0
Answered

Nginx config for Ajenti secure reverse proxy

KeviNaomi Shenk 11 years ago updated by Translator5 9 years ago 3

Here is the current Nginx host config I have for running Ajenti behind a reverse proxy:


upstream ajentiweb {

    server 127.0.0.1:8000 weight=1 fail_timeout=300s;

}

server {

listen 80;

server_name cp.domain.com;

location / {

        proxy_pass http://ajentiweb;

proxy_redirect off;

}

}


The new version of ajenti prefers an https connection.  How could I modify this to redirect users to https and tunnel that connection through to ajenti?

Answer

Answer
Answered

You are right, the new version enabled HTTPS by default, but it's not mandatory. You can disable SSL in Configuration section and use your old config.

Or, you can configure nginx as an SSL proxy (for example: http://www.cyberciti.biz/faq/howto-linux-unix-setup-nginx-ssl-proxy/) - generally, you need to generate a certificate and add it to the nginx config.


Answer
Answered

You are right, the new version enabled HTTPS by default, but it's not mandatory. You can disable SSL in Configuration section and use your old config.

Or, you can configure nginx as an SSL proxy (for example: http://www.cyberciti.biz/faq/howto-linux-unix-setup-nginx-ssl-proxy/) - generally, you need to generate a certificate and add it to the nginx config.


+1

Thanks.  I got it to work with this:


upstream ajentiweb {

    server 127.0.0.1:8000 weight=1 fail_timeout=300s;

}

server {

    listen 80;

    server_name    domain.com;

    add_header Strict-Transport-Security max-age=2592000;

    rewrite ^/.*$ https://domain.com/ permanent;

}

server {

    listen        443;

    server_name   domain.com;

    client_max_body_size 200m;

    access_log    /var/log/nginx/ajenti-access.log;

    error_log    /var/log/nginx/ajenti-error.log;

    ssl on;

    ssl_certificate        /etc/nginx/certs/domain.com/server.crt;

    ssl_certificate_key    /etc/nginx/certs/domain.com/server.key;

    keepalive_timeout    60;

    ssl_ciphers            HIGH:!ADH:!MD5;

    ssl_protocols            SSLv3 TLSv1;

    ssl_prefer_server_ciphers    on;

    proxy_buffers 16 64k;

    proxy_buffer_size 128k;

    location / {

        proxy_pass    http://ajentiweb;

        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto https;

        proxy_redirect off;

        proxy_read_timeout 5m;

    }

}


If there is anything I can do to improve it, I'd love to know.

Could you say me which file I have to edit?

I use Debian.