Using a Raspberry Pi as a reverse proxy
date:
tags: containers docker homelab nginx proxy manager raspberry pi reverse proxy pi linux
categories: Homelab Containers Rasperry Pi Linux ansible
I will be using another Raspberry Pi to serve as a reverse proxy for my network. With Nginx Proxy manager, I can manage my proxy configurations in a web app. This application is a front end for nginx which is a very popular web server that also works for proxying TCP/IP connections and encrypting traffic.
Installing Nginx Proxy Manager
I will be managing this software with docker. If you have not worked with docker before, I have a blog post about the basics of docker and installation methods.
There is already an example docker-compose template on the official website that will make launching this application trivial. Not all container images are built to be compatible with the processor of the Raspberry Pi but this image is compatible. Make sure to choose passwords other than “PASSWORD” in your compose template. Save the following template as docker-compose.yml
and I recommend not opening the file permissions of this template to the world i.e. chmod 0640
|
|
Now the application can be launched with:
|
|
When your docker container is running, connect to it on port 81
for the admin interface. Enter the hostname / IP address of the Pi in your browser and the port number:
http://docker-pi.local:81
Default Admin User:
|
|
Immediately after logging in with this default user you will need to change the password.
Upgrading to new versions
Run these commands in the directory with the docker-compose.yml
template:
|
|
Install and configure Nginx Proxy manager with Ansible
I have created an Ansible role to automate this configuration. I have a previous post about Ansible, check that out for information about Ansible. The role includes other roles to install Docker if needed. When you run the role against a Linux system, Portainer and Nginx Proxy manager will be installed and configured with a cron job to handle updating containers to the latest versions. Check out my previous post for more information about Portainer.
To use this ansible role, create a requirements.yml
file to pull the role from my public Github repo:
|
|
Create an ansible playbook to reference my role for execution playbook.yml
:
|
|
You can create an inventory file to limit the scope of execution proxyhosts.ini
:
|
|
|
|
Setting up proxy addresses and SSL certificates
Now that the proxy manager is running, this system can be used to intercept and redirect HTTP traffic. Since my homelab uses a consumer Internet Service Provider, I only have one public IP address for my networks. I can forward traffic inbound to my public IP address to this Raspberry Pi onto the appropriate system on my networks. Nginx Proxy Manager can also request free TLS certificates from Let’s Encrypt to encrypt incoming and outbound HTTP traffic.