User Login      + Register  

Table_of_Contents

1      Nginx Webserver

1.1                Create Nginx Virtual Host

1.2                Create Nginx Subdirectory

1.2.1      SubDirectory Served From Directory

1.2.2      WebServer Without Base URL Support

1.2.3      WebServer With Base URL Support

1.3                Create Nginx Subdomain

List of Figures

Figure 1:       Nginx Virtual Host

Figure 2:       Subdirectory Without Base URL Support

Figure 3:       Subdirectory With Base URL Support

1      Nginx Webserver

The SecureOffice / OpenWrt nginx webserver behaves and is configured the same as standard nginx. Consult the nginx user guide for further information.

1.1                Create Nginx Virtual Host

This applies to servers with a completely new domain (not primary domain: www.yourdomain.com), addressed as http(s)://www.newdomain.com.

To have servers addressed as http(s)//www.yourdomain.com/<subdirectory> (for example http(s)//www.yourdomain.com/MyWeatherStation), see Create Nginx Subdirectory.

To have servers addressed as http(s)://www.subdomain.yourdomain.com (for example http(s)//www.MyWeatherStation.yourdomain.com), see Create Nginx Subdomain.

Since this is a completely new domain, in addition to your primary domain, it must be assigned a domain name, added to dynamic DNS (for name lookup) and have SSL certificates (it is assumed you are using luci-app-nginx-certificates for free LetsEncrypt certificates).

To configure a virtual host, managed by nginx, use file "/etc/nginx/vhosts/example.conf" (shown below) as a template, copying it to "/etc/nginx/vhosts/<newdomain>.conf", following the instructions within the file:

# Change example.com to your_other_site DNS name

# Change IP address (192.168.10.2) to IP address of server on LAN.

# Uncomment (remove #) everything below

# server {

# listen 80;

# listen [::]:80;

# server_name example.com *.example.com;

# location /.well-known/acme-challenge/ {

# default_type "text/plain";

# allow all;

# alias /var/letsencrypt/;

# }

# location / {

# return 301 https://$host$request_uri;

# }

# }

# server {

# listen 443;

# listen [::]:443;

# server_name example.com *.example.com;

#

# location / {

# proxy_set_header Host www.example.com:$server_port;

# # Allow downstream sites to know who's connecting

# proxy_set_header X-Forwarded-For $remote_addr;

# proxy_pass $scheme://192.168.10.2:$server_port;

# }

# }

 

Figure 1: Nginx Virtual Host

1.2                Create Nginx Subdirectory

A subdirectory is addressed as http(s)://www.yourdomain.com/MyWeatherStation (for example). Subdirectories are handled using the nginx "location" directive. There are two configuration possibilities, depending on whether the html for the subdirectory is in a SecureOffice directory or, whether the subdirectory has its own web server.

For subdomains with dedicated web servers (example home assistant, nextcloud), nginx subdomain configuration is dependent on whether the web server can be configured to change the base URL. If the base URL cannot be changed, redirection becomes more complex since more URL possibilities must be considered. It is crucial to determine (internet search) if the base URL can be configured for dedicated web servers.

1.2.1      SubDirectory Served From Directory

Use this method if the subdirectory is to be served from a directory on the SecureOffice filesystem. This is how SecureOffice addresses fusionPBX as a subdirectory under Luci.

Create a link to your subdirectory files in /www: "ln -sf <full path from root dir to your subdirectory files> /www/subdirectory" (fusionpbx uses: "ln -sf /usr/fusionpbx /www/fusionpbx")

Create a file "/etc/nginx/locations/<subdirectory>.conf with following contents: "location /subdirectory {index index.php};" (fusionpbx uses "location /fusionpbx { index index.php };"

This will redirect all web requests for <your domain>/subdirectory to come from <full path from root dir to your subdirectory files>.

1.2.2      WebServer Without Base URL Support

Use this method if the subdirectory is served by another webserver without base URL configuration support. This is how SecureOffice addresses Home Assistant which has its own web server running on port 8123 (as a subdirectory under Luci). No link in /www is required.

Home Assistant subdirectory redirection is complex, since differing treatment is required, depending on the called URL. File "/etc/nginx/locations/home-assistant.conf" is shown below, as an example. This is because, at time of writing, home assistant does not support configuring the base URL. You will have to determine the per-URL treatment and internal addressing of any servers you redirect to. It is possible to use any web URL (internal to your LAN) or, external, on the internet for the "proxy_pass" value.

In general, any webserver that does not have the ability to change the base URL from '/' to '/some subpath' (eg: '/homeassistant/') will require nginx location redirects for all the subpaths used. To determine the locations, use a browser in developer mode (example: Firefox - > Web Developer .-> Web Console -> Network) to observe and debug get failures from the desired URL. Alter the nginx configuration, restart nginx ("/etc/init.d/nginx restart") and test again.

An example nginx configuration snippet (for home assistant, integrated with OpenWrt menu, private access only) is shown below. Note that this snippet is included by "/etc/nginx/nginx.conf". To make home assistant publicly accessible, this snippet would be placed in the domain vhost configuration file ("/etc/nginx/vhosts/<domain>.conf").

location ~ ^/(api|auth|static|frontend_es5|frontend_latest)/ {

proxy_pass http://localhost:8123;

proxy_set_header Host $host;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

location /api/websocket {

proxy_pass http://localhost:8123/api/websocket;

proxy_set_header Host $host;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

 

Figure 2: Subdirectory Without Base URL Support

1.2.3      WebServer With Base URL Support

Use this method if the subdirectory is served by another webserver with base URL support. This is how SecureOffice addresses the nextcloud docker image which has its own web server running on <nextcloud LAN IP>:80, also mapped to localhost port 8080. No link in /www is required.

The example snippet below is how to configure the nextcloud docker image to be publicly accessible at http(s)://<your domain>/nextcloud. It goes in the "/etc/nginx/vhosts/<your host>.conf" file. It assumes that nextcloud has been configured with a base URL of "/nextcloud" ('overwritewebroot' => '/nextcloud',) in config.php/. Note that two values are valid for the "proxy pass" directive.

server {

listen 443;

listen [::]:443;

# other stuff located here

location /nextcloud/ {

#proxy_pass http://127.0.0.1:8080/;

proxy_pass http://nextcloud:80/;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

# Allow downstream sites to know who's connecting

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto https;

#proxy_set_header X-Forwarded-Host $server_name;

}

# other stuff located here

 

Figure 3: Subdirectory With Base URL Support

1.3                Create Nginx Subdomain

A subdomain is addressed as http(s)://www. MyWeatherStation.yourdomain.com (for example).

TODO: Write it

 

Technologies Used:

Design by: XOOPS UI/UX Team