-
-
Notifications
You must be signed in to change notification settings - Fork 41
Nginx reverse proxy
NGINX is a highly configurable, lightweight, yet easily deployed webserver allowing features such as a reverse proxying using secure sockets layer with authentication and much more.
Installing NGINX using your Operating Systems package manager of choice is pretty straight forward. For Debian Linux it is a simple
sudo apt-get install nginx
sudo service nginx start
Use your own domain or register dynamic DNS service like https://www.noip.com/.
Please make sure that your domain name was entered correctly and the DNS A/AAAA record for that domain contain the right IP address.
Change all dzga.noip.com below to match your address
Assign port 443 and port 80 to nginx server in your router.
Once NGINX is installed you will need to modify the configuration file. For Debian Linux the config is located at /etc/nginx/sites-enabled/default
server {
listen 80;
listen [::]:80;
server_name dzga.noip.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name dzga.noip.com;
ssl_certificate /etc/letsencrypt/live/dzga.noip.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dzga.noip.com/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost:3030; #Local ipno to dzga
proxy_read_timeout 90;
}
}
Restart server
sudo service nginx restart
Your OS may or may not ship with openssl preinstalled. In the case it doesn't, simply install openssl using your package manager of choice. eg: sudo apt-get install openssl.
Below you can choose between creating a self signed certificate useful if you do not have a fqdn (fully qualified domain name), or if you by chance do have a fqdn you can use certbot to obtain a Let's Encrypt CA signed certificate.
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Install certbot, a client to obtain signed ssl certificates for your domain.
sudo apt-get install certbot
Run the following command:
sudo certbot certonly --standalone -d dzga.noip.com -d dzga.noip.com
Now you should reach your dzga at https://dzga.noip.com/settings
If you want same certificate for domoticz or urls like:
https://dzga.noip.com/domoticz/ --> Domoticz UI
https://dzga.noip.com/assistant/settings --Dzga UIFor action on google will be:
https://dzga.noip.com/assistant/smarthome
https://dzga.noip.com/assistant/oauth
https://dzga.noip.com/assistant/token
In /etc/nginx/site-enable/default change location / {} to:
location /domoticz {
rewrite ^/domoticz/?(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost:8080; #local ipno to domoticz
proxy_read_timeout 90;
}
location /assistant {
rewrite ^/assistant/?(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass https://localhost:3030; #local ipno to dzga
proxy_read_timeout 90;
}