ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Can anyone provide simple Meshcentral behind NGINX proxy setup instructions?

    IT Discussion
    meshcentral 2 nginx proxy meshcentral npm
    6
    11
    5.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      manxam
      last edited by

      Does anyone have straightforward documentation on installing Meshcentral behind an NGINX reverse proxy?
      I note that there's mention of it in their blog and a video to watch but would prefer a straight :
      npm install this
      edit config.json with these changes for a reverse proxy
      See this working proxy config for NGINX

      It's not that I can't figure it out, but I have enough things that I'm messing around with right now that I don't want to invest a whole bunch of time diagnosing why MC and NGINX aren't playing together if possible 🙂

      Thanks,
      M

      M 1 Reply Last reply Reply Quote 1
      • M
        manxam @manxam
        last edited by

        @Ylian, can you provide a sample json file for what's needed to run behind a reverse proxy that is also providing the SSL cert?

        Thanks!

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @manxam
          last edited by

          @manxam is nginx running on host or remotely?

          DustinB3403D 1 Reply Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403 @scottalanmiller
            last edited by

            @scottalanmiller said in Can anyone provide simple Meshcentral behind NGINX proxy setup instructions?:

            @manxam is nginx running on host or remotely?

            I would assume on host based on the topic.

            1 Reply Last reply Reply Quote 0
            • M
              manxam
              last edited by manxam

              @scottalanmiller : Remotely (i.e. another VM within the stack).
              Running one NGINX proxy that forwards requests to various services / VMs using LE certs.

              The NGINX config should be relatively simple, it's the info in the MC config.json that I'm uncertain about.

              With that said, I just noticed that the pdf documentation contains NGINX proxy info in it now :
              http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide.pdf

              Guess I have work to do 🙂

              Happy Holidays!

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller
                last edited by

                I would just disable SSL completely and use HTTP between MeshCentral and Nginx. Then let Nginx deal with the cert on its own.

                JaredBuschJ M 2 Replies Last reply Reply Quote 1
                • JaredBuschJ
                  JaredBusch @scottalanmiller
                  last edited by

                  @scottalanmiller said in Can anyone provide simple Meshcentral behind NGINX proxy setup instructions?:

                  I would just disable SSL completely and use HTTP between MeshCentral and Nginx. Then let Nginx deal with the cert on its own.

                  I would use the self signed cert on MC.

                  1 Reply Last reply Reply Quote 1
                  • M
                    manxam @scottalanmiller
                    last edited by

                    @scottalanmiller, that's the plan :
                    NGINX as the proxy hosting the cert and HTTPS.
                    Proxy forward to MC on HTTP.

                    dafyreD 1 Reply Last reply Reply Quote 0
                    • dafyreD
                      dafyre @manxam
                      last edited by dafyre

                      @manxam said in Can anyone provide simple Meshcentral behind NGINX proxy setup instructions?:

                      @scottalanmiller, that's the plan :
                      NGINX as the proxy hosting the cert and HTTPS.
                      Proxy forward to MC on HTTP.

                      @JaredBusch has a good guide for getting it installed on Fedora here:
                      https://mangolassi.it/topic/18767/install-meshcentral2-on-fedora-29-with-mongodb

                      Below is what I'm using for my Nginx Config file.

                      server {
                             listen         80;
                             server_name    mesh.example.com
                             return         301 https://$server_name$request_uri;
                      
                              location /.well-known/acme-challenge {
                                  root /var/www/letsencrypt;
                               }
                      }
                      
                      server {
                       #listen 80;
                       listen 443 ssl;
                      
                       server_name mesh.example.com
                       client_max_body_size 10G;
                       fastcgi_buffers 64 4K;
                       proxy_send_timeout     7200;
                       send_timeout   7200;
                      
                      
                      ##
                      # SSL Settings
                      ##
                      
                          ssl on;
                          ssl_certificate /etc/nginx/certs/mesh.example.com/fullchain.pem;
                          ssl_certificate_key /etc/nginx/certs/mesh.example.com/privkey.pem;
                          #ssl_protocols  TLSv1.1 TLSv1.2;
                          ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
                      
                      
                      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
                      ssl_prefer_server_ciphers on;
                      
                      # access_log /var/log/nginx/mesh.access.log;
                      # error_log /var/log/nginx/mesh.error.log;
                      
                      
                       location / {
                        proxy_pass https://w.x.y.z #Internal IP address and port if needed
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto $scheme;
                      
                        #Websocket Support
                        proxy_http_version 1.1;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "upgrade";
                      
                      }
                      
                      
                       location /.well-known/acme-challenge {
                          root /var/www/letsencrypt;
                       }
                      
                      }
                      
                      1 Reply Last reply Reply Quote 1
                      • RomoR
                        Romo
                        last edited by

                        You can also check http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide-0.2.6.pdf page 30, It explains what is required to use nginx as a reverse proxy.

                        1 Reply Last reply Reply Quote 2
                        • M
                          manxam
                          last edited by

                          Got it all working. Thanks for everyone's assistance!

                          1 Reply Last reply Reply Quote 1
                          • 1 / 1
                          • First post
                            Last post