Using Host's Reverse Proxy for SSL/TLS instead of Docker Nginx

By: Richard Small user 19 Aug 2020 at 5:40 p.m. CDT

3 Responses
Richard Small gravatar
Hello, I've been trying to navigate a way of using the docker version of Gluu server on my host that's already got a NGINX/Apache system in place. Therefore I remapped NGINX docker exposed port to something else and used a reverse proxy rule to map port 443 on the host to port 80 (internal) on NGINX docker. Alas I am getting a number of errors relating to LDAP server not being reachable. However, from what I've read, Gluu systems all use and share certificates from the docker NGINX server? So terminating TLS looks like it would be problematic? I was watching a video by your founder and in the comments someone asked if it supported reverse proxy and he said yes. So surely there must be a best way of doing this? From what I've read so far it appears very, very messy with many rewrites etc... Simply, I am wanting to integrate the Gluu system on a web server that also supports docker-compose. Since I already have a wildcard certificate being produced and managed for the domain on the host server whilst also taking advantage of mod_sec ect... for traffic and just offload non-TLS traffic to the Gluu NGINX docker. Any other port traffic can be exposed if needed. Is this really not achievable? I hope that some more clarity can be definitively shed on what is or isn't supported with using an external reverse proxy. Thanks
Docker 19.03
closed

Answers

By Isman Firmansyah staff 20 Aug 2020 at 10:58 a.m. CDT

Copy
Isman Firmansyah gravatar
Hi Richard, You can use other reverse proxies instead of Gluu docker-nginx. In fact, our Kubernetes distribution doesn't use docker-nginx in favor of Kubernetes Ingress. Things to consider before using another reverse proxy: 1. TLS/SSL is needed at port 443 2. Rewrite rules are needed to conform to Gluu Server design. Examples: https://github.com/GluuFederation/community-edition-setup/blob/version_4.2.1/templates/https_gluu.conf, https://github.com/GluuFederation/docker-nginx/blob/4.2/templates/gluu_https.conf.ctmpl Best regards,

By Richard Small user 20 Aug 2020 at 3:07 p.m. CDT

Copy
Richard Small gravatar
Hello, Thank you for getting back to me, great news. These web server templates are a very useful I can work through these thank you. This ticket will serve as a useful marker for others in the future. Kind regards,

By Steve Sobol user 06 Aug 2022 at 5:19 p.m. CDT

Copy
Steve Sobol gravatar
If you want to use haproxy, I can help. I'm actually trying to find some time to polish up my configs over the next week or two, after which I will release the configs under the MIT license on Github.

Post an answer