-
Notifications
You must be signed in to change notification settings - Fork 21
Component: NGINX reverse proxy
Sjors edited this page Jun 1, 2017
·
1 revision
NGINX webserver is used as proxy:
- It protects the user's connection with HTTPS via a Let's Encrypt certificates -> tutorial <-
- Also, HTTP Basic authentication is added. -> tutorial <- The bullet above makes sure the password is sent encrypted over the line.
With the help of the tutorials above, the following NGINX server blocks are used:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name {DOMAIN HERE};
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-{DOMAIN HERE}.conf;
include snippets/ssl-params.conf;
root /var/www/html;
index index.html;
location / {
auth_basic "Authorization required";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
}
location ~ /.well-known {
allow all;
}
}