444 -> 443" and "445 -> 443" stuff and just use the HTTP ports.
NB, if you want the service not to be exposed on 81, 82, etc... bind ports and IP addresses (you have all 127.0.0.0/8 to play with, you can use 80 and 443 if the IP is different) and then reverse proxy using ip and port.
and I get to the docker service just fine
now my problem is that the lockpad in firefox indicates the traffic is not secured
I run sudo /snap/bin/certbot certonly --standalone -d sherab.duckdns.org
and it seemed to work fine
then I added this in /etc/apache2/sitesavailable/sherab.duckdns.org.conf