-
-
Notifications
You must be signed in to change notification settings - Fork 532
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
77 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# This template enables proxying netbird behind Nginx. | ||
# | ||
# To modify this template for your own use, | ||
# change the ports for the services, set your | ||
# server_name (e.g. vpn.example.com) and insert | ||
# your own ssl certificates | ||
|
||
upstream dashboard { | ||
# insert the http port of your dashboard container here | ||
server 127.0.0.1:8011; | ||
|
||
# Improve performance by keeping some connections alive. | ||
keepalive 10; | ||
} | ||
upstream signal { | ||
# insert the grpc port of your signal container here | ||
server 127.0.0.1:10000; | ||
} | ||
upstream management { | ||
# insert the grpc+http port of your signal container here | ||
server 127.0.0.1:8012; | ||
} | ||
|
||
server { | ||
# HTTP server config | ||
listen 80; | ||
server_name _; | ||
|
||
# 301 redirect to HTTPS | ||
location / { | ||
return 301 https://$host$request_uri; | ||
} | ||
} | ||
server { | ||
# HTTPS server config | ||
listen 443 ssl http2; | ||
server_name _; | ||
|
||
# This is necessary so that grpc connections do not get closed early | ||
# see https://stackoverflow.com/a/67805465 | ||
client_header_timeout 1d; | ||
client_body_timeout 1d; | ||
|
||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Scheme $scheme; | ||
proxy_set_header X-Forwarded-Proto https; | ||
proxy_set_header X-Forwarded-Host $host; | ||
|
||
# Proxy dashboard | ||
location / { | ||
proxy_pass http://dashboard; | ||
} | ||
# Proxy Signal | ||
location /signalexchange.SignalExchange/ { | ||
grpc_pass grpc://signal; | ||
#grpc_ssl_verify off; | ||
grpc_read_timeout 1d; | ||
grpc_send_timeout 1d; | ||
grpc_socket_keepalive on; | ||
} | ||
# Proxy Management http endpoint | ||
location /api { | ||
proxy_pass http://management; | ||
} | ||
# Proxy Management grpc endpoint | ||
location /management.ManagementService/ { | ||
grpc_pass grpc://management; | ||
#grpc_ssl_verify off; | ||
grpc_read_timeout 1d; | ||
grpc_send_timeout 1d; | ||
grpc_socket_keepalive on; | ||
} | ||
|
||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; | ||
ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem; | ||
} |