-
-
Save shoeper/3b33b73e8a39f189e20ac4bfcda3b909 to your computer and use it in GitHub Desktop.
Example, working, NGINX config for proxying to Unifi Controller software and using letsencrypt. Includes websocket fix.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor. | |
# The unifi default port is 8443 running on localhost. | |
# License: CC0 (Public Domain) | |
server { | |
# SSL configuration | |
# | |
listen 443 ssl default_server; | |
listen [::]:443 ssl default_server; | |
server_name unifi.hostname.com; | |
# Needed to allow the websockets to forward well. | |
# Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354 | |
location /wss/ { | |
proxy_pass https://localhost:8443; | |
proxy_http_version 1.1; | |
proxy_buffering off; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
proxy_read_timeout 86400; | |
} | |
location / { | |
proxy_pass https://localhost:8443/; # The Unifi Controller Port | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; | |
} | |
# Unifi still internally uses its own cert. This was converted to PEM and | |
# is trusted for the sake of this proxy. See here for details: | |
# https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/td-p/1406670 | |
ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem; | |
ssl_certificate /etc/letsencrypt/live/unifi.hostname.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/unifi.hostname.com/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
} | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name unifi.hostname.com; | |
location / { | |
return 301 https://$host$request_uri; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment