Skip to content

Setup with Nginx

Jump to bottom
Dudrie edited this page Oct 17, 2020 · 7 revisions

⚠ The wiki got moved to a new documentation. The information you find here might be outdated or inaccurate.

Introduction

This section covers how to set up nginx for the Tutor-Management-System (or your server in general). As for the installation itself docker is required because this setup steps through setting up a docker container running nginx. Furthermore the steps assume you use docker-compose to set up the nginx container but you can find the corresponding commands below.

Step-by-Step

This sections should be considered a part of the [installation guide][installation-guide]. It assumes that you use docker-compose to manage the setup of all required containers.

However, if you want to use docker commands instead you can find a list of those below aswell.

  1. Download the sample nginx configuration files from the wiki.

  2. Unzip the downloaded files into a folder of your choice. The Step-by-Step guide assumes it is called nginx/.

    Those files contain a nginx.conf file and a sites/ folder with more *.conf files and folders in it. They contain a tested default configuration that works on most systems out-of-the-box.

    ⚠ Make sure you do NOT put the nginx/ folder in the config/ folder used for the TMS itself.

  3. Verify that you have the following folder and files present:

    - nginx/
|--+ certs/ (empty folder)
|--| sites/
   |--| sites-available/
   |--|--+ tms.conf
   |--+ sites-enabled/ (empty folder)
   |--+ common_location.conf
   |--+ common.conf
   |--+ nginx.conf
   |--+ ssl.conf

  4. Gather your SSL certificates and put them in a folder which can be mounted into the docker container. This Step-by-Step guide assumes they are in the certs/ folder shown above.

    💡 If you do not have an certificates you can use ones from the CA Let's Encrypt.

  5. Open the tms.conf file and make the following adjustments:

    1. Replace all <URL> occurences with the url (without protocol!) of your server _For example: Your TMS instance has the URL https://my-tms-instance.de you only put my-tms-instance.de there.

      ⚠ If the TMS instance should be reachable through several URLs you can put all in there seperated with spaces, for example:

      server_name www.my-tms-instance.de my-tms-instance.de other-url.com;

    2. Replace <PUBLIC_KEY> with the absolute path the public key will be in the container. For the example docker-compose service and folders this would be

      ssl_certificate /etc/nginx/certs/fullchain.pem;

    3. Replace <PRIVATE> with the absolute path the private key will be in the container. For the example docker-compose service and folders this would be

      ssl_certificate_key /etc/nginx/certs/privkey.pem;

    4. Verify that the URL in the location / after proxy_pass matches the name of the TMS container followed by the port the server listens on (by default the name is tms-server and the port is 8080).

      ⚠ Please note that the tms-server container does NOT need to expose the port to the public. The nginx container and the tms-server container just need to be in the same docker network (see below).

  6. Add the nginx service to your docker-compose file used during the installation. You can find the service in this sample docker-compose file.

    💡 If you do not want to put the nginx and the tms in the same docker-compose file you can find an explanation on how to do so below.

    ⚠ Make sure that the mounted folders match the ones you want to mount (ie your folders have different names than this Step-by-Step guide assumes).

  7. Proceed with the rest of the installation guide.

Using two docker-compose files

If you want to use different docker-compose files for nginx and the TMS follow these additional steps to get both containers into the same network:

  1. Create a new docker network called "proxy_network" by running:

    docker network create proxy_network

    💡 You can change the name to be what-ever you like but remember it for later.

  2. Change the proxy_network property in the networks section of both docker-compose files to be like this:

    networks:
  proxy_network:
    external:
      name: proxy_network

    💡 If you changed the name make sure to change the value of the name attribute accordingly.

Commands

  • Create the proxy network

    docker network create proxy_network

  • Create the nginx container (without starting it):

    docker create --name nginx --restart always -p 80:80 -p 433:433 --net proxy_network -v $PWD/nginx/nginx.conf:/etc/nginx/nginx.conf -v $PWD/nginx/sites:/etc/nginx/sites -v $PWD/nginx/certs:/etc/nginx/certs nginx

    ⚠ Please note: If you renamed the nginx/ and/or certs/ folder make sure to adjust the corresponding volumes (-v) accordingly. All paths must be absolute paths.

Clone this wiki locally