Nginx container
Our reverse proxy runs on storage1 in a docker container. It is useful because:
- We have a single domain that is used to access multiple websites/nodes by memorable URLs instead of IPs.
- It provides a TLS security layer, so any
httptraffic becomes securehttps.
Updating the configuration
Warning: Configuration may be non-trivial depending on the proxy scenario.
To update the nginx config, re-run a new reverseproxy image: edit the config file /home/jurgen/dc/nginxproxy/nginx.conf and rebuild the dockerfile tagged as reverseproxy. Then docker-compose up -d will restart the proxy with the latest reverseproxy image.
Upstream targets
hpc.radiology.hku.hk/wikimaps to localhost mediawiki:containername/wikifor port 80, 443hpc.radiology.hku.hk/gitmaps to localhost gitlab:containername/gitfor port 22, 80, 443
hpc.radiology.hku.hk/cpu1maps to remote nodecpu1for port 22hpc.radiology.hku.hk/gpu1maps to remote nodegpu1for port 22hpc.radiology.hku.hk/gpu2maps to remote nodegpu2for port 22hpc.radiology.hku.hk/gpu3maps to remote nodegpu3for port 22
Path based proxy resolving vs domain based
Note that symmetric pathing means mediawiki and gitlab may not host on their default container path /; asymmetric proxying creates issues (e.g. link breakage) that are hard to solve. Even better would be to use tier-4 domain-based proxying (e.g. wiki.radiology.hku.hk), but that would require domain delegation from ITS and running our own DNS server.
