Nginx reverse-proxy for RethinkDB Admin UI

Instructions.md

Start your rethinkdb instance with this flag: --bind all (or bind=all in the configuration file for your instance)

Block external access to the web UI with these two commands: sudo iptables -A INPUT -i eth0 -p tcp --dport 8080 -j DROP sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 8080 -j ACCEPT

Install nginx: sudo apt-get install nginx

Create a new virtual host (server block): sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/rethinkdb_admin

Edit this file: sudo vi /etc/nginx/sites-available/rethinkdb_admin

to say:

server {
  listen 80;
  server_name domain.com;
  
  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
  }
}

where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

Create username and password (make sure you have apache2-utils installed sudo apt-get install apache2-utils): cd /etc/nginx/ htpasswd -c .rethinkdb.pass <username> where <username> is the username you want. The command will ask you to enter the password for the username you chose.

start/restart nginx sudo service nginx start or sudo service nginx restart

Verify it works: Navigate to http://domain.com/rethinkdb_admin where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

@r3wt did you find a solution to this?

@dalanmiller @r3wt
I just had a very similar problem and was able to fix it. You may not have the same problem but here's what mine was:

old nginx config

...
    location / {
        proxy_pass http://127.0.0.1:8080;

        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
...

new nginx config

We want the rethinkdb web server to handle 404s. I mistakenly included it so the solution for me was to remove it.

...
    location / {
        proxy_pass http://127.0.0.1:8080;
    }
...

Any info how to use https with this?

For https change the
proxy_pass http://127.0.0.1:8080/;
line to
proxy_pass https://127.0.0.1:8080/;

You will need tls enabled in the RethinkDB config file with
http-tls-key=/path/keys/key.pem
http-tls-cert=/path/keys/cert.pem

detail:
in ...location /rethinkdb-admin/ {
auth_basic "Restricted";
....
change ( - ) to ( _ )
like this:
...location /rethinkdb_admin/ {
auth_basic "Restricted";
....

If your getting the 'Loading' only screen, and you see the Content Security warning in the Developer Tools, you may need to fudge the security headers.

This worked for me (Replace [IP-OR-DOMAIN], remove brackets):

server {
  listen 80;           #ip v4
  listen [::]:80       #ip v6
  server_name [IP-OR-DOMAIN];

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP-OR-DOMAIN];";
  }
}

If you need to proxy to another port, and your nginx is configured to upgrade you to HTTPS, you can probably only use your IP address rather than your domain. I didn't find a way around this, and it didn't make sense why I was getting redirected, as the redirect is from port 80.

This works for an [IP] on port 9999 (change [IP] on the last line):
#access: http://[IP]:9999/rethinkdb-admin

server {
  listen 9999;
  server_name _;

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP];";
  }
}