The Inbound Proxy server hosts containers that enable a secure web application gateway for users to access services within the corporate environment
This documents how to install & configure the OS, as well as how to execute the initial containers
This documents how to patch the server including:
- OS Patches
- Ansible Updates
- Container Updates
The ansible roles included in this project are used to secure the host operating system:
- aide
- rhel8-stig
- usbguard
The container implementation is based on NGINX Review Proxy with Lets Encrypt
It facilitates a NGINX reverse proxy with TLS certificates provided & renewed from Let's Encrypt with certbot
In order to request the initial Let's Encrypt TLS certificates you must be the owner of a domain and there must be a DNS record created for each subdomain you want a certificate for
It is also required that ports 80 & 443 are being forwarded from your external router to the IP address of the host that the containers will be running on and that the hosts firewall allows the http and https service port inbound
NOTE: The directions as written assumes the container workloads will be run as root. It is recommended that addition effort be put in to run these workloads as a standard user.
- certbot-img/Dockerfile
- Maintainer
- containers/initialize_certbot.sh
- Domain
- Email Address who owns the domain
- data/nginx/conf.d/gitlab.conf
- Domain
- IP Address & Port of Gitlab Server
- data/nginx/conf.d/.conf
- Create a new .conf for each additional service you want to proxy through the secure web application gateway