Page 1 of 1
Set nginx reverse proxy for FusionAuth
Posted: Thu Apr 16, 2020 9:10 pm
by gregorio
Hi,
I'm new to VestaCp, but I really like this solution.
I'm trying to setup a reverse proxy to access
FusionAuth that runs on port 9011, localhost.
I tried to setup a template
in:
Code: Select all
/usr/local/vesta/data/templates/web/nginx
With the code:
Code: Select all
server {
listen %ip%:%proxy_port% default;
server_name _;
#access_log /var/log/nginx/%ip%.log main;
location / {
proxy_pass http://localhost:9011;
}
}
But I can't find it in the VestaCP UI:
Thanks,
Gregorio
Re: Set nginx reverse proxy for FusionAuth
Posted: Thu Apr 16, 2020 11:53 pm
by grayfolk
Move template .tpl and .stpl files to /usr/local/vesta/data/templates/web/nginx/php-fpm
Re: Set nginx reverse proxy for FusionAuth
Posted: Sat Apr 18, 2020 2:27 pm
by gregorio
Thanks, done.
If anyone can use it, here are the templates to host the FusionAuth application, forcing SSL:
File
fusionauth.tpl:
Code: Select all
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
location / {
rewrite ^(.*) https://%domain_idn%$1 permanent;
}
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
}
File
fusionauth.stpl:
Code: Select all
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Port "443";
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://localhost:9011;
proxy_redirect http:// https://;
}
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}
Re: Set nginx reverse proxy for FusionAuth
Posted: Fri Oct 16, 2020 7:20 pm
by jackdanielux
Hey,
I seem to be doing the same thing, but unable to understand, if I create template will other settings managed by nginx get disrupted?
Re: Set nginx reverse proxy for FusionAuth
Posted: Sat Oct 17, 2020 9:26 am
by gregorio
Mmmmm, I don't think so, the values of the nginx main conf remains.
Re: Set nginx reverse proxy for FusionAuth
Posted: Sat Oct 17, 2020 9:42 am
by jackdanielux
I seem to have a problem configuring SSL on an app on a subdomain, only that I don't know how to fix them:
- I have a web app running on
http://mysub.domain.com:9000
- This url is the admin dashboard of the app
- This app shoots email with public facing URLs like
http://mysub.domain.com:9000/xxx/xxx/xxx (which lead to an action within my app)
- The mysub.domain.com is SSL enabled and loads with SSL but the moment the port (9000) is added it returns error page and I have to access it via http
- The problem : 1 - port is visible to public and 2 - the URL shows insecure
- The solution required : 1 - port to be removed without the action of the URL to be impacted and the same URL needs to be served on SSL
Any help is appreciated.