Setting Up Nginx as a Reverse Proxy With Let's Encrypt and Fail2ban Using Docker Compose

Dimas Maulana DevOps

29-05-2023

Contents

In this article, we will explore how to set up a powerful and secure web server environment using Nginx as a reverse proxy with Let’s Encrypt SSL certificates and Fail2ban for enhanced security. We’ll leverage Docker Compose to simplify the deployment process and enable easy management of our services. By the end of this guide, you’ll have a robust setup that includes SSL encryption and protection against malicious actors.

1. Prerequisites

Before starting, ensure that you have a server or virtual machine running a supported operating system. Additionally, make sure your domain name is properly configured and pointing to your server’s IP address.

2. Install Docker

To begin, install Docker on your server. Follow the official Docker documentation for installation instructions specific to your operating system.

3. Configure Docker Compose

Create a new file named docker-compose.yml and define the services required for Nginx, Certbot, and Fail2ban. Configure the necessary volumes and networks in the Docker Compose file.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37


version: '3'

services:
  nginx:
    image: nginx
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - /etc/letsencrypt:/etc/letsencrypt
    networks:
      - nginx-network

  certbot:
    image: certbot/certbot
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt
      - /var/lib/letsencrypt:/var/lib/letsencrypt
    command: certonly --webroot --webroot-path=/var/www/certbot --agree-tos --email [email protected] -d your-domain1.com -d your-domain2.com
    depends_on:
      - nginx
    networks:
      - nginx-network

  fail2ban:
    image: fail2ban/fail2ban
    restart: always
    volumes:
      - ./fail2ban:/etc/fail2ban
      - /var/log/nginx:/var/log/nginx
    networks:
      - nginx-network

networks:
  nginx-network:

4. Obtain SSL Certificates with Let’s Encrypt

Utilize the Certbot Docker image to obtain SSL certificates from Let’s Encrypt. Configure the Certbot service in the Docker Compose file to obtain the certificates for your domains. Certbot will use the standalone mode for certificate retrieval.

5. Set Up Nginx as a Reverse Proxy

Create an Nginx configuration file named nginx.conf to define the reverse proxy settings. Customize the configuration to match your domains and backend services. This file will be mounted in the Nginx container to apply the reverse proxy rules.

6. Enhance Security with Fail2ban

Integrate Fail2ban into the Docker Compose setup to add an extra layer of security. Create a Fail2ban configuration file named jail.local inside a dedicated directory. Configure Fail2ban to monitor the Nginx access logs and block malicious IP addresses.

7. Testing and Verification

After running the Docker Compose command, the Nginx, Certbot, and Fail2ban containers will be up and running. Test the setup by accessing your domains over HTTPS and check the Fail2ban logs for any banned IP addresses.