Containerize Nginx

The current Nginx server would benefit from being converted into a Docker container rather than running on bare metal.

Benefits:

  • Cut down on sysadmin overhead
    • Easily update Nginx by just rebuilding the container using the latest version, no more building from source
  • Nginx config can be maintained in version control, rather than only having it on the server
    • Configuration can be updated without needing access to the server
  • Being able to update/reboot Nginx without needing access to the server directly, only to portainer and the repo
  • If a server suddenly dies it’s easy to bring back up entirely, nothing can be lost
  • SSL cert configuration/renewal as part of the startup process
    • Never manually interact with certbot again
  • Better documentation and maintainability as a whole
  • More room to experiment/learn without as many risks
  • Automation :smile:

Work required for completion:

I’m happy to carry out all the work above if it’s agreed upon.

Great idea! A few points though:

  • I believe that Nginx is installed with dnf, not built from source
  • The *.freeside.co.uk wildcard actually points at the IP address of fs-web02, so Nginx has to run on fs-web02 and not fs-docker
  • How complicated would the networking get? Nginx reverse-proxies to a number of different locations, which might make the networking more obscure and difficult to understand
  • Could we not put /etc/nginx under version control already? It does sound like a great idea actually.

Oh yeah, and about CI: IIRC, we’re still running Drone 0.8, which isn’t the latest version. At some point updating might be a good idea.

The *.freeside.co.uk wildcard actually points at the IP address of fs-web02, so Nginx has to run on fs-web02 and not fs-docker

We would probably host the container on fs-web02 for that reason, it already has Docker installed. That’s why I mentioned adding fs-web02 as another endpoint on portainer so that it can be managed that way.

How complicated would the networking get?

Should be do-able, we’ll see :stuck_out_tongue:

Could we not put /etc/nginx under version control already? It does sound like a great idea actually.

I think that should be done even if we decide not to containerize Nginx. That’s half the reason I suggested this in the first place, containerizing Nginx would just be the final piece of the puzzle.

We would probably host the container on fs-web02 for that reason

Ah, I see - so like a cluster of Docker servers?

it already has Docker installed

It does? News to me :stuck_out_tongue:

Should be do-able, we’ll see :stuck_out_tongue:

Cool - I’m just a bit concerned about maintainability there. I think we should keep at least some services out of Docker containers, as it provides a useful starting point for new admins before they move on to the Docker stuff (which I myself am not actually very experienced with).

I think that should be done even if we decide not to containerize Nginx.

Absolutely. Perhaps a private repo on the GitLab server would be best though, since it could contain potentially sensitive information.

1 Like

Ah, I see - so like a cluster of Docker servers?

Yep.

It does? News to me :stuck_out_tongue:

I found out by trying to do Docker commands whilst on the wrong host :laughing:


I’ll come up with a proof of concept some time and we can work from there.

I found out by trying to do Docker commands whilst on the wrong host

Lol! Looks like someone installed it on the wrong host :stuck_out_tongue:

I’ll come up with a proof of concept some time and we can work from there.

Sounds good to me :+1: