mirror of
https://github.com/openziti/zrok.git
synced 2024-12-27 17:19:13 +01:00
22 lines
31 KiB
HTML
22 lines
31 KiB
HTML
<!doctype html>
|
||
<html lang="en" dir="ltr" class="docs-wrapper docs-doc-page docs-version-current plugin-docs plugin-id-default docs-doc-id-guides/self-hosting/nginx_tls_guide" data-has-hydrated="false">
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta name="generator" content="Docusaurus v2.4.3">
|
||
<title data-rh="true">Nginx Reverse Proxy for zrok | Zrok</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.zrok.io/docs/guides/self-hosting/nginx_tls_guide/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Nginx Reverse Proxy for zrok | Zrok"><meta data-rh="true" name="description" content="Walkthrough Video"><meta data-rh="true" property="og:description" content="Walkthrough Video"><link data-rh="true" rel="icon" href="/img/space-ziggy.png"><link data-rh="true" rel="canonical" href="https://docs.zrok.io/docs/guides/self-hosting/nginx_tls_guide/"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/guides/self-hosting/nginx_tls_guide/" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/guides/self-hosting/nginx_tls_guide/" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://CO73R59OLO-dsn.algolia.net" crossorigin="anonymous"><link rel="preconnect" href="https://www.google-analytics.com">
|
||
<link rel="preconnect" href="https://www.googletagmanager.com">
|
||
<script async src="https://www.googletagmanager.com/gtag/js?id=G-V2KMEXWJ10"></script>
|
||
<script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","G-V2KMEXWJ10",{anonymize_ip:!0})</script>
|
||
|
||
|
||
<link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.79588027.css">
|
||
<link rel="preload" href="/assets/js/runtime~main.6f82e542.js" as="script">
|
||
<link rel="preload" href="/assets/js/main.643a1e09.js" as="script">
|
||
</head>
|
||
<body class="navigation-with-keyboard">
|
||
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}return t}()||function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"dark")}()</script><div id="__docusaurus">
|
||
<div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a href="https://zrok.io" target="_self" rel="noopener noreferrer" class="navbar__brand"><div class="navbar__logo"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate">zrok</b></a></div><div class="navbar__items navbar__items--right"><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/getting-started/">What is zrok?</a><a href="https://github.com/orgs/openziti/projects/16" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">Roadmap<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/getting-started/">Docs</a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/downloads/">Downloads</a><a href="https://github.com/openziti/zrok" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="Switch between dark and light mode (currently dark mode)" aria-label="Switch between dark and light mode (currently dark mode)" aria-live="polite"><svg viewBox="0 0 24 24" width="24" height="24" class="lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" class="darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg></button></div><div class="searchBox_ZlJk"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebarViewport_Xe31"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/getting-started/">Getting Started with zrok</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/concepts/">Concepts</a><button aria-label="Toggle the collapsible sidebar category 'Concepts'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" aria-expanded="true" href="/docs/category/guides/">Guides</a><button aria-label="Toggle the collapsible sidebar category 'Guides'" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" aria-expanded="true" tabindex="0" href="/docs/category/self-hosting/">Self Hosting</a><button aria-label="Toggle the collapsible sidebar category 'Self Hosting'" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/self_hosting_guide/">Linux VPS</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/guides/self-hosting/nginx_tls_guide/">Nginx TLS</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/docs/category/metrics-and-limits/">Metrics and Limits</a><button aria-label="Toggle the collapsible sidebar category 'Metrics and Limits'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/docs/category/oauth/">OAuth</a><button aria-label="Toggle the collapsible sidebar category 'OAuth'" type="button" class="clean-btn menu__caret"></button></div></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/docs/category/docker-share/">Docker Share</a><button aria-label="Toggle the collapsible sidebar category 'Docker Share'" type="button" class="clean-btn menu__caret"></button></div></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/downloads/">Downloads</a></li></ul></nav></div></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/guides/"><span itemprop="name">Guides</span></a><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/self-hosting/"><span itemprop="name">Self Hosting</span></a><meta itemprop="position" content="2"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Nginx TLS</span><meta itemprop="position" content="3"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>Nginx Reverse Proxy for zrok</h1><h2 class="anchor anchorWithStickyNavbar_LWe7" id="walkthrough-video">Walkthrough Video<a href="#walkthrough-video" class="hash-link" aria-label="Direct link to Walkthrough Video" title="Direct link to Walkthrough Video"></a></h2><iframe width="100%" height="315" src="https://www.youtube.com/embed/870A5dke_u4?start=1080" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"></iframe><h2 class="anchor anchorWithStickyNavbar_LWe7" id="before-you-begin">Before You Begin<a href="#before-you-begin" class="hash-link" aria-label="Direct link to Before You Begin" title="Direct link to Before You Begin"></a></h2><p>I'll assume you have a running zrok controller and public frontend and wish to front both with Nginx providing server TLS. Go back to <a href="/docs/guides/self-hosting/self_hosting_guide/">Self-Hosting Guide</a> if you still need to spin those up.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="choose-a-reverse-proxy-address">Choose a Reverse Proxy Address<a href="#choose-a-reverse-proxy-address" class="hash-link" aria-label="Direct link to Choose a Reverse Proxy Address" title="Direct link to Choose a Reverse Proxy Address"></a></h2><p>I'll use <code>https://api.zrok.quigley.com:443</code> in this example, and assume you already set up wildcard DNS like <code>*.zrok.quigley.com</code>. This lets us elect <code>api.zrok.quigley.com</code> as the controller DNS name, and forward any other incoming requests to the zrok public frontend.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="obtain-a-wildcard-server-certificate">Obtain a Wildcard Server Certificate<a href="#obtain-a-wildcard-server-certificate" class="hash-link" aria-label="Direct link to Obtain a Wildcard Server Certificate" title="Direct link to Obtain a Wildcard Server Certificate"></a></h2><p>You must complete a DNS challenge to obtain a wildcard certificate from Let's Encrypt. I'll assume you know how to create the necessary TXT record in the DNS zone you're using with zrok.</p><ol><li><p>Install certbot: <a href="https://eff-certbot.readthedocs.io/en/stable/install.html" target="_blank" rel="noopener noreferrer">https://eff-certbot.readthedocs.io/en/stable/install.html</a></p></li><li><p>Run certbot with the manual plugin: <a href="https://certbot.eff.org/docs/using.html#manual" target="_blank" rel="noopener noreferrer">https://certbot.eff.org/docs/using.html#manual</a></p><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># install cert for *.zrok.quigley.com in /etc/letsencrypt</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token function" style="color:rgb(80, 250, 123)">sudo</span><span class="token plain"> certbot certonly --manual</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div></li></ol><h2 class="anchor anchorWithStickyNavbar_LWe7" id="install-nginx"><a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/" target="_blank" rel="noopener noreferrer">Install Nginx</a><a href="#install-nginx" class="hash-link" aria-label="Direct link to install-nginx" title="Direct link to install-nginx"></a></h2><h2 class="anchor anchorWithStickyNavbar_LWe7" id="configure-nginx">Configure Nginx<a href="#configure-nginx" class="hash-link" aria-label="Direct link to Configure Nginx" title="Direct link to Configure Nginx"></a></h2><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">server {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> listen 443 ssl;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> server_name api.zrok.quigley.com;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_certificate /etc/letsencrypt/live/zrok.quigley.com/fullchain.pem;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_certificate_key /etc/letsencrypt/live/zrok.quigley.com/privkey.pem;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_ciphers HIGH:!aNULL:!MD5;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> location / {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_pass http://127.0.0.1:18080;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> error_log /var/log/nginx/zrok-controller.log;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> }</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">}</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">map $http_upgrade $connection_upgrade {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> default keep-alive;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> 'websocket' upgrade;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> '' close;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">}</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">server {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> listen 443 ssl;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> server_name *.zrok.quigley.com;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_certificate /etc/letsencrypt/live/zrok.quigley.com/fullchain.pem;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_certificate_key /etc/letsencrypt/live/zrok.quigley.com/privkey.pem;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> ssl_ciphers HIGH:!aNULL:!MD5;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> location / {</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_pass http://127.0.0.1:8080;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_set_header Host $host;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> error_log /var/log/nginx/zrok-frontend.log;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_busy_buffers_size 512k;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_buffers 4 512k;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_buffer_size 256k;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_http_version 1.1;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_set_header Upgrade $http_upgrade;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> proxy_set_header Connection "upgrade";</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> }</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="restart-nginx">Restart Nginx<a href="#restart-nginx" class="hash-link" aria-label="Direct link to Restart Nginx" title="Direct link to Restart Nginx"></a></h2><p>Load the new configuration by restarting Nginx. Check the logs to make sure it's happy.</p><blockquote><p>Started A high performance web server and a reverse proxy server.</p></blockquote><h2 class="anchor anchorWithStickyNavbar_LWe7" id="check-the-firewall">Check the Firewall<a href="#check-the-firewall" class="hash-link" aria-label="Direct link to Check the Firewall" title="Direct link to Check the Firewall"></a></h2><p>If you followed the non-TLS quickstart then you may have opened 8080,108080/tcp in your firewall. You can go ahead and replace those exceptions with 443/tcp because only Nginx needs to be reachable for zrok to function.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="update-the-zrok-frontend">Update the zrok Frontend<a href="#update-the-zrok-frontend" class="hash-link" aria-label="Direct link to Update the zrok Frontend" title="Direct link to Update the zrok Frontend"></a></h2><p>List available frontends to obtain the token identifier of the frontend named "public". You may need to set <code>ZROK_ADMIN_TOKEN</code> or <code>ZROK_API_ENDPOINT</code> before running <code>zrok admin</code>.</p><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">$ zrok admin list frontends</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> TOKEN ZID PUBLIC NAME URL TEMPLATE CREATED AT UPDATED AT </span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> 2NiDTRYUww18 7DsLh9DXG public http://</span><span class="token punctuation" style="color:rgb(248, 248, 242)">{</span><span class="token plain">token</span><span class="token punctuation" style="color:rgb(248, 248, 242)">}</span><span class="token plain">.zrok.quigley.com:8080 </span><span class="token number">2023</span><span class="token plain">-01-19 05:29:20.793 +0000 UTC </span><span class="token number">2023</span><span class="token plain">-01-19 06:17:25 +0000 UTC </span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Update the URL template to use Nginx.</p><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">$ zrok admin update frontend 2NiDTRYUww18 --url-template https://</span><span class="token punctuation" style="color:rgb(248, 248, 242)">{</span><span class="token plain">token</span><span class="token punctuation" style="color:rgb(248, 248, 242)">}</span><span class="token plain">.zrok.quigley.com:443</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token punctuation" style="color:rgb(248, 248, 242)">[</span><span class="token plain"> </span><span class="token number">0.028</span><span class="token punctuation" style="color:rgb(248, 248, 242)">]</span><span class="token plain"> INFO main.</span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token plain">*adminUpdateFrontendCommand</span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token plain">.run: updated global frontend </span><span class="token string" style="color:rgb(255, 121, 198)">'2NiDTRYUww18'</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/nginx_tls_guide.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/guides/self-hosting/self_hosting_guide/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Linux VPS</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/category/metrics-and-limits/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Metrics and Limits</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#walkthrough-video" class="table-of-contents__link toc-highlight">Walkthrough Video</a></li><li><a href="#before-you-begin" class="table-of-contents__link toc-highlight">Before You Begin</a></li><li><a href="#choose-a-reverse-proxy-address" class="table-of-contents__link toc-highlight">Choose a Reverse Proxy Address</a></li><li><a href="#obtain-a-wildcard-server-certificate" class="table-of-contents__link toc-highlight">Obtain a Wildcard Server Certificate</a></li><li><a href="#install-nginx" class="table-of-contents__link toc-highlight">Install Nginx</a></li><li><a href="#configure-nginx" class="table-of-contents__link toc-highlight">Configure Nginx</a></li><li><a href="#restart-nginx" class="table-of-contents__link toc-highlight">Restart Nginx</a></li><li><a href="#check-the-firewall" class="table-of-contents__link toc-highlight">Check the Firewall</a></li><li><a href="#update-the-zrok-frontend" class="table-of-contents__link toc-highlight">Update the zrok Frontend</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2023 NetFoundry Inc. Built with Docusaurus.</div></div></div></footer></div>
|
||
<script src="/assets/js/runtime~main.6f82e542.js"></script>
|
||
<script src="/assets/js/main.643a1e09.js"></script>
|
||
</body>
|
||
</html> |