Can anyone provide simple Meshcentral behind NGINX proxy setup instructions?
-
@Ylian, can you provide a sample json file for what's needed to run behind a reverse proxy that is also providing the SSL cert?
Thanks!
-
@manxam is nginx running on host or remotely?
-
@scottalanmiller said in Can anyone provide simple Meshcentral behind NGINX proxy setup instructions?:
@manxam is nginx running on host or remotely?
I would assume on host based on the topic.
-
@scottalanmiller : Remotely (i.e. another VM within the stack).
Running one NGINX proxy that forwards requests to various services / VMs using LE certs.The NGINX config should be relatively simple, it's the info in the MC config.json that I'm uncertain about.
With that said, I just noticed that the pdf documentation contains NGINX proxy info in it now :
http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide.pdfGuess I have work to do
Happy Holidays!
-
I would just disable SSL completely and use HTTP between MeshCentral and Nginx. Then let Nginx deal with the cert on its own.
-
@scottalanmiller said in Can anyone provide simple Meshcentral behind NGINX proxy setup instructions?:
I would just disable SSL completely and use HTTP between MeshCentral and Nginx. Then let Nginx deal with the cert on its own.
I would use the self signed cert on MC.
-
@scottalanmiller, that's the plan :
NGINX as the proxy hosting the cert and HTTPS.
Proxy forward to MC on HTTP. -
@manxam said in Can anyone provide simple Meshcentral behind NGINX proxy setup instructions?:
@scottalanmiller, that's the plan :
NGINX as the proxy hosting the cert and HTTPS.
Proxy forward to MC on HTTP.@JaredBusch has a good guide for getting it installed on Fedora here:
https://mangolassi.it/topic/18767/install-meshcentral2-on-fedora-29-with-mongodbBelow is what I'm using for my Nginx Config file.
server { listen 80; server_name mesh.example.com return 301 https://$server_name$request_uri; location /.well-known/acme-challenge { root /var/www/letsencrypt; } } server { #listen 80; listen 443 ssl; server_name mesh.example.com client_max_body_size 10G; fastcgi_buffers 64 4K; proxy_send_timeout 7200; send_timeout 7200; ## # SSL Settings ## ssl on; ssl_certificate /etc/nginx/certs/mesh.example.com/fullchain.pem; ssl_certificate_key /etc/nginx/certs/mesh.example.com/privkey.pem; #ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; # access_log /var/log/nginx/mesh.access.log; # error_log /var/log/nginx/mesh.error.log; location / { proxy_pass https://w.x.y.z #Internal IP address and port if needed proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; #Websocket Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /.well-known/acme-challenge { root /var/www/letsencrypt; } }
-
You can also check http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide-0.2.6.pdf page 30, It explains what is required to use nginx as a reverse proxy.
-
Got it all working. Thanks for everyone's assistance!