Web Server Setup

A web server is useful for some components of OCS and the associated live monitoring. You might already have one setup, and are certainly welcome to run one however you’d like. If you do not have one setup, this page describes how to get a simple nginx server running in a docker container.

nginx

nginx is a lightweight, open source, web server which we will use as a reverse proxy.

docker-compose Configuration

We will setup nginx in a docker container. First, ensure you do not currently have a web server running (we need to make sure port 80 is available.) Then add nginx to your docker-compose file:

web:
  image: nginx
  volumes:
   - ./nginx.conf:/etc/nginx/nginx.conf:ro
   - ./.htpasswd:/etc/nginx/.htpasswd:ro
  ports:
   - "80:80"

There are two files mounted within the container in this block, nginx.conf and .htpasswd. These store the nginx configuration and authentication credentials, respectively.

A template for nginx.conf can be found in the ocs-site-configs/templates directory, and is based on the default nginx configuration file provided within the nginx docker image.

user       nginx;  ## Default: nobody
worker_processes  1;  ## Default: 1

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 8192;

events {
  worker_connections  1024;  ## Default: 1024
}

http {
  include    /etc/nginx/mime.types;
  #include    /etc/nginx/proxy.conf;
  #include    /etc/nginx/fastcgi.conf;
  index    index.html index.htm index.php;

  default_type application/octet-stream;
  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
  access_log   /var/log/nginx/access.log  main;
  sendfile     on;
  tcp_nopush   on;
  server_names_hash_bucket_size 128; # this seems to be required for some vhosts

  server { # simple reverse-proxy
    listen       80;
    server_name  {{ domain }};
    access_log   /var/log/nginx/{{ domain }}.log  main;
    root         /usr/share/nginx/html;

    # serve static files
    # location ~ ^/(images|javascript|js|css|flash|media|static)/  {
    #   root    /var/www/virtual/big.server.com/htdocs;
    #   expires 30d;
    # }

    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;

    location /grafana/ {
      proxy_pass http://grafana:3000/;
    }
  }
}

Note

This assumes the “web” container is running on the same network as a container called “grafana” for name resolution. If your setup is different you will need to change the URL in the proxy_pass accordingly.

.htpasswd can be generated using htpasswd. It can also be generated at htaccesstools.com. It will look something like this:

user:$apr1$dJ70NC/m$r4CIcSEDK4L38HD4QH5Ix/

Warning

Do NOT use the above as your .htpasswd file, it is not secure.

Once you have created these two files you can bring up the webserver with:

$ sudo docker-compose up -d

Your webserver should now be accessible via the configured domain, or through http://localhost.

Grafana Proxy

If you are proxying Grafana and accessing it externally (i.e. not on localhost), then you need to configure several additional environment variables. In your docker-compose configuration file add:

environment:
  - GF_SERVER_ROOT_URL=http://{{ domain }}/grafana
  - GF_SERVER_PROTOCOL=http
  - GF_AUTH_BASIC_ENABLED=false

HTTPS Setup

A secure HTTPS setup might be beyond the scope of this documentation. It is, however, possible to setup Nginx with an Let’s Encrypt certificate within a set of docker containers. This blog post does a great job of explaining the setup.