Multiple Sub-Domains on a single server. Docker + NGINX @ EC2

I have multiple NGNIX-uWSGI based Django Applications deployed using Docker and hosted in EC2 (currently at different ports like 81, 82, …). Now I wish to add in sub-domains to this such that sub1.domain.com and sub2.domain.com will both work from the same EC2 instance.

I am fine with multiple ports, BUT they dont work via DNS settings. sub1.domain.com -> 1.2.3.4:81 sub2.domain.com -> 1.2.3.4:82

What I cannot do

  1. Multiple IPs ref: allocation of a new ip for each deployed sub-domain is not possible.
  2. NGINX Proxy ref: This looks like the ideal solution BUT this is not maintained by an org like Docker or NGINX, so I am un-sure of the security and reliability.

What I am considering:

  1. I am considering to write my own NGINX reverse proxy, similar to Apache Multiple Sub Domains With One IP Address BUT then the flow is will via multiple proxies since already there is an NGINX-uWSGI proxy via the Tech Stack

Imagination is the only limit here :wink:

you are already on AWS. Why not just embrace the cloud and its services?!
You can use an ELB, which is capable to route the traffic to one or more specific target group per subdomain.
A target group defines which EC2 instances and ports are bundled. The target group can be used as a target in the loadbalancer rules. The Route53 DNS entries can be set to resolve the loadbalancer (severall subdomains can point to the same loadbalancer if you want).

If you still want to do it youself, you could run your Docker nodes in Swarm mode, deploy a global nginx loadbalancer servce - one instance on each node, bound to the same ingress port (which depending whether you put an application or network loadbalancer in front can be free of choice or without an ELB restricted to port 80 and/or 443) or even run standalone nodes. This is up to you.

Create you nginx configuration to handle the subdomains. If you put nginx and the target containers in a dedicated docker network, you can leverage the easiness of the container to container communication of a bridged/overlay network and can even get rid of the published ports.

Which problem do you see with the rerverse proxy cascade?