2023-05-29 13:51:25 +02:00
|
|
|
# This template enables proxying netbird behind Nginx.
|
|
|
|
#
|
|
|
|
# To modify this template for your own use,
|
|
|
|
# change the ports for the services, set your
|
|
|
|
# server_name (e.g. vpn.example.com) and insert
|
|
|
|
# your own ssl certificates
|
|
|
|
|
|
|
|
upstream dashboard {
|
|
|
|
# insert the http port of your dashboard container here
|
|
|
|
server 127.0.0.1:8011;
|
|
|
|
|
|
|
|
# Improve performance by keeping some connections alive.
|
|
|
|
keepalive 10;
|
|
|
|
}
|
|
|
|
upstream signal {
|
|
|
|
# insert the grpc port of your signal container here
|
|
|
|
server 127.0.0.1:10000;
|
|
|
|
}
|
|
|
|
upstream management {
|
|
|
|
# insert the grpc+http port of your signal container here
|
|
|
|
server 127.0.0.1:8012;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
# HTTP server config
|
|
|
|
listen 80;
|
|
|
|
server_name _;
|
|
|
|
|
|
|
|
# 301 redirect to HTTPS
|
|
|
|
location / {
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
server {
|
|
|
|
# HTTPS server config
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name _;
|
|
|
|
|
|
|
|
# This is necessary so that grpc connections do not get closed early
|
|
|
|
# see https://stackoverflow.com/a/67805465
|
|
|
|
client_header_timeout 1d;
|
|
|
|
client_body_timeout 1d;
|
|
|
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Scheme $scheme;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_set_header X-Forwarded-Host $host;
|
2024-02-28 20:24:28 +01:00
|
|
|
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
2023-05-29 13:51:25 +02:00
|
|
|
|
|
|
|
# Proxy dashboard
|
|
|
|
location / {
|
|
|
|
proxy_pass http://dashboard;
|
|
|
|
}
|
|
|
|
# Proxy Signal
|
|
|
|
location /signalexchange.SignalExchange/ {
|
|
|
|
grpc_pass grpc://signal;
|
|
|
|
#grpc_ssl_verify off;
|
|
|
|
grpc_read_timeout 1d;
|
|
|
|
grpc_send_timeout 1d;
|
|
|
|
grpc_socket_keepalive on;
|
|
|
|
}
|
|
|
|
# Proxy Management http endpoint
|
|
|
|
location /api {
|
|
|
|
proxy_pass http://management;
|
|
|
|
}
|
|
|
|
# Proxy Management grpc endpoint
|
|
|
|
location /management.ManagementService/ {
|
|
|
|
grpc_pass grpc://management;
|
|
|
|
#grpc_ssl_verify off;
|
|
|
|
grpc_read_timeout 1d;
|
|
|
|
grpc_send_timeout 1d;
|
|
|
|
grpc_socket_keepalive on;
|
|
|
|
}
|
|
|
|
|
|
|
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
|
|
|
ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
|
|
|
}
|