Reverse proxy
nginx¶
Here is an example of an Nginx reverse proxy vhost:
upstream repomanager_docker {
server 127.0.0.1:8080;
}
# Disable some logging
map $request_uri $loggable {
/ajax/controller.php 0;
default 1;
}
server {
listen <SERVER-IP>:80;
server_name <FQDN>;
access_log /var/log/nginx/<FQDN>_access.log combined if=$loggable;
error_log /var/log/nginx/<FQDN>_error.log;
return 301 https://$server_name$request_uri;
}
server {
listen <SERVER-IP>:443 ssl;
server_name <FQDN>;
# Path to SSL certificate/key files
ssl_certificate <PATH_TO_CERTIFICATE>;
ssl_certificate_key <PATH_TO_PRIVATE_KEY>;
# Path to log files
access_log /var/log/nginx/<FQDN>_ssl_access.log combined if=$loggable;
error_log /var/log/nginx/<FQDN>_ssl_error.log;
# Max upload size
client_max_body_size 32M;
# Security headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
proxy_pass http://repomanager_docker;
}
}
Make sure to replace the following values:
| Parameter | Example |
|---|---|
<SERVER-IP> |
1.2.3.4 |
<FQDN> |
repomanager.example.com |
<PATH_TO_CERTIFICATE> |
/etc/ssl/certs/repomanager.crt |
<PATH_TO_PRIVATE_KEY> |
/etc/ssl/private/repomanager.key |
Reload Nginx to apply the configuration:
Open your web browser and connect to https://<FQDN>.