...
Code Block |
---|
server {
server_name kibana kibana.jmehan.com;
location / {
proxy_pass http://192.168.1.60:5601/;
auth_basic "Administrator's Area";
auth_basic_user_file /etc/nginx/conf.d/htpasswd;
}
} |
Supporting Sites that use websockets
Code Block |
---|
server {
server_name homebridge homebridge.jmehan.com;
location / {
proxy_pass http://192.168.1.60:8089/;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
} |
Redirecting all traffic to SSL
Code Block |
---|
server {
server_name www.server.com server.com;
listen 443 ssl;
location / {
proxy_pass http://192.168.1.60:12345/;
}
ssl_certificate /etc/letsencrypt/live/www.server.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.server.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name www.server.com server.com;
listen 80;
return 301 https://www.diabetease.com$request_uri;
} |
Forwarding Real IP Address
Add X-Real-IP and X-Forwarded-For headers using the proxy_set_header instruction by adding it to the /etc/nginx/conf.d/proxy.conf file.
Code Block |
---|
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 500m;
client_header_buffer_size 500m;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 16k;
proxy_buffers 32 16k;
proxy_busy_buffers_size 64k; |
Restricting Access to IP Range
In the following example, we restrict access to a login page in confluence to internal ip addresses between: 192.168.1.100-255
See https://www.ipaddressguide.com/cidr for creating ip range.
Code Block |
---|
# restrict access to login to 192.168.1.100-255
location /login.action {
allow 192.168.1.100/30;
allow 192.168.1.104/29;
allow 192.168.1.112/28;
allow 192.168.1.128/25;
deny all;
proxy_pass http://192.168.1.50:8090/login.action;
} |
Customized Dockerfile
The following Dockerfile adds certbot and apache2-utils to our nginx-reverse-proxy image.
Code Block |
---|
language | yml |
---|
title | Dockerfile |
---|
|
FROM lerenn/nginx-reverse-proxy
RUN apt-get update
RUN apt-get install -y wget
RUN apt-get install -y apache2-utils
RUN wget https://dl.eff.org/certbot-auto
RUN chmod +x certbot-auto
RUN ./certbot-auto -n --install-only |
References