Example for nginx reverse proxy

[zlobniyshurik]

Hi!

Can you add to the documentation the configuration for nginx as a reverse proxy?

[frankiejol]

Hellol @zlobniyshurik , the very first step would to configure the hypnotoad server. The default installation already provides it. Then you should install Nginx and ssl and proxy modules like Apache.

https://ravada.readthedocs.io/en/latest/docs/apache.html

Unfortunately we do not use nginx in our labs so I can not be more specific. Nevertheless, If you give it a try and make it work, you could kindly contribute a document that we would test. Let me know if you need assistance.

Thanks !

[zlobniyshurik]

Ok, I'll try to decipher Apache config (unfortunately, we don't use Apache) and make config for nginx.
In my first attempt, web socket proxying is currently not working.

[frankiejol]

Thanks for trying @zlobniyshurik , the point is to listen nginx on port 443 and pass all the request to the hypnotad that is in port 8081. Please make sure the hypnotoad is properly running, ie using ss:
ss -tlnp | grep 8081
should return something like:
LISTEN 0 4096 0.0.0.0:8081

I guess you must be aware of this, but check it just in case. Probably the problem is what you said about translating from Apache config to nginx.

Good luck !

[zlobniyshurik]

Well, maybe the problem is not in websockets themselves. I moved nginx to the same host where ravada is installed.

---

For now my configs:

/etc/rvd_front.conf

  hypnotoad => {
    pid_file => '/var/run/ravada/rvd_front.pid'
    ,listen => ['http://127.0.0.1:8081']
    ,proxy => 1
  }

/etc/nginx/nginx.conf

http {

...
    #For websockets (from nginx docs)
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
...

}

/etc/nginx/conf.d/ravcon.mydomain.tld.conf

server {

...

    # Proxy pass
    location / {

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header Host $host;

        proxy_pass http://127.0.0.1:8081$request_uri;
        #root /var/www;
    }
...
}

---

netstat -tulpn show

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      806/nginx: master p 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      723/sshd: /usr/sbin 
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      806/nginx: master p 
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      948/dnsmasq         
tcp        0      0 127.0.0.1:8081          0.0.0.0:*               LISTEN      1117/rvd_front      
tcp        0      0 127.0.0.1:8461          0.0.0.0:*               LISTEN      591/python3         
...            

---

I can login from webinterface, but in Admin Tools -> Machines I got "Error: Web Service connection failed. Check Ravada Apache documentation . "

In Firefox console I see

Unfortunately, I don't know how to fix it yet.

If I login to localhost:8081 the same menu works perfectly.

[fv3rdugo]

Hi, It seems that it's releated with content security follow this link https://ravada.readthedocs.io/en/latest/docs/chatwoot.html#configuration and add your domain in content security policy save and try. El dt., 18 març 2025, 7.42, Alexander Dyadyun ***@***.***> va escriure:

…

Well, maybe the problem is not in websockets themselves. I moved nginx to the same host where ravada is installed. ------------------------------ For now my configs: */etc/rvd_front.conf* hypnotoad => { pid_file => '/var/run/ravada/rvd_front.pid' ,listen => ['http://127.0.0.1:8081'] ,proxy => 1 } */etc/nginx/nginx.conf* http { ... #For websockets (from nginx docs) map $http_upgrade $connection_upgrade { default upgrade; '' close; } ... } */etc/nginx/conf.d/ravcon.mydomain.tld.conf* server { ... # Proxy pass location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8081$request_uri; #root /var/www; } ... } ------------------------------ netstat -tulpn show Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 806/nginx: master p tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 723/sshd: /usr/sbin tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 806/nginx: master p tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 948/dnsmasq tcp 0 0 127.0.0.1:8081 0.0.0.0:* LISTEN 1117/rvd_front tcp 0 0 127.0.0.1:8461 0.0.0.0:* LISTEN 591/python3 ... ------------------------------ I can login from webinterface, but in *Admin Tools -> Machines* I got "Error: Web Service connection failed. Check Ravada Apache documentation . " In Firefox console I see [image: CSP error] <https://camo.githubusercontent.com/0b30628dc10207a1a824899a761be98742224cdce2f01fd8c6b938bc4d85d2d8/68747470733a2f2f6266672d31306b2e72752f546d702f5261766164615f6572722e706e67> Unfortunately, I don't know how to fix it yet. If I login to localhost:8081 the same menu works perfectly. — Reply to this email directly, view it on GitHub <#2160 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAZ66RLI365CV4MU5KRKHJL2U655BAVCNFSM6AAAAABZE5X3QOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMZRHA2DONBRGU> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***> [image: zlobniyshurik]*zlobniyshurik* left a comment (UPC/ravada#2160) <#2160 (comment)> Well, maybe the problem is not in websockets themselves. I moved nginx to the same host where ravada is installed. ------------------------------ For now my configs: */etc/rvd_front.conf* hypnotoad => { pid_file => '/var/run/ravada/rvd_front.pid' ,listen => ['http://127.0.0.1:8081'] ,proxy => 1 } */etc/nginx/nginx.conf* http { ... #For websockets (from nginx docs) map $http_upgrade $connection_upgrade { default upgrade; '' close; } ... } */etc/nginx/conf.d/ravcon.mydomain.tld.conf* server { ... # Proxy pass location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8081$request_uri; #root /var/www; } ... } ------------------------------ netstat -tulpn show Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 806/nginx: master p tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 723/sshd: /usr/sbin tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 806/nginx: master p tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 948/dnsmasq tcp 0 0 127.0.0.1:8081 0.0.0.0:* LISTEN 1117/rvd_front tcp 0 0 127.0.0.1:8461 0.0.0.0:* LISTEN 591/python3 ... ------------------------------ I can login from webinterface, but in *Admin Tools -> Machines* I got "Error: Web Service connection failed. Check Ravada Apache documentation . " In Firefox console I see [image: CSP error] <https://camo.githubusercontent.com/0b30628dc10207a1a824899a761be98742224cdce2f01fd8c6b938bc4d85d2d8/68747470733a2f2f6266672d31306b2e72752f546d702f5261766164615f6572722e706e67> Unfortunately, I don't know how to fix it yet. If I login to localhost:8081 the same menu works perfectly. — Reply to this email directly, view it on GitHub <#2160 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAZ66RLI365CV4MU5KRKHJL2U655BAVCNFSM6AAAAABZE5X3QOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMZRHA2DONBRGU> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[zlobniyshurik]

Oops! I missed that step...

After adding my domain name in CSP setting I slightly corrected /etc/nginx/conf.d/ravcon.mydomain.tld.conf

    location / {

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";

        proxy_set_header Host $host;

        proxy_pass http://127.0.0.1:8081$request_uri;
        #root /var/www;
    }

(added string proxy_set_header X-Forwarded-Proto "https";)

And it's working now! :)

Thank you!

[frankiejol]

Fantastic @zlobniyshurik ! It would be nice if you could write a step by step guide similar to this one:

https://ravada.readthedocs.io/en/latest/docs/apache.html

I guess someone who wants to use nginx as a frontend needs to know what are the required packages, where is the configuration file and its contents, and anything you consider necessary to make it run. We would love to add this to our documentation. It is located in a github branch:

https://github.com/UPC/ravada/tree/gh-pages

[zlobniyshurik]

Ок, I try to write instruction for nginx users

[frankiejol]

@zlobniyshurik kindly contributed a guide for nginx available here:

https://ravada.readthedocs.io/en/latest/docs/nginx_as_reverse_proxy.html