-
Notifications
You must be signed in to change notification settings - Fork 103
Using NGINX as a reverse proxy
This is an Archived Page: The following content has been ported from solidproject.org
A reverse proxy allows you to run a Solid server on an internal port and let the proxy handle traffic to public HTTP and HTTPS ports. This example below shows one way to achieve this for the Community Solid Server.
In the code snippet, we assume that:
- your public URL is
https://solid.example/ - your server is running on
http://localhost:3000/ - you have installed NGINX
and its configuration folder is
/etc/nginx/ - your TLS certificates are stored at
/etc/letsencrypt/live/solid.example/- you can obtain free ones with Let's Encrypt
You can replace these values with those of your configuration.
Add a new site to your NGINX configuration
by creating a file
/etc/nginx/sites-available/solid.example
with the following contents:
# Your local Solid server instance
upstream community-solid-server {
server 127.0.0.1:3000;
}
# Redirect HTTP to HTTPS
server {
server_name solid.example;
listen 80;
return 301 https://$host$request_uri;
}
# Proxy traffic for https://solid.example/ to http://localhost:3000/
server {
server_name solid.example;
# HTTPS certificate setup (can be autogenerated by tools such as certbot)
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/solid.example/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/solid.example/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/solid.example/chain.pem;
include snippets/https.conf;
# Include this for certificate renewal if you are using Let's Encrypt
location ^~ /.well-known/acme-challenge/ {
root /var/www/solid.example; # or a folder of your choice
}
# Proxy all other traffic to the Solid server
location / {
# Delegate to the Solid server, passing the original host and protocol
proxy_pass http://community-solid-server$request_uri;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Pass these headers from the Solid server back to the client
proxy_pass_header Server;
proxy_pass_header Set-Cookie;
# Enable Websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Prevent ETag modification (https://github.com/solid/community-server/issues/1036)
gzip off;
}
}We are reusing an HTTPS configuration file at /etc/nginx/snippets/https.conf,
which you should create if it does not exist.
Don't forget to restart NGINX to activate the new configuration:
sudo systemctl restart nginxVocabularies (Archived Pages)
-
Quickstart
-
Discover
-
Create
- Create your own vocabulary (Archived Page)
- Vocabulary building best practices (Archived Page)
- Improve your vocabulary(Archived Page)
- NeOn, a vocabulary creation methodology (Archived Page)
- Describe data for Solid (Archived Page)
- Publish your vocabulary (Archived Page)
- Publish your vocabulary as RDF (Archived Page)
- Publish your vocabulary as code artifacts (Archived Page)
Reverse Proxy Tutorials (Archived Pages)
Miscellaneous (Archived Pages)