Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Set nginx reverse proxy for FusionAuth

https://forum.vestacp.com/viewtopic.php?f=11&t=19805

Page 1 of 1

Set nginx reverse proxy for FusionAuth

Posted: Thu Apr 16, 2020 9:10 pm
by gregorio
Hi,
I'm new to VestaCp, but I really like this solution.
I'm trying to setup a reverse proxy to access FusionAuth that runs on port 9011, localhost.

I tried to setup a template

Code: Select all

funsionauth.tpl
in:

Code: Select all

/usr/local/vesta/data/templates/web/nginx
With the code:

Code: Select all

server {
    listen       %ip%:%proxy_port% default;
    server_name  _;
    #access_log  /var/log/nginx/%ip%.log main;
    location / {
        proxy_pass  http://localhost:9011;
   }
}
But I can't find it in the VestaCP UI:
Image

Thanks,
Gregorio

Re: Set nginx reverse proxy for FusionAuth

Posted: Thu Apr 16, 2020 11:53 pm
by grayfolk
Move template .tpl and .stpl files to /usr/local/vesta/data/templates/web/nginx/php-fpm

Re: Set nginx reverse proxy for FusionAuth

Posted: Sat Apr 18, 2020 2:27 pm
by gregorio
Thanks, done.

If anyone can use it, here are the templates to host the FusionAuth application, forcing SSL:

File fusionauth.tpl:

Code: Select all

server {
    listen      %ip%:%web_port%;
    server_name %domain_idn% %alias_idn%;
    
    location / {
        rewrite ^(.*) https://%domain_idn%$1 permanent;
    }
    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
}
File fusionauth.stpl:

Code: Select all

server {
    listen      %ip%:%web_ssl_port%;
    server_name %domain_idn% %alias_idn%;
    
    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;

    location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Port "443";
	proxy_set_header X-Forwarded-Proto "https";

    	proxy_pass  http://localhost:9011;
        proxy_redirect http:// https://;
    }

    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
}

Re: Set nginx reverse proxy for FusionAuth

Posted: Fri Oct 16, 2020 7:20 pm
by jackdanielux
Hey,

I seem to be doing the same thing, but unable to understand, if I create template will other settings managed by nginx get disrupted?

Re: Set nginx reverse proxy for FusionAuth

Posted: Sat Oct 17, 2020 9:26 am
by gregorio
Mmmmm, I don't think so, the values of the nginx main conf remains.

Re: Set nginx reverse proxy for FusionAuth

Posted: Sat Oct 17, 2020 9:42 am
by jackdanielux
I seem to have a problem configuring SSL on an app on a subdomain, only that I don't know how to fix them:
- I have a web app running on http://mysub.domain.com:9000
- This url is the admin dashboard of the app
- This app shoots email with public facing URLs like http://mysub.domain.com:9000/xxx/xxx/xxx (which lead to an action within my app)
- The mysub.domain.com is SSL enabled and loads with SSL but the moment the port (9000) is added it returns error page and I have to access it via http
- The problem : 1 - port is visible to public and 2 - the URL shows insecure
- The solution required : 1 - port to be removed without the action of the URL to be impacted and the same URL needs to be served on SSL

Any help is appreciated.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/