Apache/2.4.57 (Debian)
OS 6.1.0-rpi6-rpi-v8
Root shell access - yes
Explanation of querry:
Currently, I have Nextcloud installed on rpi and it uses ports 80 and 443
I want to install a service with docker container and this service needs to be certified for its web connection.
Any advice please or recommended resources?
Only one service at a time can bind a port.
I have no idea what your system is currently doing. You can have multiple services on the same port by using a reverse proxy with multiple virtualhosts.
Thanks
For clarification - Nextcloud (without docker) installed and certified.
Now I am trying to add a docker service which will need certification - all the online solutions explain the usage of nginx reverse proxy with various docker containers.
I am trying to avoid the need to reinstall nextcloud within a docker container.
Please ignore whatever nginx proxy manager story they're selling you. That's usually a mess.
You can have your current webserver proxy a different fqdn to a different service. Just add a virtualhost (Apache) or a server block (nginx) and follow documentation/examples on how to reverse proxy another service.
ok
thnak you
To clarify a little bit more: you'd run your services in Docker on different ports than your current Nextcloud webserver is running (80 and 443). I'm not that familiar with Docker, but I believe you can map external "listening" ports in Docker to different "internal" ports.
E.g., on the "outside" of docker, you could have:
Then, you could add a reverse proxy virtualhost in your Apache (which would be running your Nextcloud I assume) for those Docker services A and B, reverse proxying to localhost:81 and localhost:82 respectively.
Note that for connections to localhost, it's usually not required to have HTTPS. That's usually handled by the reverse proxy. So you could leave out the "444 -> 443" and "445 -> 443" stuff and just use the HTTP ports.
NB, if you want the service not to be exposed on 81, 82, etc... bind ports and IP addresses (you have all 127.0.0.0/8 to play with, you can use 80 and 443 if the IP is different) and then reverse proxy using ip and port.
Really appreciate the details
I am working on it
thank you v much
many many thanks
very much appreciated
so it is the docker's 81 444 listening to the hosts 80 443 ?
so I added this
<VirtualHost *:80>
ServerName sherab.duckdns.org
ProxyPass / http://localhost:xxxx/
ProxyPassReverse / http://localhost:xxxx/
ErrorLog ${APACHE_LOG_DIR}/sherab_error.log
CustomLog ${APACHE_LOG_DIR}/sherab_access.log combined
</VirtualHost>
and I get to the docker service just fine
now my problem is that the lockpad in firefox indicates the traffic is not secured
I run
sudo /snap/bin/certbot certonly --standalone -d sherab.duckdns.org
and it seemed to work fine
then I added this in /etc/apache2/sitesavailable/sherab.duckdns.org.conf
ServerName sherab.duckdns.org
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/sherab.duckdns.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sherab.duckdns.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/sherab.duckdns.org/chain.pem
ProxyPass / http://localhost:5230/
ProxyPassReverse / http://localhost:5230/
ErrorLog ${APACHE_LOG_DIR}/sherab_error.log
CustomLog ${APACHE_LOG_DIR}/sherab_access.log combined
</VirtualHost>
now the site is not reachable 
thank you - I followed your point and realized I could do the http request
how do I do that?
just to show:
/sites-available $ sudo /snap/bin/certbot certonly --standalone -d sherab.duckdns.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for sherab.duckdns.org
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/sherab.duckdns.org/fullchain.pem
Key is saved at: /etc/letsencrypt/live/sherab.duckdns.org/privkey.pem
This certificate expires on 2024-02-15.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sherab@raspberrypi:/etc/apache2/sites-available $ sudo service apache2 start
I think you can run certbot enhance --redirect but you'd have to check on that.
ok thank you - I think I might go to bed now as it begins to be late for me
I really appreciate your time and advice.
Thank you
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.