July 25, 2022

MeshCentral and NginX Reverse Proxy configuration

MeshCentral and NginX Reverse Proxy configuration

If you've been struggling to get an NginX reverse proxy working with your locally hosted MeshCentral instance then this config will help you do just that.

Things to check in both 80 and 443 servers are:

servername  - this should be changed to your domain
proxy_pass - hosting locally you just need to check the port number


You will need to comment out my SSL certs and specify your own, or use Certbot to manage them.

 listen 80;
 server_name meshcentral.galt.me;
 location / {
   proxy_pass http://127.0.0.1:800/;
   proxy_http_version 1.1;

 # Inform MeshCentral about the real host, port and protocol
   proxy_set_header X-Forwarded-Host $host:$server_port;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
 }
}
 # HTTPS server.
 server {

  listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/cloud.galt.me-0003/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cloud.galt.me-0003/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



server_name meshcentral.galt.me;

 # MeshCentral uses long standing web socket connections, set longer timeouts.
 proxy_send_timeout 330s;
 proxy_read_timeout 330s;

 # We can use the MeshCentral generated certificate & key
 #ssl_certificate webserver-cert-public.crt;
 #ssl_certificate_key webserver-cert-private.key;
 #ssl_session_cache shared:WEBSSL:10m;
 #ssl_ciphers HIGH:!aNULL:!MD5;
 #ssl_prefer_server_ciphers on;

 location / {
   proxy_pass http://127.0.0.1:4430/;
   proxy_http_version 1.1;

 # Allows websockets over HTTPS.
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_set_header Host $host;
 # Inform MeshCentral about the real host, port and protocol
   proxy_set_header X-Forwarded-Host $host:$server_port;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
 }
}

Happy Meshing!