Skip to main content

Toolbar items

Back to site
Manage

Administration menu

Anonymous

User account actions

  • Log in
  • Create new account
  • Reset your password

User account menu

  • Log in
Home
Hadronrider
How to set up a bare metal home server, run CI/CD using Gitlab, Jenkins and pipelines, make e-toys, automate your home and much more

Main navigation

  • Home
    • HadronRider WWW App
    • Webmail
    • Gitlab
    • Jenkins
    • Mercurial
    • Redmine
    • YouTube channel

NGINX reverse proxy

Breadcrumb

  • Home

Table of Contents

  1. Setup
  2. Domain and HTTPS
    1. Your domain
    2. Configuration and SSL certificates
    3. Main site
By valerio | 11:01 AM BST, Sun September 29, 2024
Back to top

Setup

NGINX allows you to quickly and effectively implement a reverse proxy, basically a single HTTPS entrypoint for all the HTTP services in your LAN.

E.g. the gitlab docker image serving plain HTTP content over the local network http://192.168.0.200:8000/ will be accessible through "https://your.domain/gitlab/" from the internet.

Installation is as simple as:

sudo apt install nginx

Since this is a reverse proxy for the whole site, I put every record in the "default" file: /etc/nginx/sites-available/default

You might have to "enable" it by creating a symlink in the "sites-available" like so: sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/
 

Back to top

Domain and HTTPS

Your domain

The choice depends on your needs.

If you're not interested in mail services, you can get a free subdomain, e.g. from afraid.org. You can easily create one from the many available and find instructions on how to keep the IP up to date through a RESTful API call.

Otherwise, I'd recommend purchasing a domain from cloudflare. They're cheap and fully customizable with MX, TXT and all the records a mailserver needs.

Configuration and SSL certificates

If you want a public website, a secure HTTP is a must. For that, you obviously need a private key and a public certificate.

One option is to generate the pair yourself (so-called self-signed certificate), but browsers will complain that no independent third-party can validate it as it's typical of dodgy websites that want to operate anonymously.

Letsecrypt is a free service that provides verified/validated certificates for your domain. This will suppress browser warnings and show "green/valid certificate" icons next to the web address.

You need to make sure ports 80 and 443 are forwarded in your internet router before you begin.

First, install certbot:

sudo apt install certbot

Then make sure you have an entry point for your domain in /etc/nginx/sites-available/default like so:

server
{
    server_name YOUR.DOMAIN;
}

last, issue the following (and follow the guided procedure):

sudo certbot run -d your.domain --nginx

More at https://certbot.eff.org/instructions?ws=nginx&os=snap

The file should then look more or less like this:

server
{
    server_name YOUR.DOMAIN;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/<YOUR DOMAIN>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<YOUR DOMAIN>/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server
{
    if ($host = YOUR.DOMAIN) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name YOUR.DOMAIN;
    listen 80;
    return 404; # managed by Certbot
}

 

Main site

I recommend Drupal as the main website content manager, you can find setup and configuration instructions in the link.

If you want to just test NGINX with static pages you can insert this in your main "server" block, the one listening on port 443:

location /
{
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ =404;

    root /var/www/html;
}

 

Back to top
  • Log in or register to post comments

Comments

Powered by Drupal

Copyright © 2024 Company Name - All rights reserved

Developed & Designed by Valerio Canova