Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Example for nginx reverse proxy #2160

Closed
zlobniyshurik opened this issue Mar 17, 2025 · 9 comments
Closed

Example for nginx reverse proxy #2160

zlobniyshurik opened this issue Mar 17, 2025 · 9 comments
Assignees
@frankiejol
Labels
documentation

Comments

@zlobniyshurik
Copy link
Contributor

Hi!

Can you add to the documentation the configuration for nginx as a reverse proxy?
@frankiejol
Copy link
Member

Hellol @zlobniyshurik , the very first step would to configure the hypnotoad server. The default installation already provides it. Then you should install Nginx and ssl and proxy modules like Apache.

https://ravada.readthedocs.io/en/latest/docs/apache.html

Unfortunately we do not use nginx in our labs so I can not be more specific. Nevertheless, If you give it a try and make it work, you could kindly contribute a document that we would test. Let me know if you need assistance.

Thanks !

@frankiejol frankiejol self-assigned this Mar 17, 2025
@zlobniyshurik
Copy link
Contributor Author

Ok, I'll try to decipher Apache config (unfortunately, we don't use Apache) and make config for nginx.
In my first attempt, web socket proxying is currently not working.

@frankiejol
Copy link
Member

Thanks for trying @zlobniyshurik , the point is to listen nginx on port 443 and pass all the request to the hypnotad that is in port 8081. Please make sure the hypnotoad is properly running, ie using ss:
ss -tlnp | grep 8081
should return something like:
LISTEN 0 4096 0.0.0.0:8081

I guess you must be aware of this, but check it just in case. Probably the problem is what you said about translating from Apache config to nginx.

Good luck !

@zlobniyshurik
Copy link
Contributor Author

Well, maybe the problem is not in websockets themselves. I moved nginx to the same host where ravada is installed.

For now my configs:

/etc/rvd_front.conf

  hypnotoad => {
    pid_file => '/var/run/ravada/rvd_front.pid'
    ,listen => ['http://127.0.0.1:8081']
    ,proxy => 1
  }

/etc/nginx/nginx.conf

http {

...
    #For websockets (from nginx docs)
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
...

}

/etc/nginx/conf.d/ravcon.mydomain.tld.conf

server {

...

    # Proxy pass
    location / {

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header Host $host;

        proxy_pass http://127.0.0.1:8081$request_uri;
        #root /var/www;
    }
...
}

netstat -tulpn show

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      806/nginx: master p 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      723/sshd: /usr/sbin 
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      806/nginx: master p 
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      948/dnsmasq         
tcp        0      0 127.0.0.1:8081          0.0.0.0:*               LISTEN      1117/rvd_front      
tcp        0      0 127.0.0.1:8461          0.0.0.0:*               LISTEN      591/python3         
...

I can login from webinterface, but in Admin Tools -> Machines I got "Error: Web Service connection failed. Check Ravada Apache documentation . "

In Firefox console I see CSP error

Unfortunately, I don't know how to fix it yet.

If I login to localhost:8081 the same menu works perfectly.

@fv3rdugo
Copy link
Member

fv3rdugo commented Mar 18, 2025 via email

@zlobniyshurik
Copy link
Contributor Author

Oops! I missed that step...

After adding my domain name in CSP setting I slightly corrected /etc/nginx/conf.d/ravcon.mydomain.tld.conf

    location / {

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";

        proxy_set_header Host $host;

        proxy_pass http://127.0.0.1:8081$request_uri;
        #root /var/www;
    }

(added string proxy_set_header X-Forwarded-Proto "https";)

And it's working now! :)

Thank you!

@frankiejol
Copy link
Member

Fantastic @zlobniyshurik ! It would be nice if you could write a step by step guide similar to this one:

https://ravada.readthedocs.io/en/latest/docs/apache.html

I guess someone who wants to use nginx as a frontend needs to know what are the required packages, where is the configuration file and its contents, and anything you consider necessary to make it run. We would love to add this to our documentation. It is located in a github branch:

https://github.com/UPC/ravada/tree/gh-pages

@frankiejol frankiejol reopened this Mar 18, 2025
@zlobniyshurik
Copy link
Contributor Author

Ок, I try to write instruction for nginx users

@zlobniyshurik zlobniyshurik mentioned this issue Mar 19, 2025
Merged
@frankiejol
Copy link
Member

@zlobniyshurik kindly contributed a guide for nginx available here:

https://ravada.readthedocs.io/en/latest/docs/nginx_as_reverse_proxy.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@frankiejol frankiejol

Labels
documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frankiejol @fv3rdugo @zlobniyshurik