mirror of https://github.com/elisescu/tty-proxy/
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
2.5 KiB
Nginx Configuration File
64 lines
2.5 KiB
Nginx Configuration File
# This is not a complete nginx config file, but only some snippets to show how I configured my
|
|
# installation.
|
|
|
|
# If the stream module is dynamic (nginx -V), then you have to load it manually with
|
|
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;
|
|
# Also, you will probably have to install the stream module separately, if the line above fails when
|
|
# nginx starts. On Fedora, you can do it with `dnf install nginx-mod-stream` and then see its
|
|
# location with `rpm -ql nginx-mod-stream`.
|
|
|
|
stream {
|
|
# https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server
|
|
# the tty-server tcp connection ssl proxy
|
|
server {
|
|
listen 4567 ssl so_keepalive=30m::10;
|
|
proxy_pass localhost:3456;
|
|
ssl_certificate /etc/letsencrypt/live/on.tty-share.com/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/on.tty-share.com/privkey.pem;
|
|
}
|
|
}
|
|
|
|
|
|
http {
|
|
# the tty-proxy server (tty-proxy) address
|
|
upstream tty-proxy {
|
|
server localhost:9000;
|
|
keepalive 12; # number of connections to keep alive even if idle, if they are opened
|
|
}
|
|
log_format proxy_log_format '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
|
|
|
|
# on.tty-share.com
|
|
server {
|
|
listen 80;
|
|
server_name on.tty-share.com;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name on.tty-share.com;
|
|
access_log /var/log/nginx/tty-proxy.access.log proxy_log_format;
|
|
|
|
# https://stackoverflow.com/questions/19769072/nginx-times-out-exactly-after-60-seconds?rq=1
|
|
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout
|
|
proxy_send_timeout 1600;
|
|
proxy_read_timeout 1600;
|
|
|
|
location / {
|
|
proxy_pass http://tty-proxy;
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $server_name;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
}
|
|
|
|
# TODO: use the rigth certificates here
|
|
ssl_certificate /etc/letsencrypt/live/on.tty-share.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/on.tty-share.com/privkey.pem;
|
|
}
|
|
}
|