mirror of
https://github.com/netbirdio/netbird.git
synced 2024-11-28 19:13:31 +01:00
Added nginx template (#867)
This commit is contained in:
parent
460cb34d80
commit
4fcf176a39
77
infrastructure_files/nginx.tmpl.conf
Normal file
77
infrastructure_files/nginx.tmpl.conf
Normal file
@ -0,0 +1,77 @@
|
||||
# This template enables proxying netbird behind Nginx.
|
||||
#
|
||||
# To modify this template for your own use,
|
||||
# change the ports for the services, set your
|
||||
# server_name (e.g. vpn.example.com) and insert
|
||||
# your own ssl certificates
|
||||
|
||||
upstream dashboard {
|
||||
# insert the http port of your dashboard container here
|
||||
server 127.0.0.1:8011;
|
||||
|
||||
# Improve performance by keeping some connections alive.
|
||||
keepalive 10;
|
||||
}
|
||||
upstream signal {
|
||||
# insert the grpc port of your signal container here
|
||||
server 127.0.0.1:10000;
|
||||
}
|
||||
upstream management {
|
||||
# insert the grpc+http port of your signal container here
|
||||
server 127.0.0.1:8012;
|
||||
}
|
||||
|
||||
server {
|
||||
# HTTP server config
|
||||
listen 80;
|
||||
server_name _;
|
||||
|
||||
# 301 redirect to HTTPS
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
server {
|
||||
# HTTPS server config
|
||||
listen 443 ssl http2;
|
||||
server_name _;
|
||||
|
||||
# This is necessary so that grpc connections do not get closed early
|
||||
# see https://stackoverflow.com/a/67805465
|
||||
client_header_timeout 1d;
|
||||
client_body_timeout 1d;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# Proxy dashboard
|
||||
location / {
|
||||
proxy_pass http://dashboard;
|
||||
}
|
||||
# Proxy Signal
|
||||
location /signalexchange.SignalExchange/ {
|
||||
grpc_pass grpc://signal;
|
||||
#grpc_ssl_verify off;
|
||||
grpc_read_timeout 1d;
|
||||
grpc_send_timeout 1d;
|
||||
grpc_socket_keepalive on;
|
||||
}
|
||||
# Proxy Management http endpoint
|
||||
location /api {
|
||||
proxy_pass http://management;
|
||||
}
|
||||
# Proxy Management grpc endpoint
|
||||
location /management.ManagementService/ {
|
||||
grpc_pass grpc://management;
|
||||
#grpc_ssl_verify off;
|
||||
grpc_read_timeout 1d;
|
||||
grpc_send_timeout 1d;
|
||||
grpc_socket_keepalive on;
|
||||
}
|
||||
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
}
|
Loading…
Reference in New Issue
Block a user