MeshCentral and NginX Reverse Proxy configuration
If you've been struggling to get an NginX reverse proxy working with your locally hosted MeshCentral instance then this config will help you do just that.
Things to check in both 80 and 443 servers are:
servername - this should be changed to your domain
proxy_pass - hosting locally you just need to check the port number
You will need to comment out my SSL certs and specify your own, or use Certbot to manage them.
listen 80;
server_name meshcentral.galt.me;
location / {
proxy_pass http://127.0.0.1:800/;
proxy_http_version 1.1;
# Inform MeshCentral about the real host, port and protocol
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# HTTPS server.
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cloud.galt.me-0003/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.galt.me-0003/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name meshcentral.galt.me;
# MeshCentral uses long standing web socket connections, set longer timeouts.
proxy_send_timeout 330s;
proxy_read_timeout 330s;
# We can use the MeshCentral generated certificate & key
#ssl_certificate webserver-cert-public.crt;
#ssl_certificate_key webserver-cert-private.key;
#ssl_session_cache shared:WEBSSL:10m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:4430/;
proxy_http_version 1.1;
# Allows websockets over HTTPS.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Inform MeshCentral about the real host, port and protocol
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}Happy Meshing!