Reverse Proxy Configuration

NGINX Configuration

It is recommended to run Excubitor behind a reverse proxy like NGINX as it does not provide TLS encryption. NGINX can also be used to cache component files more efficiently.

upstream backend {
    server 127.0.0.1:8080;
}

server {
    listen 8443 ssl;
    server_name <Your server name>;

    gzip on; # Compression using GZIP
    gzip_types application/javascript;
    gzip_types text/javascript;

    ssl_certificate <Your SSL certificate>;
    ssl_certificate_key <Your SSL certificate key>;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;

    # HSTS (ngx_http_headers_module is required)
    add_header Strict-Transport-Security "max-age=63072000" always;

    location /.well-known/  {
      root    /var/www/backend/.well-known/; # Only needed if using let's encrypt
    }

    location / {
      proxy_pass http://backend;
    }

    location /ws {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $host;

      proxy_pass http://backend;	
    }
}

To make the installation more secure you may want to install a Web Application Firewall like ModSecurity. But as this is only an experimental project not suited for use in production, this is omitted in the example configuration.

Home
Backend Documentation
Frontend Documentation
- Building the Frontend
- Sample NGINX Configuration
Protocol Documentation
Reflection
- Reflecting architectural and technology choices
- Missing features and design issues

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reverse Proxy Configuration

NGINX Configuration

Clone this wiki locally