-
-
Notifications
You must be signed in to change notification settings - Fork 41
Nginx reverse proxy
NGINX is a highly configurable, lightweight, yet easily deployed webserver allowing features such as a reverse proxying using secure sockets layer with authentication and much more.
Installing NGINX using your Operating Systems package manager of choice is pretty straight forward. For Debian Linux it is a simple
sudo apt-get install nginx
sudo service nginx start
Use your own domain or register dynamic DNS service like https://www.noip.com/.
Please make sure that your domain name was entered correctly and the DNS A/AAAA record for that domain contain the right IP address.
Change all dzga.noip.com below to match your address
Assign port 443 and port 80 to nginx server in your router.
Once NGINX is installed you will need to modify the configuration file. For Debian Linux the config is located at /etc/nginx/sites-enabled/default
server {
listen 80;
listen [::]:80;
server_name dzga.noip.com;
#change to match your address
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name dzga.noip.com;
#change to match your address
ssl_certificate /etc/letsencrypt/live/dzga.noip.com/fullchain.pem;
#change to match your address
ssl_certificate_key /etc/letsencrypt/live/dzga.noip.com/privkey.pem;
#change to match your address
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost:3030; #Local ipno to dzga
proxy_read_timeout 90;
}
}
Restart server
sudo service nginx restart
Your OS may or may not ship with openssl preinstalled. In the case it doesn't, simply install openssl using your package manager of choice. eg: sudo apt-get install openssl.
Below you can choose between creating a self signed certificate useful if you do not have a fqdn (fully qualified domain name), or if you by chance do have a fqdn you can use certbot to obtain a Let's Encrypt CA signed certificate.
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crtInstall certbot, a client to obtain signed ssl certificates for your domain.
sudo apt-get install certbotRun the following command:
sudo certbot certonly --standalone -d dzga.noip.com -d dzga.noip.com
#change to match your addressNow you should reach your dzga at https://dzga.noip.com/settings
If you want same certificate for domoticz or urls like:
https://dzga.noip.com/domoticz/ --> Domoticz UI
https://dzga.noip.com/assistant/settings --Dzga UIFor action on google will be:
https://dzga.noip.com/assistant/smarthome
https://dzga.noip.com/assistant/oauth
https://dzga.noip.com/assistant/token
In /etc/nginx/site-enable/default change location / {} to:
location /domoticz {
rewrite ^/domoticz/?(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost:8080; #local ipno to domoticz
proxy_read_timeout 90;
}
location /assistant {
rewrite ^/assistant/?(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass https://localhost:3030; #local ipno to dzga
proxy_read_timeout 90;
}