Containerize Nginx

The current Nginx server would benefit from being converted into a Docker container rather than running on bare metal.

Benefits:

• Cut down on sysadmin overhead
  • Easily update Nginx by just rebuilding the container using the latest version, no more building from source
• Nginx config can be maintained in version control, rather than only having it on the server
  • Configuration can be updated without needing access to the server
• Being able to update/reboot Nginx without needing access to the server directly, only to portainer and the repo
• If a server suddenly dies it’s easy to bring back up entirely, nothing can be lost
• SSL cert configuration/renewal as part of the startup process
  • Never manually interact with certbot again
• Better documentation and maintainability as a whole
• More room to experiment/learn without as many risks
• Automation

Work required for completion:

• Creating a repository for maintaining Nginx (private?)
• Setting up a Docker registry to store built images
  • Take over https://registry.freeside.co.uk
• Setting up ci/cd for building images
• Setting up the web server as another endpoint on https://portainer.freeside.co.uk

I’m happy to carry out all the work above if it’s agreed upon.

Great idea! A few points though:

• I believe that Nginx is installed with dnf, not built from source
• The *.freeside.co.uk wildcard actually points at the IP address of fs-web02, so Nginx has to run on fs-web02 and not fs-docker
• How complicated would the networking get? Nginx reverse-proxies to a number of different locations, which might make the networking more obscure and difficult to understand
• Could we not put /etc/nginx under version control already? It does sound like a great idea actually.

Oh yeah, and about CI: IIRC, we’re still running Drone 0.8, which isn’t the latest version. At some point updating might be a good idea.

The *.freeside.co.uk wildcard actually points at the IP address of fs-web02, so Nginx has to run on fs-web02 and not fs-docker

We would probably host the container on fs-web02 for that reason, it already has Docker installed. That’s why I mentioned adding fs-web02 as another endpoint on portainer so that it can be managed that way.

How complicated would the networking get?

Should be do-able, we’ll see

Could we not put /etc/nginx under version control already? It does sound like a great idea actually.

I think that should be done even if we decide not to containerize Nginx. That’s half the reason I suggested this in the first place, containerizing Nginx would just be the final piece of the puzzle.

We would probably host the container on fs-web02 for that reason

Ah, I see - so like a cluster of Docker servers?

it already has Docker installed

It does? News to me

Should be do-able, we’ll see

Cool - I’m just a bit concerned about maintainability there. I think we should keep at least some services out of Docker containers, as it provides a useful starting point for new admins before they move on to the Docker stuff (which I myself am not actually very experienced with).

I think that should be done even if we decide not to containerize Nginx.

Absolutely. Perhaps a private repo on the GitLab server would be best though, since it could contain potentially sensitive information.

Ah, I see - so like a cluster of Docker servers?

Yep.

It does? News to me

I found out by trying to do Docker commands whilst on the wrong host

I’ll come up with a proof of concept some time and we can work from there.

I found out by trying to do Docker commands whilst on the wrong host

Lol! Looks like someone installed it on the wrong host

I’ll come up with a proof of concept some time and we can work from there.

Sounds good to me