Reverse proxy
Reverse proxy¶
Here is an example of a nginx reverse proxy.
Create a new vhost and replace the following values:
<SERVER-IP><FQDN><PATH_TO_CERTIFICATE><PATH_TO_PRIVATE_KEY>
upstream repomanager_docker {
server 127.0.0.1:8080;
}
# Disable some logging
map $request_uri $loggable {
/ajax/controller.php 0;
default 1;
}
server {
listen <SERVER-IP>:80;
server_name <FQDN>;
access_log /var/log/nginx/<FQDN>_access.log combined if=$loggable;
error_log /var/log/nginx/<FQDN>_error.log;
return 301 https://$server_name$request_uri;
}
server {
listen <SERVER-IP>:443 ssl;
server_name <FQDN>;
# Path to SSL certificate/key files
ssl_certificate <PATH_TO_CERTIFICATE>;
ssl_certificate_key <PATH_TO_PRIVATE_KEY>;
# Path to log files
access_log /var/log/nginx/<FQDN>_ssl_access.log combined if=$loggable;
error_log /var/log/nginx/<FQDN>_ssl_error.log;
# Max upload size
client_max_body_size 32M;
# Security headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
proxy_pass http://repomanager_docker;
}
}
Reload nginx to apply.
Open your web browser and connect to http://<FQDN>.