NGINX config example working! :-)

Does anyone have a working NGINX configuration example (with or without SSL). I’m working on one at the moment but would be happy to gain insight from others. :slight_smile:

Okay, so fwiw here is what I did to get it to not work reliably under nginx with ubuntu 16.04. This may very likely be very poor practice but for testing (and getting input and corrections from the fine people in this community) here it is

  1. Install nginx:
    apt-get install nginx

  2. I had to also create my own self-signed certs. I followed these instructions for that: https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04

  3. Install fastcgiwrap (note I am not sure this step was required but I am pretty sure it was. ;))
    apt-get install fastcgiwrap

  4. create a file in /etc/nginx/sites-enabled with the domain name for your host:
    nano your_hostname

  5. In that file you just created enter the following and save the file:

server {
listen 443;
server_name your_hostname;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
root /usr/share/urbackup/www/;
index index.htm;

location ~* {
location /x {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:55413;
}
}

With all of those steps done we are ready to test.

  1. Reload and test your configuration:
    nginx -s reload

  2. Open your browser and go to https://your_hostname

  3. On the Internet tab of Settings --> General --> Server set == https://your_domainname

Also at “Settings–> General–> Internet” the Internet Server Name to:
your_domainname and port to 55415

  1. In my environment I don’t want the included http server running at all, so I comment out or remove (e.g prepend with a “#”) the two lines from /etc/default/urbackupsrv

HTTP_SERVER=“true”
and
HTTP_PORT=“55414”

-S

1 Like

Interestingly this configuration works for some time and then fails with: “Error: Parameter ‘action’ not given.”

Hmmm. Back to the drawing board.

You have seen this thread? Webinterface difficulties

1 Like

Aha! So after a night of sleep and that link (which I had seen, but had misapplied) it dawned on me that the examples given were are for your_domain/urbackup whereas I am hosting from the root of just your_domain.

With that knowledge secured this one minor change addresses the issue: remove the /urbackup/ part of the path from the location parameter. :laughing:

location /x {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:55413;
}
}

I’ll run for that for a while and report back!

Thanks!

S

Yep. I am happy that fixed it.

But wait, there’s more. I also found that I needed to comment out the two lines from
/etc/default/urbackupsrv

HTTP_SERVER=“true”
and
HTTP_PORT=“55414”

Then, in the web interface itself I set the Server URL at “Settings --> General --> Server” to:

https://your_domainname

and at “Settings–> General–> Internet” the Internet Server Name to:

your_domainname

and port to 55415

I’ll try to get all this cleaned up after I’ve run with it for a while in case you’d like to include in the documentation.

This is mine (with SSL). Proxying the Internet Server over SSL is IMHO pointless because according to the docs, it’s already encrypted.

server {
listen 80 default_server;
listen [::]:80 default_server;

rewrite ^ https://$http_host:8443$request_uri? permanent; # force redirect http to https
}

server {
listen 8443 default_server; #IPv4
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4”;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

		# Fix the “It appears that your reverse proxy set up is broken" error.
		proxy_pass          http://localhost:55414;
		proxy_read_timeout  90;
		proxy_redirect      http://localhost:55414 https://$host;

}
}