Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Organizr install help with nginx reverse proxy

Status
Not open for further replies.

Zwck

Senior Member
Joined
Oct 27, 2016
Messages
371
if you have your reverse proxy running you just need to add a file in
/mnt/ssd/jails/{ReverseProxyJailName}/usr/local/etc/nginx/vhost

and add a configuration similar to this: file organizer.conf
Code:
server {
listen 192.168.0.99:80; #ip of your reverse proxy ip
server_name organizer.domainname.tld;

location / {
	return 301 https://$server_name$request_uri;
	}
}
server {
listen 192.168.0.99:443 ssl;
server_name organizer.domainname.tld;


	ssl_certificate /usr/local/etc/nginx/certs/CERT.pem;
	ssl_certificate_key /usr/local/etc/nginx/certs/KEY.key;
	ssl_prefer_server_ciphers On;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
	ssl_stapling on;
	#resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s;
	ssl_stapling_verify on;
	ssl_trusted_certificate /usr/local/etc/nginx/certs/CERTS.pem;
	keepalive_timeout 180;
	#client_max_body_size 1024M;


	   location / {	

	proxy_set_header Host			 $host;
	proxy_set_header X-Real-IP		$remote_addr;
	proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header X-Forward-Proto http;
	proxy_set_header X-Nginx-Proxy true;
	proxy_http_version 1.1;

	proxy_redirect off;


	  proxy_pass http://redirectionip:3000; #where the redirection happens
						   }
}



at your router level you need to forward incoming traffic on port 80 to your reverse proxy

This is a configfile that works for me, you need to change some things for sure.
 

drkmachine

Neophyte
Joined
Jun 12, 2015
Messages
10
@Zwck thank you, however I do not have a vhost directory which I would assume would be setup in nginx to automatically include the organizr.conf that you posted. So should I add an include organizr.conf to my nginx.conf and if so where? Perhaps it is too early for me and/or not enough caffeine. Perhaps I should post up my config files for reference?
 

Zwck

Senior Member
Joined
Oct 27, 2016
Messages
371
@Zwck thank you, however I do not have a vhost directory which I would assume would be setup in nginx to automatically include the organizr.conf that you posted. So should I add an include organizr.conf to my nginx.conf and if so where? Perhaps it is too early for me and/or not enough caffeine. Perhaps I should post up my config files for reference?

Yeah, I was not sure if i had changed some stuff, i set this up quite some time ago. you have to do the following.

1. create the folder vhosts
2. edit nginx.conf in the /nginx folder

nginx.conf
Code:
user www;
worker_processes 1;
error_log /var/log/nginx/error.log;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;

sendfile on;
keepalive_timeout 65;


# Nginx cache configuration
proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=my-cache:8m
max_size=1000m inactive=600m;
proxy_temp_path /var/nginx/cache/tmp;
proxy_cache_key "$scheme$host$request_uri";

gzip on;

server {
#listen 80;
server_name _; location /nginx_status { stub_status on; access_log off;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html; location = /50x.html { root
/usr/local/www/nginx-dist;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:8080y#
location ~ \.php$ {
proxy_pass http://127.0.0.1:8080;
include
/usr/local/etc/nginx/proxy.conf;
}
}

include /usr/local/etc/nginx/vhost/*;

}



now you can create a file in the vhost folder with the name

whatever.conf For each domain that you like to redirect make sure you create a new file in this folder.


if you also dont have a proxy.conf

Code:
proxy_buffering on; 
proxy_redirect off; 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
client_max_body_size 10m; 
client_body_buffer_size 128k; 
proxy_connect_timeout 90; 
proxy_send_timeout 90; 
proxy_read_timeout 90; 
proxy_buffers 100 8k;
add_header			  X-Cache $upstream_cache_status;
 

drkmachine

Neophyte
Joined
Jun 12, 2015
Messages
10
@Zwck ok, so here is where the confusion sets in again. Let me show you the configs I made per the thread I posted previously. With these my reverse proxy works.

nginx.conf
Code:
#user  nobody;
worker_processes  1;

# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# https://trac.nginx.org/nginx/ticket/147 for more info. 
#
#error_log  /var/log/nginx/error.log;
#

#pid		logs/nginx.pid;


events {
	worker_connections  1024;
}


http {
	include	   mime.types;
	default_type  application/octet-stream;

	#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
	#				  '$status $body_bytes_sent "$http_referer" '
	#				  '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log  logs/access.log  main;

	sendfile		on;
	#tcp_nopush	 on;

	#keepalive_timeout  0;
	keepalive_timeout  65;

	#gzip  on;

	server {
		listen 80;
		server_name theguild.myftp.org;
		return 301 https://$host$request_uri;
	}

	server {
		listen	   443 ssl;
		server_name  example.com;
		include ssl_common.conf;
		include proxy_setup.conf;

		#charset koi8-r;

		#access_log  logs/host.access.log  main;

		location / {
			root   /usr/local/www/nginx;
			index  index.html index.htm index.php;
		}

		#error_page  404			  /404.html;

		# redirect server error pages to the static page /50x.html
		#
		error_page   500 502 503 504  /50x.html;
		location = /50x.html {
			root   /usr/local/www/nginx-dist;
		}
	}


ssl_common
Code:
# Thanks to https://cipherli.st/ for providing a great reference! Please check out their 
#site
# to make sure your SSL Configuration is up to date with current standards! Be aware that 
#in this
# example we use a slightly liberal cipherlist to allow for older browsers on older 
#devices, Eg.
# IE8, android 2.4, etc
# Enable Perfect Forward Secrecy (PFS)
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Disable SSLv2 and SSLv3 (BEAST and POODLE attacks)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Enable our strong DH Key
ssl_dhparam /usr/local/etc/ssl/dhparams.pem;
# Cipher-list for PFS.
ssl_ciphers 
"EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_ecdh_curve secp384r1;
# Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Requires nginx >= 1.5.9
ssl_stapling on;
# Requires nginx >= 1.3.7
ssl_stapling_verify on;
# Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# HSTS Support
add_header Strict-Transport-Security "max-age=63072000;includeSubdomains; preload";
# These headers can break applications, be careful!
add_header X-Content-Type-Options nosniff;



Proxy_setup
Code:
	 location /sabnzbd {
	 proxy_pass http://192.168.1.4:9090;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /sickrage {
	 proxy_pass http://192.168.1.6:8081;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /couchpotato {
	 proxy_pass http://192.168.1.5:5050;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /headphones {
	 proxy_pass http://192.168.1.7:8181;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /ombi {
	 proxy_pass http://192.168.1.8:3579;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real_IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /plexpy {
	 proxy_pass http://192.168.1.13:8181/plexpy/;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real_IP $remote_addr;
	 proxy_set_header X-Forwarded-Host $host:$server_port;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 proxy_set_header X-Forwarded-Proto $scheme;
	 proxy_set_header X-Forwarded-Ssl on;
	 }


And even this setup is different. Appearantly there are a number of ways to accomplish the same thing. most of what I see is everything in 2 files. Perhaps I am over complicating it.
 

Zwck

Senior Member
Joined
Oct 27, 2016
Messages
371
i mean its all the same in the end, does your setup work ? if yes; good, if not then change it.

Overall what happens all the different files are "put" together in one file. (via the include functions)
 

drkmachine

Neophyte
Joined
Jun 12, 2015
Messages
10
currently my reverse proxy does work. However what I have is to access organizr i have to use example.com/organizr which really isn't that much of an inconvenience, but is it possible to set it so that I can access organizr by simply entering example.com? Trying to run everything on a single domain.
 

Zwck

Senior Member
Joined
Oct 27, 2016
Messages
371
currently my reverse proxy does work. However what I have is to access organizr i have to use example.com/organizr which really isn't that much of an inconvenience, but is it possible to set it so that I can access organizr by simply entering example.com? Trying to run everything on a single domain.
when you navigate to example.com where do you land on?

you replace
Code:
location / {
			root /usr/local/www/nginx;
			index index.html index.htm index.php;
		}

in nginx.conf
with
Code:
location / {
	 proxy_pass http://192.168.1.ORGANIZER:PORT;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }
or similar
 

drkmachine

Neophyte
Joined
Jun 12, 2015
Messages
10
I land on the default nginx install success page. Editing the nginx.conf with that location I get
Code:
Performing sanity check on nginx configuration:
nginx: [emerg] "location" directive is not allowed here in /usr/local/etc/nginx/nginx.conf:70
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
 

drkmachine

Neophyte
Joined
Jun 12, 2015
Messages
10
I got that worked out. Now to figure out the finer points of php I think since everything loads except my organizr settings page. Thank you @Zwck for all your help.
 

Zwck

Senior Member
Joined
Oct 27, 2016
Messages
371
I got that worked out. Now to figure out the finer points of php I think since everything loads except my organizr settings page. Thank you @Zwck for all your help.

glad you worked it out! cheers

what often helps is checking the browser console to see what is not working. websockets or similar. (lots of red)
 

Zwck

Senior Member
Joined
Oct 27, 2016
Messages
371
nope
 
Status
Not open for further replies.
Top