|
|
(12 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
| <!------------------------> | | <!------------------------> |
| <!-- do not remove this --> | | <!-- do not remove this --> |
| <div id="infra##" class="infra-insert"> | | <div id="Infra Insert 02" class="infra-insert"> |
| <!------------------------> | | <!------------------------> |
|
| |
|
| '''Nginx for Reverse Proxy'''
| | proxy_add_x_forwarded_for; </br> |
| | | proxy_set_header X-Forwarded-Proto $scheme; |
| Make sure you have installed Nginx.
| |
| | |
| '''$ apt install nginx
| |
| '''
| |
| | |
| Note: packages are saved by default in your user's home directory.
| |
| | |
| If you went to the IP address of your pi in a web browser on a device that was on the same wi-fi network as the pi you should be able to see the default Nginx site already.
| |
| | |
| Nginx automatically creates default HTML files on the installation. To find that HTML index page in your file system on the pi, change directory:
| |
| | |
| '''$ cd /var/www/html
| |
| '''
| |
| | |
| The default HTML document will be named ''"index.nginx-debian.html"'' which you can see if you run the ls command now.
| |
| | |
| The default configuration file for this simple static site can be found here:
| |
| | |
| '''$ cd /etc/nginx/sites-enabled
| |
| '''
| |
| | |
| '''Reverse Proxy Configuration'''
| |
| | |
| | |
| Add a nginx config file at "/etc/nginx/sites-available/<SERVERNAME>.conf". To do this use the commands:
| |
| | |
| '''$ cd /ect/nginx/
| |
| '''
| |
| | |
| '''$ nano sites-available/<NETNAME>.conf
| |
| '''
| |
| | |
| Ours looks like this:
| |
| | |
| '''$ cd /ect/nginx/
| |
| '''
| |
| | |
| '''$ nano sites-available/systerserver.conf
| |
| '''
| |
| | |
| Choosing your NGINX reverse proxy setup is very much up to you. You can create a simple one with just ''http'', and a more secure and standard one with ''https'' redirect and certificate.
| |
| | |
| Simple http configuration:
| |
| | |
| '''server { <br>
| |
| # listen to http on port 80 <br>
| |
| listen 80; <br>
| |
| listen [::]:80; <br>
| |
| # listen to url <br>
| |
| server_name servpub.net; <br>
| |
| | |
| # linking the client to the vpn subnet ip address of the pi <br>
| |
| location / {<br>
| |
| proxy_set_header Host $host;<br>
| |
| proxy_set_header X-Real-IP $remote_addr;<br>
| |
| proxy_set_header X-Forwarded-For<br>
| |
| $proxy_add_x_forwarded_for;<br>
| |
| proxy_set_header X-Forwarded-Proto $scheme;<br>
| |
| | |
| # replace this with the user vpn subnet ip address you set earlier <br>
| |
| proxy_pass http://10.10.12.51;<br>
| |
| proxy_read_timeout 90;<br>
| |
| }<br>
| |
|
| |
| location / {<br>
| |
| rewrite ^ https://$host$request_uri? permanent;<br>
| |
| }<br>
| |
| }'''
| |
| | |
| More can be found here: https://git.systerserver.net/queer/networks
| |
|
| |
|
| <!------------------------> | | <!------------------------> |