Thursday, July 27, 2017

Configure NginX reverse proxy and OctoPrint

I have a raspberry pi on my network that is an NginX reverse proxy so I can have SSL termination and friendly names for some services on my network.

One of those services is OctoPrint for my PrusaI3 clone 3D printer. The host name for that raspberry pi is octopi01.bit13.local (bit13.local is my local domain) I want to be able to get to it in the browser by going to prusai3.bit13.local.

I have configured my DNS, also running on the same raspberry pi, to have an alias for prusai3.bit13.local to point to the nginx host (dns01.bit13.local.).

I then added an nginx config for the host so it will force SSL/TLS and proxy to the original host.

server {
    # listen on port 80
    listen 80;
    server_name prusai3.bit13.local;
    # send anyone that comes here on port 80 -> 443
    return 301 https://prusai3.bit13.local$request_uri;
}

server {
    # listen on 443
    listen 443;
    server_name  prusai3.bit13.local;

    # enable ssl
    ssl on;
    # this is just a self-signed cert
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location / {
        # DNS address
        resolver 192.168.2.1;
        
        # set some proxy headers
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # support WSS
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # pass on to the original host
        proxy_pass http://octopi01.bit13.local:80;
    }
}
Once I apply these changes, I can then access the OctoPrint website by visiting https://prusai3.bit13.local from my browser.

No comments:

Post a Comment

Configure NginX reverse proxy and OctoPrint

I have a raspberry pi on my network that is an NginX reverse proxy so I can have SSL termination and friendly names for some services on my network.

One of those services is OctoPrint for my PrusaI3 clone 3D printer. The host name for that raspberry pi is octopi01.bit13.local (bit13.local is my local domain) I want to be able to get to it in the browser by going to prusai3.bit13.local.

I have configured my DNS, also running on the same raspberry pi, to have an alias for prusai3.bit13.local to point to the nginx host (dns01.bit13.local.).

I then added an nginx config for the host so it will force SSL/TLS and proxy to the original host.

server {
    # listen on port 80
    listen 80;
    server_name prusai3.bit13.local;
    # send anyone that comes here on port 80 -> 443
    return 301 https://prusai3.bit13.local$request_uri;
}

server {
    # listen on 443
    listen 443;
    server_name  prusai3.bit13.local;

    # enable ssl
    ssl on;
    # this is just a self-signed cert
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location / {
        # DNS address
        resolver 192.168.2.1;
        
        # set some proxy headers
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # support WSS
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # pass on to the original host
        proxy_pass http://octopi01.bit13.local:80;
    }
}
Once I apply these changes, I can then access the OctoPrint website by visiting https://prusai3.bit13.local from my browser.