Skip to content

Commit

Permalink
Added nginx template (#867)
Browse files Browse the repository at this point in the history
  • Loading branch information
TomRomeo authored May 29, 2023
1 parent 460cb34 commit 4fcf176
Showing 1 changed file with 77 additions and 0 deletions.
77 changes: 77 additions & 0 deletions infrastructure_files/nginx.tmpl.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# This template enables proxying netbird behind Nginx.
#
# To modify this template for your own use,
# change the ports for the services, set your
# server_name (e.g. vpn.example.com) and insert
# your own ssl certificates

upstream dashboard {
# insert the http port of your dashboard container here
server 127.0.0.1:8011;

# Improve performance by keeping some connections alive.
keepalive 10;
}
upstream signal {
# insert the grpc port of your signal container here
server 127.0.0.1:10000;
}
upstream management {
# insert the grpc+http port of your signal container here
server 127.0.0.1:8012;
}

server {
# HTTP server config
listen 80;
server_name _;

# 301 redirect to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
# HTTPS server config
listen 443 ssl http2;
server_name _;

# This is necessary so that grpc connections do not get closed early
# see https://stackoverflow.com/a/67805465
client_header_timeout 1d;
client_body_timeout 1d;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;

# Proxy dashboard
location / {
proxy_pass http://dashboard;
}
# Proxy Signal
location /signalexchange.SignalExchange/ {
grpc_pass grpc://signal;
#grpc_ssl_verify off;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
# Proxy Management http endpoint
location /api {
proxy_pass http://management;
}
# Proxy Management grpc endpoint
location /management.ManagementService/ {
grpc_pass grpc://management;
#grpc_ssl_verify off;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem;
}

0 comments on commit 4fcf176

Please sign in to comment.