netbird/infrastructure_files/nginx.tmpl.conf

78 lines
2.1 KiB
Plaintext
Raw Normal View History

2023-05-29 13:51:25 +02:00
# This template enables proxying netbird behind Nginx.
#
# To modify this template for your own use,
# change the ports for the services, set your
# server_name (e.g. vpn.example.com) and insert
# your own ssl certificates
upstream dashboard {
# insert the http port of your dashboard container here
server 127.0.0.1:8011;
# Improve performance by keeping some connections alive.
keepalive 10;
}
upstream signal {
# insert the grpc port of your signal container here
server 127.0.0.1:10000;
}
upstream management {
# insert the grpc+http port of your signal container here
server 127.0.0.1:8012;
}
server {
# HTTP server config
listen 80;
server_name _;
# 301 redirect to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
# HTTPS server config
listen 443 ssl http2;
server_name _;
# This is necessary so that grpc connections do not get closed early
# see https://stackoverflow.com/a/67805465
client_header_timeout 1d;
client_body_timeout 1d;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2023-05-29 13:51:25 +02:00
# Proxy dashboard
location / {
proxy_pass http://dashboard;
}
# Proxy Signal
location /signalexchange.SignalExchange/ {
grpc_pass grpc://signal;
#grpc_ssl_verify off;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
# Proxy Management http endpoint
location /api {
proxy_pass http://management;
}
# Proxy Management grpc endpoint
location /management.ManagementService/ {
grpc_pass grpc://management;
#grpc_ssl_verify off;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem;
}