Infra Insert 02: Difference between revisions

This page was last edited on 1 February 2024, at 12:27.
No edit summary
No edit summary
Line 68: Line 68:
proxy_pass http://10.10.12.51;<br>
proxy_pass http://10.10.12.51;<br>
proxy_read_timeout 90;<br>
proxy_read_timeout 90;<br>
}
}<br>
location / {
location / {<br>
rewrite ^ https://$host$request_uri? permanent;<br>
rewrite ^ https://$host$request_uri? permanent;<br>
}
}<br>
}'''
}'''



Revision as of 12:27, 1 February 2024

Nginx for Reverse Proxy

Make sure you have installed Nginx.

$ apt install nginx

Note: packages are saved by default in your user's home directory.

If you went to the IP address of your pi in a web browser on a device that was on the same wi-fi network as the pi you should be able to see the default Nginx site already.

Nginx automatically creates default HTML files on the installation. To find that HTML index page in your file system on the pi, change directory:

$ cd /var/www/html

The default HTML document will be named "index.nginx-debian.html" which you can see if you run the ls command now.

The default configuration file for this simple static site can be found here:

$ cd /etc/nginx/sites-enabled

Reverse Proxy Configuration


Add a nginx config file at "/etc/nginx/sites-available/<SERVERNAME>.conf". To do this use the commands:

$ cd /ect/nginx/

$ nano sites-available/<NETNAME>.conf

Ours looks like this:

$ cd /ect/nginx/

$ nano sites-available/systerserver.conf

Choosing your NGINX reverse proxy setup is very much up to you. You can create a simple one with just http, and a more secure and standard one with https redirect and certificate.

Simple http configuration:

server {
# listen to http on port 80
listen 80;
listen [::]:80;
# listen to url
server_name servpub.net;

# linking the client to the vpn subnet ip address of the pi
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# replace this with the user vpn subnet ip address you set earlier
proxy_pass http://10.10.12.51;
proxy_read_timeout 90;
}

location / {
rewrite ^ https://$host$request_uri? permanent;
}
}

More can be found here: https://git.systerserver.net/queer/networks