/sites-dietpi/nginx.conf file structure

fcmarriott · 23 July 2023 10:44

A couple of years ago, I had a friend help me configure nginx.conf file - but he killed the global nginx.conf file, and added everything into the /etc/nginx/sites-dietpi/nginx.conf. I recently had to rebuild my dietpi install, and trying to get nginx set back up.
In my research, I see the /etc/nginx/nginx.conf holds global settings, and the /etc/nginx/sites-dietpi/nginx.conf only holds the location config.

I have reserved sub-domains at my personal domain that I would like to use (actually 3 of them). For example, i have subdomain.domain.com reserved at Network Solutions, and I’d like to map that to an application running on my DietPi install. I’ve read through : Nginx Configuration - #7 by danmo117 a few times, and can’t make full sense out of it.

I currently have (in my restored /etc/nginx/sites-dietpi/nginx.conf)

server_name subdomain.domain.com 192.168.0.11;

        location / {
                proxy_pass http://127.0.0.1:8086;

But according to the link above it should be :

location /subdomain.domain.com/ {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_pass              http://localhost:8086/;

        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
        }

And so on, for the other 2 apps? Does that look correct? Do the proxy_set_header sections need to be modified, or are the generic entries correct?

Cheers.

fcmarriott · 23 July 2023 11:05

I rebooted dietpi, and now nginx is actually responding, but it is only giving me the default nginx welcome page, and not sending me to the app that I want.

# Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to [nginx.org](http://nginx.org/).
Commercial support is available at [nginx.com](http://nginx.com/).

*Thank you for using nginx.*

Joulinar · 23 July 2023 17:32

and how does your current configuration look like?

fcmarriott · 24 July 2023 00:06

It is currently :

# Sonarr

location sonarr.paulrin.com {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_pass              http://localhost:8086/;

        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
        }

Joulinar · 24 July 2023 08:54

The location is defining a sub path and not a sub domain. This for sure will not work.

fcmarriott · 25 July 2023 02:58

Ok, is there any way to make it work for a sub domain?

Jappe · 25 July 2023 05:41

There were similar questions about other apps like nextloud, I bet you will find some helpful threads if you use the search function. But it’s kinda pain in the ass to config this.
If you use SSL you also need new certs for the subdomain.
I recommend you to just use the subpaths

Joulinar · 25 July 2023 09:47

You would need to create individual server blocks. Close the main server block then open a new one for each sub domain.

server {
    server_name example.com;
    # the rest of the config
}
server {
    server_name sub1.example.com;
    # sub1 config
}
server {
    server_name sub2.example.com;
    # sub2 config
}

fcmarriott · 26 July 2023 08:20

I would need to create individual server blocks in the /etc/nginx/nginx.conf or the /etc/nginx/sites-dietpi/nginx.conf?

I seem to remember getting an error if server blocks were defined in /etc/nginx/sites-dietpi/nginx.conf.

Joulinar · 26 July 2023 12:52

additional server block configuration files would need to be created within /etc/nginx/sites-enabled

mail2rst · 30 July 2023 15:53

Please anybody share updated default file in folder " /etc/nginx/sites-enabled". i want to reverse proxy for dietpi installed software homeassistant, vaultwarden, adguard, plex, dietpi-dash board. i want to access all these software with my purchased domain name (with subdomain url). I also want to use my wildcard self signed certificate for all these program. In past i did this with docker but now i just migrate completely to dietpi default software with nginx used as reverse proxy.

mail2rst · 30 July 2023 20:24

I have myfile.conf like this & its not working

server {
    listen         80;
    server_name    vaultwarden.XXX.ZZZ;

    location / {
    set $target https://localhost:8001;
    proxy_pass $target;
  }
}

server {
    listen         80;
    server_name    homeassistant.XXX.ZZZ;

    location / {
    set $target http://localhost:8123;
    proxy_pass $target;
  }
}

server {
    listen         80;
    server_name    plex.XXX.ZZZ;

    location / {
    set $target http://localhost:32400;
    proxy_pass $target;
  }
}

Totila · 30 July 2023 21:13

That’s my vault warden, maybe it helps:

server {

    server_name subdomain.com;

    location / {
      proxy_http_version 1.1;
      proxy_set_header "Connection" "";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://PI.IP:8001;
    }

    location /notifications/hub/negotiate {
      proxy_http_version 1.1;
      proxy_set_header "Connection" "";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://PI.IP:8001;
    }

    location /notifications/hub {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Forwarded $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://PI.IP:3012;
    }
}

mail2rst · 30 July 2023 22:22

Thanks Totila, I also confirm your vaultwarden.conf file is working. only thing i have to change. proxy_pass http://PI.IP:8001 to proxy_pass https://PI.IP:8001 as by default in dietpi vaultwarden works on https. so i have to put individual files for homeasssitant, adguard, plex, dietpi-dashboard.

mail2rst · 30 July 2023 23:21

just for information this conf files work for plex, homeassistant with prescribed port

server {

    server_name plex.XXX.ZZZ;

    location / {
      proxy_http_version 1.1;
      proxy_set_header "Connection" "";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass ip:port;
    }

}

Joulinar · 31 July 2023 08:00

You do SSL handling on your revers proxy as well?

mail2rst · 31 July 2023 19:26

Thanks Joulinar,
please suggest me where i have to feed my location of wildcard selfsigned certficate/key location for each service. is i have to write in my each custom site-enabled *.conf file or we can put somewhere on top so that each service use that key/certficate. i like to put on separate for each individual file.

Joulinar · 1 August 2023 12:03

maybe this could answer your question

fcmarriott · 11 August 2023 06:47

Thanks for all the help. I finally got this working.

No changes in /etc/nginx.conf
Empty /etc/nginx/sites-dietpi/nginx.conf
Followed @mail2rst example to use the following structure in /etc/nginx/sites-enabled/default :

# /etc/nginx/sites-available/default
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name *domain*.com;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }
}

server {

    server_name sonarr.domain.com;

    location / {
      proxy_http_version 1.1;
      proxy_set_header "Connection" "";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://xxx.xxx.x.xx:port;
    }

}

And repeated for the 2 other apps I wanted to expose. Now, if I could only figure out encryption certs…

mail2rst · 11 August 2023 14:07

For reverse proxy & redirect traffic to http to https. you can use this nginx configuration file for reference template
How to Set Up Plex to Use a Nginx Reverse Proxy - Plexopedia .