Nginx reverse-proxy for RethinkDB Admin UI

Instructions.md

Start your rethinkdb instance with this flag: --bind all (or bind=all in the configuration file for your instance)

Block external access to the web UI with these two commands: sudo iptables -A INPUT -i eth0 -p tcp --dport 8080 -j DROP sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 8080 -j ACCEPT

Install nginx: sudo apt-get install nginx

Create a new virtual host (server block): sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/rethinkdb_admin

Edit this file: sudo vi /etc/nginx/sites-available/rethinkdb_admin

to say:

server {
  listen 80;
  server_name domain.com;
  
  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
  }
}

where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

Create username and password (make sure you have apache2-utils installed sudo apt-get install apache2-utils): cd /etc/nginx/ htpasswd -c .rethinkdb.pass <username> where <username> is the username you want. The command will ask you to enter the password for the username you chose.

start/restart nginx sudo service nginx start or sudo service nginx restart

Verify it works: Navigate to http://domain.com/rethinkdb_admin where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

this is awesome! Thank you so much!!!

Thanks for this! You are missing one step though:
sudo ln -s /etc/nginx/sites-available/rethinkdb_admin /etc/nginx/sites-enabled/

And is "bind=all" really necessary for this to work? For me it's working with the default entry for all local addresses.

for me its just a blank page that says "Loading..." and all the script and css are 404's in the console...

@r3wt did you find a solution to this?

@dalanmiller @r3wt
I just had a very similar problem and was able to fix it. You may not have the same problem but here's what mine was:

old nginx config

...
    location / {
        proxy_pass http://127.0.0.1:8080;

        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
...

new nginx config

We want the rethinkdb web server to handle 404s. I mistakenly included it so the solution for me was to remove it.

...
    location / {
        proxy_pass http://127.0.0.1:8080;
    }
...

Any info how to use https with this?

For https change the
proxy_pass http://127.0.0.1:8080/;
line to
proxy_pass https://127.0.0.1:8080/;

You will need tls enabled in the RethinkDB config file with
http-tls-key=/path/keys/key.pem
http-tls-cert=/path/keys/cert.pem

detail:
in ...location /rethinkdb-admin/ {
auth_basic "Restricted";
....
change ( - ) to ( _ )
like this:
...location /rethinkdb_admin/ {
auth_basic "Restricted";
....

If your getting the 'Loading' only screen, and you see the Content Security warning in the Developer Tools, you may need to fudge the security headers.

This worked for me (Replace [IP-OR-DOMAIN], remove brackets):

server {
  listen 80;           #ip v4
  listen [::]:80       #ip v6
  server_name [IP-OR-DOMAIN];

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP-OR-DOMAIN];";
  }
}

If you need to proxy to another port, and your nginx is configured to upgrade you to HTTPS, you can probably only use your IP address rather than your domain. I didn't find a way around this, and it didn't make sense why I was getting redirected, as the redirect is from port 80.

This works for an [IP] on port 9999 (change [IP] on the last line):
#access: http://[IP]:9999/rethinkdb-admin

server {
  listen 9999;
  server_name _;

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP];";
  }
}