Encrypting network traffic with TLS has become a standard practice with more applications moving to the cloud. It is how many organizations secure their Coder instance when deploying on top of Kubernetes. This is usually accomplished by terminating TLS at the load balancer level.
However, with the release of Coder for Docker, the process to enable TLS is quite different, but just as important nonetheless. In this post, we’ll discuss how you can access your Coder for Docker deployment over HTTPS with a reverse proxy.
In some ways, a reverse proxy acts just like a regular proxy. It acts as a middleman, communicating with web servers on behalf of client machines. Yet, it comes with a few important caveats.
First, instead of masking outgoing connections, a reverse proxy masks the incoming traffic. When provided with a URL, such as coder.com, the reverse proxy will handle where the request is taken, even with a multi-server configuration.
Second, a reverse proxy enables you to run services on a variety of ports, without having to expose those ports to a user-facing network. In this case, Coder for Docker runs on port 7080. By using a reverse proxy, you only need to open ports 80 (HTTP) and 443 (HTTPS) to have traffic routed to Coder.
In this example, we’ll make use of an nginx
container to serve as the reverse proxy alongside the Coder container. We’ll also need to include our SSL certificate and key files in the nginx
configuration file to enable TLS.
To get started, you'll need - A machine with Docker Engine and Docker Compose installed - A domain name - An SSL/TLS certificate
If you don’t have a certificate, our documentation covers how to procure one via LetsEncrypt.
Running an nginx
container requires you to have an nginx.conf
file on the host machine. To account for this, we’ll create one locally and define the server name, ports, and headers. See an example below:
Once the server configuration is set, we can define our multi-container application with Docker Compose. All that’s needed is a single .yaml
file. Example below:
A few things to note: first, we’ve defined the ports
key to publish ports 80 and 443 on the host network. Second, we’ve added the volumes
key to create a bind mount volume. This will mount our local directories of /nginx
and ~/letsencrypt
into the nginx container. Both directories contain the nginx configuration and certificate files, respectively.
Now that we have our Docker Compose and nginx
configuration files in place, we can start the containers! You’ll simply need to run docker-compose up -d
to run both containers simultaneously. You should now be able to access your Coder instance from your domain.
For more detailed information on the steps above, see our documented guide.
Want to stay up to date on all things Coder? Subscribe to our monthly newsletter and be the first to know when we release new things!