Zoraxy in Docker with Portainer and Nginx as examples
In this small guide I want to show you how to get started with Zoraxy in a docker container and connect it with other services like Portainer or Nginx.
I assume you already have docker installed on your system and added your user to the docker group with sudo usermod -aG docker $USER
(see Docker.com for instruction)
We will put all the services we need in a separate network called zoraxynet
Login as a normal user and run:
docker network create --subnet 172.25.0.0/16 zoraxynet
It returns a a longer UUID, somthing like e5ecd5bf4e4cce99a252d3d6d3d0bb12e1b65b8daf1e47d9cb7e6a75ab3ae357
This has created our network and we can use it later in Portainer to attach more containers.
Next we will start Zoraxy in a container. Create a folder and change into it
mkdir zoraxy && cd zoraxy
Now we create a config-folder and a docker-compose.yml
mkdir config && nano docker-compose.yml
Put in these lines:
services:
zoraxy:
image: zoraxydocker/zoraxy:latest
container_name: zoraxy
restart: unless-stopped
ports:
- 80:80
- 443:443
- 8005:8000/tcp
volumes:
- ./config:/opt/zoraxy/config/
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
environment:
PORT: "8000"
FASTGEOIP: "true"
networks:
zoraxynet:
networks:
zoraxynet:
external: true
The networks: tells docker to put Zoraxy in our zoraxynet-network and give it an IP address
external: true tells docker, to use our already existing network and not to create one with the same name, which would fail.
Run docker compose up -d to start the container.
Test in your browser:
IP-of-your-server:8005
In my case: 192.168.0.60:8005
Choose a username and a strong password, after you clicked confirm, you can login.
Change the inbound port to 443, click apply and enable the three buttons below to redirect all HTTP to HTTPS requests.
Zoraxy now listens on port 80 and 443 on your system and can redirect all traffic to HTTPS.
Click on "TLS / SSL Certificates" and scroll down to "Certificate Authority (CA) and Auto Renew (ACME)"
Choose your prefered CA (Let´s Encrypt in this example), fill in your email-address and click on "Save settings"
Click on "Open ACME Tool" and press the switch on the top (Enable Certificate Auto Renew)
Autonrenew is now active!
We are done here for the moment, next we will setup Portainer. Switch back to the command line.
Create a new folder named portainer in your favorite directory and change into it:
mkdir portainer && cd portainer
Create a data folder for the configuration:
mkdir data
Create a docker-compose.yml for portainer:
nano docker-compose
Fill in these lines:
services:
portainer-ce:
networks:
zoraxynet:
ports:
- 9000:9000
container_name: portainer
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/data
image: portainer/portainer-ce:latest
networks:
zoraxynet:
external: true
Start it with docker compose up -d
Test in your browser:
IP-of-your-server:9000
In my case: 192.168.0.60:9000
You can now use portainer as usual.
Login into Zoraxy and go to "Create proxy rule"
"Matching Keyword / Domain" is your (sub)domain, "Target IP Address or Domain Name with port" is the containername:port (portainer:9000)
Port 9000 is the HTTP port of portainer, but why HTTP and not HTTPS? Portainer runs locally and is reached by Zoraxy via HTTP (internal traffic). Zoraxy handles all certificates for us and manages secure connections (external traffic)
It works like this:
Portainer via HTTP -> Zoraxy then adds SSL -> Internet
No extra certificates, no extra configuration. Always use the plain HTTP port as proxy host in Zoraxy. Zoraxy takes care of the rest.
Click on "Create Endpoint" and in the rightdown-corner Zoraxy asks if you want to create a certificate. Press okay and now you have a valid cert.
Check if Portainer runs with HTTPS:
Navigate to your site in your browser:
We have successfully reached Portainer via HTTPS.
Lastly I show you, how to connect a service in Portainer and add it to Zoraxynetwork and make it available via HTTPS. I use NGINX in this example, but it will work with any other service.
Login into Portainer and go to your containers, now click on the name of your container (nginx in my case)
Scroll down to "Connected networks" and click on "Select a network". Choose "zoraxynet" and click on join network.
That´s it for the part of Portainer!
Back to Zoraxy, again go to "Create Proxy Rules"
Fill in your domain and the target IP is "nginx:80" (Containername:Port-inside-container)
"Create Endpoint" and click on okay in the right corner for a certificate.
Let´s see if it works:
Yes, Nginx over HTTPS. Easy attached via Portainer to our network and served via Zoraxy.