Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: nginx reverse Proxy #15

Closed
echtelerp opened this issue Oct 28, 2019 · 12 comments
Closed

Feature request: nginx reverse Proxy #15

echtelerp opened this issue Oct 28, 2019 · 12 comments

Comments

@echtelerp
Copy link

Hi gcgarner,

thanks a lot for creating the project. I found found it on youtube - the guy with the swiss accent. :-)
one nice option would be proxying all the services, to make them reachable via {url}/grafana, {url}/nodered, ...
one possible source of inspiration could be from:
https://github.com/janvda/balena-node-red-mqtt-nginx-TIG-stack

have a great day
echteler
@gcgarner
Copy link
Owner

Hi Echteler

I've done some testing using linuxserver/letsencrypt with some success on nodered, just couldn't get the websockets up upgrade correctly to work with the debugging. I'll add it to #14

@echtelerp
Copy link
Author

echtelerp commented Oct 28, 2019
edited
Loading

I could help on that one, :-)
just let me know.
you need to add in the docker settings.js file:
httpRoot: '/nodered', httpNodeCors: { origin: "*", methods: "GET,PUT,POST,DELETE" },

in the grafana.ini:
[server] http_port = 3000 domain = {dnsurl}.org root_url = http:// {dnsurl}.org/grafana

then the iginx.conf:
events {} http { server { server_name {dnsurl}.org; listen 80; root /usr/share/nginx/www; index index.html index.htm; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; #proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; proxy_pass http://webserver:80/; } location /nodered/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://nodered:1880; } location /influxdb/ { proxy_pass http://influxdb:8086/; } location /grafana/ { proxy_pass http://grafana:3000/; } }
each /servicename:port needs to be adjusted towards the service name of course.

@gcgarner
Copy link
Owner

I would really appreciate the help, I'm going to have to setup a wiki for the https section. When it comes to opening ports out to the web I want to make sure people follow safe practices. I would like to add some instructions for an ssh tarpit or at least a link. I want to make some headway with the other requests first though.

i think i missed this: httpRoot: '/nodered', httpNodeCors: { origin: "*", methods: "GET,PUT,POST,DELETE" } in settings.js none of the write-ups i found mentioned that

@echtelerp
Copy link
Author

I had to find all of this out by trial and error :-)
took me about a week.
If you like to I can push that on a repo. so far it is inside a private one, due to some specific configs like vpn keys and stuff...

@gcgarner
Copy link
Owner

Antonio is busy working on polishing the nodered Dockerfile to get SQLite and serial working. So i would hold off on that for now.

Which image did you use for the nginx proxy, letsencryt? I could always make a branch for testing

@gcgarner
Copy link
Owner

Hi Philipp I tried adding

httpRoot: '/nodered', httpNodeCors: { origin: "*", methods: "GET,PUT,POST,DELETE" }

into the settings.js file as you suggested but what happened was my nodered just moved to nodered:1880/nodered and i had to change

proxy_pass http://nodered:1880/nodered/; }

this still didn't fix the issue that the websockets don't upgrade to wss so none of the debugging works. Do your debug nodes work with your reverse proxy?

I tested that with linuxserver/letsencrypt but i think i should just use straight nxinx

@gcgarner
Copy link
Owner

it could be a letsencrypt container issue and i need to set something else

@gcgarner
Copy link
Owner

Sigh, i have been chasing ghosts. My NAT reflection is the problem. The websockets works fine from the internet but not when I use the domain name from my internal network.

@gcgarner
Copy link
Owner

gcgarner commented Nov 3, 2019

I've been doing some work on the reverse-proxy and i've hit a little stumbling block. Home assistant does not support being referenced via a subfolder {url}/hassio does not like it. I've only been able to get it working by subdomain. How would you, via an IP address, get a subdomain?

@echtelerp
Copy link
Author

Hi gcgarner,
sorry, I have not been online for a couple of days.
so far i have not tried home assistant. so no info to that so far :-)
the thing with the debug node is solved i guess. otherwise, it all worked fine for me.

@echtelerp
Copy link
Author

From what google says, reverse proxy and Ip adresses with subdomains are not possible, except when you edit the hosts file something ....

@gcgarner
Copy link
Owner

will be added in #14

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@echtelerp @gcgarner