User Login      + Register  

Table_of_Contents

1      Nginx Webserver

1.1                Create Nginx Virtual Host

1.2                Create Nginx Subdomain

1.2.1      SubDomain Served From Directory

1.2.2      WebServer Without Base URL Support

1.2.3      WebServer With Base URL Support

List of Figures

Figure 1:       Nginx Virtual Host

Figure 2:       Subdomain Without Base URL Support

Figure 3:       Subdomain With Base URL Support

1      Nginx Webserver

The SecureOffice / OpenWrt nginx webserver behaves and is configured the same as standard nginx. Consult the nginx user guide for further information.

1.1                Create Nginx Virtual Host

This applies to servers with a completely new domain (not primary domain: www.yourdomain.com), addressed as www.newdomain.com. To have servers addressed as www.yourdomain.com/<subdomain> (for example www.yourdomain.com/MyWeatherStation), see Create Nginx Subdomain.

Since this is a completely new domain, in addition to your primary domain, it must be assigned a domain name, added to dynamic DNS (for name lookup) and have SSL certificates (it is assumed you are using luci-app-nginx-certificates for free LetsEncrypt certificates).

To configure a virtual host, managed by nginx. Use file "/etc/nginx/vhosts/example.conf" (shown below) as a template, copying it to "/etc/nginx/vhosts/<newdomain>.conf", following the instructions within the file:

# Change example.com to your_other_site DNS name

# Change IP address (192.168.10.2) to IP address of server on LAN.

# Uncomment (remove #) everything below

# server {

# listen 80;

# listen [::]:80;

# server_name example.com *.example.com;

# location /.well-known/acme-challenge/ {

# default_type "text/plain";

# allow all;

# alias /var/letsencrypt/;

# }

# location / {

# return 301 https://$host$request_uri;

# }

# }

# server {

# listen 443;

# listen [::]:443;

# server_name example.com *.example.com;

#

# location / {

# proxy_set_header Host www.example.com:$server_port;

# # Allow downstream sites to know who's connecting

# proxy_set_header X-Forwarded-For $remote_addr;

# proxy_pass $scheme://192.168.10.2:$server_port;

# }

# }

Figure 1: Nginx Virtual Host

1.2                Create Nginx Subdomain

A subdomain is addressed as www.yourdomain.com/MyWeatherStation (for example). Subdomains are handled using the nginx "location" directive. There are two configuration possibilities, depending on whether the html for the subdomain is in a SecureOffice directory or, whether the subdomain has its own web server.

For subdomains with dedicated web servers (example home assistant, nextcloud), nginx subdomain configuration is dependent on whether the web server can be configured to change the base URL. If the base URL cannot be changed, redirection becomes more complex since more URL possibilities must be considered. It is crucial to determine (internet search) if the base URL can be configured for dedicated web servers.

1.2.1      SubDomain Served From Directory

Use this method if the subdomain is to be served from a directory on the SecureOffice filesystem. This is how SecureOffice addresses fusionPBX as a subdomain under Luci.

Create a link to your subdomain files in /www: "ln -sf <full path from root dir to your subdomain files> /www/subdomain" (fusionpbx uses: "ln -sf /usr/fusionpbx /www/fusionpbx")

Create a file "/etc/nginx/locations/<subdomain>.conf with following contents: "location /subdomain {index index.php};" (fusionpbx uses "location /fusionpbx { index index.php };"

This will redirect all web requests for <your domain>/subdomain to come from <full path from root dir to your subdomain files>.

1.2.2      WebServer Without Base URL Support

Use this method if the subdomain is served by another webserver without base URL configuration support. This is how SecureOffice addresses Home Assistant which has its own web server running on port 8123 (as a subdomain under Luci). No link in /www is required.

Home Assistant redirection is complex, since differing treatment is required, depending on the called URL. File "/etc/nginx/locations/home-assistant.conf" is shown below, as an example. This is because, at time of writing, home assistant does not support configuring the base URL. You will have to determine the per-URL treatment and internal addressing of any servers you redirect to. It may be possible to use any web URL (internal to your LAN) or, external, on the internet for the "proxy_pass" value.

In general, any webserver that does not have the ability to change the base URL from '/' to 'some subpath' (eg: '/homeassistant/') will require nginx location redirects for all the subpaths used. To determine the locations, use a browser in developer mode (example: Firefox - > Web Developer .-> Web Console -> Network) to observe and debug get failures from the desired URL. Alter the nginx configuration, restart nginx ("/etc/init.d/nginx restart") and test again.

An example nginx configuration snippet (for home assistant, integrated with OpenWrt menu, private access only) is shown below. Note that this snippet is included by "/etc/nginx/nginx.conf". To make home assistant publicly accessible, this snippet would be placed in the domain vhost configuration file ("/etc/nginx/vhosts/<domain>.conf").

location ~ ^/(api|auth|static|frontend_es5|frontend_latest)/ {

proxy_pass http://localhost:8123;

proxy_set_header Host $host;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

location /api/websocket {

proxy_pass http://localhost:8123/api/websocket;

proxy_set_header Host $host;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

Figure 2: Subdomain Without Base URL Support

1.2.3      WebServer With Base URL Support

Use this method if the subdomain is served by another webserver with base URL support. This is how SecureOffice addresses the nextcloud docker image which has its own web server running on <nextcloud LAN IP>:80, also mapped to localhost port 8080. No link in /www is required.

The example snippet below is how to configure the nextcloud docker image to be publicly accessible at https://<your domain>/nextcloud. It goes in the "/etc/nginx/vhosts/<your host>.conf" file. It assumes that nextcloud has been configured with a base URL of "/nextcloud" ('overwritewebroot' => '/nextcloud',) in config.php/. Note that two values are valid for the "proxy pass" directive.

server {

listen 443;

listen [::]:443;

# other stuff located here

location /nextcloud/ {

#proxy_pass http://127.0.0.1:8080/;

proxy_pass http://nextcloud:80/;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

# Allow downstream sites to know who's connecting

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto https;

#proxy_set_header X-Forwarded-Host $server_name;

}

# other stuff located here

Figure 3: Subdomain With Base URL Support

 

Technologies Used:

Design by: XOOPS UI/UX Team