mirror of https://github.com/elisescu/tty-proxy/
parent
1a438f839b
commit
b9c1dd419c
@ -0,0 +1,62 @@
|
||||
# This is not a complete nginx config file, but only some snippets to show how I configured my
|
||||
# installation.
|
||||
|
||||
# If the stream module is dynamic (nginx -V), then you have to load it manually with
|
||||
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;
|
||||
# Also, you will probably have to install the stream module separately, if the line above fails when
|
||||
# nginx starts. On Fedora, you can do it with `dnf install nginx-mod-stream` and then see its
|
||||
# location with `rpm -ql nginx-mod-stream`.
|
||||
|
||||
stream {
|
||||
# https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server
|
||||
# the tty-server tcp connection ssl proxy
|
||||
server {
|
||||
listen 4567 ssl so_keepalive=30m::10;
|
||||
proxy_pass localhost:3456;
|
||||
ssl_certificate /etc/letsencrypt/live/on.tty-share.com/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/on.tty-share.com/privkey.pem;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
# the tty-proxy server (tty-proxy) address
|
||||
upstream tty-proxy {
|
||||
server localhost:9000;
|
||||
keepalive 12; # number of connections to keep alive even if idle, if they are opened
|
||||
}
|
||||
|
||||
# on.tty-share.com
|
||||
server {
|
||||
listen 80;
|
||||
server_name on.tty-share.com;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name on.tty-share.com;
|
||||
access_log /var/log/nginx/tty-proxy.access.log proxy_log_format;
|
||||
|
||||
# https://stackoverflow.com/questions/19769072/nginx-times-out-exactly-after-60-seconds?rq=1
|
||||
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout
|
||||
proxy_send_timeout 1600;
|
||||
proxy_read_timeout 1600;
|
||||
|
||||
location / {
|
||||
proxy_pass http://tty-proxy;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
|
||||
# TODO: use the rigth certificates here
|
||||
ssl_certificate /etc/letsencrypt/live/on.tty-share.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/on.tty-share.com/privkey.pem;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue