mirror of
https://github.com/netbirdio/netbird.git
synced 2025-03-02 17:01:20 +01:00
896599aa57
Apply peer validator cache mechanism --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> Co-authored-by: Yury Gargay <yury.gargay@gmail.com> Co-authored-by: Viktor Liu <viktor@netbird.io> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com> Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: Misha Bragin <bangvalo@gmail.com>
78 lines
2.1 KiB
Plaintext
78 lines
2.1 KiB
Plaintext
# This template enables proxying netbird behind Nginx.
|
|
#
|
|
# To modify this template for your own use,
|
|
# change the ports for the services, set your
|
|
# server_name (e.g. vpn.example.com) and insert
|
|
# your own ssl certificates
|
|
|
|
upstream dashboard {
|
|
# insert the http port of your dashboard container here
|
|
server 127.0.0.1:8011;
|
|
|
|
# Improve performance by keeping some connections alive.
|
|
keepalive 10;
|
|
}
|
|
upstream signal {
|
|
# insert the grpc port of your signal container here
|
|
server 127.0.0.1:10000;
|
|
}
|
|
upstream management {
|
|
# insert the grpc+http port of your signal container here
|
|
server 127.0.0.1:8012;
|
|
}
|
|
|
|
server {
|
|
# HTTP server config
|
|
listen 80;
|
|
server_name _;
|
|
|
|
# 301 redirect to HTTPS
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
server {
|
|
# HTTPS server config
|
|
listen 443 ssl http2;
|
|
server_name _;
|
|
|
|
# This is necessary so that grpc connections do not get closed early
|
|
# see https://stackoverflow.com/a/67805465
|
|
client_header_timeout 1d;
|
|
client_body_timeout 1d;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
# Proxy dashboard
|
|
location / {
|
|
proxy_pass http://dashboard;
|
|
}
|
|
# Proxy Signal
|
|
location /signalexchange.SignalExchange/ {
|
|
grpc_pass grpc://signal;
|
|
#grpc_ssl_verify off;
|
|
grpc_read_timeout 1d;
|
|
grpc_send_timeout 1d;
|
|
grpc_socket_keepalive on;
|
|
}
|
|
# Proxy Management http endpoint
|
|
location /api {
|
|
proxy_pass http://management;
|
|
}
|
|
# Proxy Management grpc endpoint
|
|
location /management.ManagementService/ {
|
|
grpc_pass grpc://management;
|
|
#grpc_ssl_verify off;
|
|
grpc_read_timeout 1d;
|
|
grpc_send_timeout 1d;
|
|
grpc_socket_keepalive on;
|
|
}
|
|
|
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
|
ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
|
} |