We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Set nginx reverse proxy for FusionAuth Topic is solved
Set nginx reverse proxy for FusionAuth
Hi,
I'm new to VestaCp, but I really like this solution.
I'm trying to setup a reverse proxy to access FusionAuth that runs on port 9011, localhost.
I tried to setup a template in:
With the code:
But I can't find it in the VestaCP UI:
Thanks,
Gregorio
I'm new to VestaCp, but I really like this solution.
I'm trying to setup a reverse proxy to access FusionAuth that runs on port 9011, localhost.
I tried to setup a template
Code: Select all
funsionauth.tpl
Code: Select all
/usr/local/vesta/data/templates/web/nginx
Code: Select all
server {
listen %ip%:%proxy_port% default;
server_name _;
#access_log /var/log/nginx/%ip%.log main;
location / {
proxy_pass http://localhost:9011;
}
}
Thanks,
Gregorio
-
- Support team
- Posts: 1111
- Joined: Tue Jul 30, 2013 10:18 pm
- Contact:
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Set nginx reverse proxy for FusionAuth
Move template .tpl and .stpl files to /usr/local/vesta/data/templates/web/nginx/php-fpm
Re: Set nginx reverse proxy for FusionAuth
Thanks, done.
If anyone can use it, here are the templates to host the FusionAuth application, forcing SSL:
File fusionauth.tpl:
File fusionauth.stpl:
If anyone can use it, here are the templates to host the FusionAuth application, forcing SSL:
File fusionauth.tpl:
Code: Select all
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
location / {
rewrite ^(.*) https://%domain_idn%$1 permanent;
}
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
}
Code: Select all
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Port "443";
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://localhost:9011;
proxy_redirect http:// https://;
}
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}
-
- Posts: 5
- Joined: Fri Oct 16, 2020 5:04 pm
- Os: Ubuntu 17x
- Web: apache + nginx
Re: Set nginx reverse proxy for FusionAuth
Hey,
I seem to be doing the same thing, but unable to understand, if I create template will other settings managed by nginx get disrupted?
I seem to be doing the same thing, but unable to understand, if I create template will other settings managed by nginx get disrupted?
Re: Set nginx reverse proxy for FusionAuth
Mmmmm, I don't think so, the values of the nginx main conf remains.
-
- Posts: 5
- Joined: Fri Oct 16, 2020 5:04 pm
- Os: Ubuntu 17x
- Web: apache + nginx
Re: Set nginx reverse proxy for FusionAuth
I seem to have a problem configuring SSL on an app on a subdomain, only that I don't know how to fix them:
- I have a web app running on http://mysub.domain.com:9000
- This url is the admin dashboard of the app
- This app shoots email with public facing URLs like http://mysub.domain.com:9000/xxx/xxx/xxx (which lead to an action within my app)
- The mysub.domain.com is SSL enabled and loads with SSL but the moment the port (9000) is added it returns error page and I have to access it via http
- The problem : 1 - port is visible to public and 2 - the URL shows insecure
- The solution required : 1 - port to be removed without the action of the URL to be impacted and the same URL needs to be served on SSL
Any help is appreciated.
- I have a web app running on http://mysub.domain.com:9000
- This url is the admin dashboard of the app
- This app shoots email with public facing URLs like http://mysub.domain.com:9000/xxx/xxx/xxx (which lead to an action within my app)
- The mysub.domain.com is SSL enabled and loads with SSL but the moment the port (9000) is added it returns error page and I have to access it via http
- The problem : 1 - port is visible to public and 2 - the URL shows insecure
- The solution required : 1 - port to be removed without the action of the URL to be impacted and the same URL needs to be served on SSL
Any help is appreciated.