Skip to content
Snippets Groups Projects

WebTunnel: NGINX vhost example

  • Clone with SSH
  • Clone with HTTPS
  • Embed
  • Share
    The snippet can be accessed without any authentication.
    Authored by Gus

    A simple example with TLS and WebTunnel for NGINX. Replace $SERVER_ADDRESS with your domain, $PATH with your secret path, and DOMAIN with your acme.sh result.

    Edited
    etc/nginx/sites-enabled/vhost-webtunnel-example 1.50 KiB
    server {
        listen [::]:443 ssl http2;
        listen 443 ssl http2;
        server_name $SERVER_ADDRESS;
        #ssl on;
    
        # certificates generated via acme.sh
        ssl_certificate /root/.acme.sh/DOMAIN_ecc/fullchain.cer;
        ssl_certificate_key /root/.acme.sh/DOMAIN_ecc/DOMAIN.key;
    
        ssl_session_timeout 15m;
    
        ssl_protocols TLSv1.2 TLSv1.3;
    
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    
        ssl_prefer_server_ciphers off;
    
        ssl_session_cache shared:MozSSL:50m;
        #ssl_ecdh_curve secp521r1,prime256v1,secp384r1;
        ssl_session_tickets off;
    
        add_header Strict-Transport-Security "max-age=63072000" always;
        
        location = /$PATH {
            proxy_pass http://127.0.0.1:15000;
            proxy_http_version 1.1;
    
            ### Set WebSocket headers ###
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    
            ### Set Proxy headers ###
            proxy_set_header        Accept-Encoding   "";
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;
            add_header              Front-End-Https   on;
    
            proxy_redirect     off;
            access_log  off;
            error_log off;
        }
    
    }
    • When You search for "site-enabled" on this page. Is that correct? My Nginx only has "sites-enabled".

    • @slrslr, it was a typo. fixed. :smile:

    0% Loading or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment