Skip to content

Instantly share code, notes, and snippets.

@MHaggis

MHaggis/Setup Docker + NGINX.md Secret

Created May 22, 2024 16:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save MHaggis/e106367f6649fbb09ab27e7b4a01cf73 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save MHaggis/e106367f6649fbb09ab27e7b4a01cf73 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Setup Docker + NGINX.md

Docker and NGINX Installation Guide

Installing Docker

To install Docker on Ubuntu, follow these steps which include adding Docker's official GPG key, setting up the Docker repository, and installing Docker Engine along with its components.

  1. Update your package index and install necessary packages:

    sudo apt-get update
sudo apt-get install ca-certificates curl gnupg

  2. Create a directory for the Docker keyring and add the Docker GPG key:

    sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

  3. Configure the Docker repository:

    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

  4. Install Docker Engine and its components:

    sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
snap install docker

Installing NGINX

To install NGINX on Ubuntu, you can use the apt package manager. Follow these steps to install and start NGINX:

  1. Update your package index and install NGINX:

    sudo apt update
sudo apt install nginx

  2. Start and enable NGINX to run on boot:

    sudo systemctl start nginx
sudo systemctl enable nginx

  3. Backup original NGINX configuration files:

    mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bakog
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bakog

Setting Up Jenkins with Docker and NGINX

To set up Jenkins using Docker and proxy it with NGINX on Ubuntu, follow these steps:

Get the docker-compose.yml file from https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2024-23897

Save locally.

run docker compose up -d to start the jenkins container.

Now the container is running and jenkins is listening on 8080.

we will want to proxy pass nginx to this server for anyone accessing the domain from 80 and forward to 8080.

First, the nginx.conf file, will be located in /etc/nginx/

nginx.conf


user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;
        client_body_buffer_size 100K; # Adjust the size according to your needs

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

            log_format kv 'site="$server_name" server="$host" dest_port="$server_port" dest_ip="$server_addr" '
                   'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
                   'time_local="$time_local" protocol="$server_protocol" status="$status" '
                   'bytes_out="$bytes_sent" bytes_in="$upstream_bytes_received" '
                   'http_referer="$http_referer" http_user_agent="$http_user_agent" '
                   'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
                   'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
                   'http_method="$request_method" response_time="$upstream_response_time" '
                   'cookie="$http_cookie" request_time="$request_time" category="$sent_http_content_type" https="$https" '
                   'request_body="$request_body" ';


        access_log /var/log/nginx/access.log kv;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;


        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

Then, place our configuration file in /etc/nginx/sites-available/. If using multiple sites, you can create a new file for each site and symlink it to /etc/nginx/sites-enabled/ to enable it.

jenkins

server {
    listen 80;
    server_name jenkins.catjamfest.com;

    access_log /var/log/nginx/jenkins_access.log kv;
    error_log /var/log/nginx/jenkins_error.log;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        client_max_body_size 100M;

        proxy_redirect off;
        proxy_buffering off;

        # WebSocket support (comment out if you don't need it)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Run the following commands to enable the site and reload the NGINX configuration:

sudo nginx -t
sudo systemctl reload nginx

Now you can access the jenkins server by going to jenkins..com.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment