Nginx config for Ajenti secure reverse proxy
Here is the current Nginx host config I have for running Ajenti behind a reverse proxy:
upstream ajentiweb {
server 127.0.0.1:8000 weight=1 fail_timeout=300s;
}
server {
listen 80;
server_name cp.domain.com;
location / {
proxy_pass http://ajentiweb;
proxy_redirect off;
}
}
The new version of ajenti prefers an https connection. How could I modify this to redirect users to https and tunnel that connection through to ajenti?
Answer
You are right, the new version enabled HTTPS by default, but it's not mandatory. You can disable SSL in Configuration section and use your old config.
Or, you can configure nginx as an SSL proxy (for example: http://www.cyberciti.biz/faq/howto-linux-unix-setup-nginx-ssl-proxy/) - generally, you need to generate a certificate and add it to the nginx config.
Thanks. I got it to work with this:
If there is anything I can do to improve it, I'd love to know.upstream ajentiweb {
server 127.0.0.1:8000 weight=1 fail_timeout=300s;
}
server {
listen 80;
server_name domain.com;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://domain.com/ permanent;
}
server {
listen 443;
server_name domain.com;
client_max_body_size 200m;
access_log /var/log/nginx/ajenti-access.log;
error_log /var/log/nginx/ajenti-error.log;
ssl on;
ssl_certificate /etc/nginx/certs/domain.com/server.crt;
ssl_certificate_key /etc/nginx/certs/domain.com/server.key;
keepalive_timeout 60;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass http://ajentiweb;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_read_timeout 5m;
}
}
Customer support service by UserEcho
You are right, the new version enabled HTTPS by default, but it's not mandatory. You can disable SSL in Configuration section and use your old config.
Or, you can configure nginx as an SSL proxy (for example: http://www.cyberciti.biz/faq/howto-linux-unix-setup-nginx-ssl-proxy/) - generally, you need to generate a certificate and add it to the nginx config.