extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-08-18 19:58:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
gh-pages
zrok/docs/0.4/guides/self-hosting/linux/nginx/index.html
michaelquigley 82611a152d deploy: cb7a594bb4
2025-08-14 20:47:03 +00:00

57 lines
34 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-0.4 docs-doc-page docs-doc-id-guides/self-hosting/linux/nginx" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v3.8.1">
<title data-rh="true">NGINX Reverse Proxy for zrok | zrok</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.zrok.io/docs/0.4/guides/self-hosting/linux/nginx/"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="0.4"><meta data-rh="true" name="docusaurus_tag" content="docs-default-0.4"><meta data-rh="true" name="docsearch:version" content="0.4"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-0.4"><meta data-rh="true" property="og:title" content="NGINX Reverse Proxy for zrok | zrok"><meta data-rh="true" name="description" content="Walkthrough Video"><meta data-rh="true" property="og:description" content="Walkthrough Video"><link data-rh="true" rel="icon" href="/img/zrok-favicon.png"><link data-rh="true" rel="canonical" href="https://docs.zrok.io/docs/0.4/guides/self-hosting/linux/nginx/"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/0.4/guides/self-hosting/linux/nginx/" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/0.4/guides/self-hosting/linux/nginx/" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://CO73R59OLO-dsn.algolia.net" crossorigin="anonymous"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Guides","item":"https://docs.zrok.io/docs/0.4/category/guides"},{"@type":"ListItem","position":2,"name":"Self Hosting","item":"https://docs.zrok.io/docs/0.4/category/self-hosting"},{"@type":"ListItem","position":3,"name":"Linux","item":"https://docs.zrok.io/docs/0.4/guides/self-hosting/linux/"},{"@type":"ListItem","position":4,"name":"NGINX TLS","item":"https://docs.zrok.io/docs/0.4/guides/self-hosting/linux/nginx"}]}</script><link rel="preconnect" href="https://www.googletagmanager.com">
<script>window.dataLayer=window.dataLayer||[]</script>
<script>!function(e,t,a,n){e[n]=e[n]||[],e[n].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});var g=t.getElementsByTagName(a)[0],m=t.createElement(a);m.async=!0,m.src="https://www.googletagmanager.com/gtm.js?id=GTM-MDFLZPK8",g.parentNode.insertBefore(m,g)}(window,document,"script","dataLayer")</script>
<link rel="search" type="application/opensearchdescription+xml" title="zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.f094a017.css">
<script src="/assets/js/runtime~main.5186f849.js" defer="defer"></script>
<script src="/assets/js/main.e070a266.js" defer="defer"></script>
</head>
<body class="navigation-with-keyboard">
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MDFLZPK8" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs>
<symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
</defs></svg>
<script>!function(){var t="dark";var e=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return window.localStorage.getItem("theme")}catch(t){}}();document.documentElement.setAttribute("data-theme",e||t),document.documentElement.setAttribute("data-theme-choice",e||t)}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a href="https://zrok.io" target="_self" rel="noopener noreferrer" class="navbar__brand"><div class="navbar__logo"><img src="/img/zrok-1.0.0-rocket-green.svg" alt="zrok Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/img/zrok-1.0.0-rocket-green.svg" alt="zrok Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div><b class="navbar__title text--truncate">zrok</b></a><div class="navbar__item dropdown dropdown--hoverable"><a aria-current="page" class="navbar__link active" aria-haspopup="true" aria-expanded="false" role="button" href="/docs/0.4/guides/self-hosting/linux/nginx/">0.4</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/docs/guides/self-hosting/linux/nginx/">1.1</a></li><li><a class="dropdown__link" href="/docs/1.0/guides/self-hosting/linux/nginx/">1.0</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/docs/0.4/guides/self-hosting/linux/nginx/">0.4</a></li></ul></div></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><a href="https://zrok.io/pricing/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">pricing<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><a href="https://myzrok.io/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">account<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><a href="https://github.com/orgs/openziti/projects/16" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">roadmap<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><a href="https://github.com/openziti/zrok" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link" title="GitHub"></a><a href="https://openziti.discourse.group/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-discourse-link" title="Discourse"></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="system mode" aria-label="Switch between dark and light mode (currently system mode)"><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP systemToggleIcon_QzmC"><path fill="currentColor" d="m12 21c4.971 0 9-4.029 9-9s-4.029-9-9-9-9 4.029-9 9 4.029 9 9 9zm4.95-13.95c1.313 1.313 2.05 3.093 2.05 4.95s-0.738 3.637-2.05 4.95c-1.313 1.313-3.093 2.05-4.95 2.05v-14c1.857 0 3.637 0.737 4.95 2.05z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search (Command+K)"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/0.4/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/docs/0.4/concepts/">Concepts</a><button aria-label="Expand sidebar category &#x27;Concepts&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" href="/docs/0.4/category/guides/">Guides</a><button aria-label="Collapse sidebar category &#x27;Guides&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/0.4/guides/install/">Install</a><button aria-label="Expand sidebar category &#x27;Install&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/frontdoor/">frontdoor</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/permission-modes/">Permission Modes</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/0.4/guides/docker-share/">Docker Share</a><button aria-label="Expand sidebar category &#x27;Docker Share&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/linux-user-share/">Linux User Share</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" tabindex="0" href="/docs/0.4/category/self-hosting/">Self Hosting</a><button aria-label="Collapse sidebar category &#x27;Self Hosting&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" tabindex="0" href="/docs/0.4/guides/self-hosting/linux/">Linux</a><button aria-label="Collapse sidebar category &#x27;Linux&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/0.4/guides/self-hosting/linux/nginx/">NGINX TLS</a></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/self-hosting/interstitial-page/">Interstitial Pages</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/self-hosting/organizations/">Organizations</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/self-hosting/personalized-frontend/">Personalized Frontend</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/self-hosting/docker/">Docker</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/self-hosting/kubernetes/">Kubernetes</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/0.4/category/metrics-and-limits/">Metrics and Limits</a><button aria-label="Expand sidebar category &#x27;Metrics and Limits&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/0.4/category/oauth/">OAuth</a><button aria-label="Expand sidebar category &#x27;OAuth&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/self-hosting/instance-configuration/">Instance Config</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/self-hosting/self-service-invite/">Invitations</a></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/drives/">Drives</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/vpn/">VPN</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/docs/0.4/category/myzrok/">myzrok</a><button aria-label="Expand sidebar category &#x27;myzrok&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="theme-doc-version-banner alert alert--warning margin-bottom--md" role="alert"><div>This is documentation for <!-- -->zrok<!-- --> <b>0.4</b>, which is no longer actively maintained.</div><div class="margin-top--md">For up-to-date documentation, see the <b><a href="/docs/guides/self-hosting/linux/nginx/">latest version</a></b> (<!-- -->1.1<!-- -->).</div></div><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/docs/0.4/category/guides/"><span>Guides</span></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/docs/0.4/category/self-hosting/"><span>Self Hosting</span></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/docs/0.4/guides/self-hosting/linux/"><span>Linux</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">NGINX TLS</span></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: 0.4</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>NGINX Reverse Proxy for zrok</h1></header>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="walkthrough-video">Walkthrough Video<a href="#walkthrough-video" class="hash-link" aria-label="Direct link to Walkthrough Video" title="Direct link to Walkthrough Video"></a></h2>
<iframe width="100%" height="315" src="https://www.youtube.com/embed/870A5dke_u4?start=1080" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"></iframe>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="before-you-begin">Before You Begin<a href="#before-you-begin" class="hash-link" aria-label="Direct link to Before You Begin" title="Direct link to Before You Begin"></a></h2>
<p>I&#x27;ll assume you have a running <code>zrok</code> controller and frontend and wish to front both with NGINX providing server TLS. Go back to <a href="/docs/0.4/guides/self-hosting/linux/">Self-Hosting Guide</a> if you still need to spin those up.</p>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="choose-a-reverse-proxy-address">Choose a Reverse Proxy Address<a href="#choose-a-reverse-proxy-address" class="hash-link" aria-label="Direct link to Choose a Reverse Proxy Address" title="Direct link to Choose a Reverse Proxy Address"></a></h2>
<p>I&#x27;ll use <code>https://api.zrok.quigley.com:443</code> in this example, and assume you already set up wildcard DNS like <code>*.zrok.quigley.com</code>. This lets us elect <code>api.zrok.quigley.com</code> as the controller DNS name, and forward any other incoming requests to the zrok public frontend.</p>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="obtain-a-wildcard-server-certificate">Obtain a Wildcard Server Certificate<a href="#obtain-a-wildcard-server-certificate" class="hash-link" aria-label="Direct link to Obtain a Wildcard Server Certificate" title="Direct link to Obtain a Wildcard Server Certificate"></a></h2>
<p>You must complete a DNS challenge to obtain a wildcard certificate from Let&#x27;s Encrypt. I&#x27;ll assume you know how to create the necessary TXT record in the DNS zone you&#x27;re using with zrok.</p>
<ol>
<li>
<p>Install certbot: <a href="https://eff-certbot.readthedocs.io/en/stable/install.html" target="_blank" rel="noopener noreferrer">https://eff-certbot.readthedocs.io/en/stable/install.html</a></p>
</li>
<li>
<p>Run certbot with the manual plugin: <a href="https://certbot.eff.org/docs/using.html#manual" target="_blank" rel="noopener noreferrer">https://certbot.eff.org/docs/using.html#manual</a></p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain"># install cert for *.zrok.quigley.com in /etc/letsencrypt</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">sudo certbot certonly --manual</span><br></span></code></pre></div></div>
</li>
</ol>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="install-nginx"><a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/" target="_blank" rel="noopener noreferrer">Install NGINX</a><a href="#install-nginx" class="hash-link" aria-label="Direct link to install-nginx" title="Direct link to install-nginx"></a></h2>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="configure-nginx">Configure NGINX<a href="#configure-nginx" class="hash-link" aria-label="Direct link to Configure NGINX" title="Direct link to Configure NGINX"></a></h2>
<div class="language-text codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">server {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> listen 443 ssl;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> server_name api.zrok.quigley.com;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_certificate /etc/letsencrypt/live/zrok.quigley.com/fullchain.pem;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_certificate_key /etc/letsencrypt/live/zrok.quigley.com/privkey.pem;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_ciphers HIGH:!aNULL:!MD5;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> location / {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_pass http://127.0.0.1:18080;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> error_log /var/log/nginx/zrok-controller.log;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> }</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">}</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">map $http_upgrade $connection_upgrade {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> default keep-alive;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> &#x27;websocket&#x27; upgrade;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> &#x27;&#x27; close;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">}</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">server {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> listen 443 ssl;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> server_name *.zrok.quigley.com;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_certificate /etc/letsencrypt/live/zrok.quigley.com/fullchain.pem;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_certificate_key /etc/letsencrypt/live/zrok.quigley.com/privkey.pem;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_ciphers HIGH:!aNULL:!MD5;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> location / {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_pass http://127.0.0.1:8080;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_set_header Host $host;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> error_log /var/log/nginx/zrok-frontend.log;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_busy_buffers_size 512k;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_buffers 4 512k;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_buffer_size 256k;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_http_version 1.1;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_set_header Upgrade $http_upgrade;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_set_header Connection &quot;upgrade&quot;;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> }</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">}</span><br></span></code></pre></div></div>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="restart-nginx">Restart NGINX<a href="#restart-nginx" class="hash-link" aria-label="Direct link to Restart NGINX" title="Direct link to Restart NGINX"></a></h2>
<p>Load the new configuration by restarting NGINX. Check the logs to make sure it&#x27;s happy.</p>
<blockquote>
<p>Started A high performance web server and a reverse proxy server.</p>
</blockquote>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="check-the-firewall">Check the Firewall<a href="#check-the-firewall" class="hash-link" aria-label="Direct link to Check the Firewall" title="Direct link to Check the Firewall"></a></h2>
<p>If you followed the non-TLS quickstart then you may have opened 8080,108080/tcp in your firewall. You can go ahead and replace those exceptions with 443/tcp because only NGINX needs to be reachable for zrok to function.</p>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="update-the-zrok-frontend">Update the zrok Frontend<a href="#update-the-zrok-frontend" class="hash-link" aria-label="Direct link to Update the zrok Frontend" title="Direct link to Update the zrok Frontend"></a></h2>
<p>List available frontends to obtain the token identifier of the frontend named &quot;public&quot;. You may need to set <code>ZROK_ADMIN_TOKEN</code> or <code>ZROK_API_ENDPOINT</code> before running <code>zrok admin</code>.</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">$ zrok admin list frontends</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> TOKEN ZID PUBLIC NAME URL TEMPLATE CREATED AT UPDATED AT </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> 2NiDTRYUww18 7DsLh9DXG public http://{token}.zrok.quigley.com:8080 2023-01-19 05:29:20.793 +0000 UTC 2023-01-19 06:17:25 +0000 UTC </span><br></span></code></pre></div></div>
<p>Update the URL template to use NGINX.</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">$ zrok admin update frontend 2NiDTRYUww18 --url-template https://{token}.zrok.quigley.com:443</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.028] INFO main.(*adminUpdateFrontendCommand).run: updated global frontend &#x27;2NiDTRYUww18&#x27;</span><br></span></code></pre></div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col"><a href="https://github.com/openziti/zrok/blob/main/docs/versioned_docs/version-0.4/guides/self-hosting/linux/nginx.mdx" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/0.4/guides/self-hosting/linux/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Linux</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/0.4/guides/self-hosting/interstitial-page/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Interstitial Pages</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#walkthrough-video" class="table-of-contents__link toc-highlight">Walkthrough Video</a></li><li><a href="#before-you-begin" class="table-of-contents__link toc-highlight">Before You Begin</a></li><li><a href="#choose-a-reverse-proxy-address" class="table-of-contents__link toc-highlight">Choose a Reverse Proxy Address</a></li><li><a href="#obtain-a-wildcard-server-certificate" class="table-of-contents__link toc-highlight">Obtain a Wildcard Server Certificate</a></li><li><a href="#install-nginx" class="table-of-contents__link toc-highlight">Install NGINX</a></li><li><a href="#configure-nginx" class="table-of-contents__link toc-highlight">Configure NGINX</a></li><li><a href="#restart-nginx" class="table-of-contents__link toc-highlight">Restart NGINX</a></li><li><a href="#check-the-firewall" class="table-of-contents__link toc-highlight">Check the Firewall</a></li><li><a href="#update-the-zrok-frontend" class="table-of-contents__link toc-highlight">Update the zrok Frontend</a></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2025 <a href="https://netfoundry.io">NetFoundry Inc.</a></div></div></div></footer></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink