|
| 1 | +# Nginx |
| 2 | + |
| 3 | +[Nginx](https://nginx.org) can be used as a Reverse Proxy in front of Speedtest |
| 4 | +Tracker to expose the Dashboard publicly with a trusted certificate. |
| 5 | + |
| 6 | +First, you will need to add the `APP_URL` and `ASSET_URL` environment variables |
| 7 | +to your `docker-compose.yml`. |
| 8 | + |
| 9 | +```yaml |
| 10 | +services: |
| 11 | + speedtest-tracker: |
| 12 | + container_name: speedtest-tracker |
| 13 | + environment: |
| 14 | + - PUID=1000 |
| 15 | + - PGID=1000 |
| 16 | + - APP_KEY= |
| 17 | + - DB_CONNECTION=sqlite |
| 18 | + - SPEEDTEST_SCHEDULE= |
| 19 | + - SPEEDTEST_SERVERS= |
| 20 | + - PRUNE_RESULTS_OLDER_THAN= |
| 21 | + - CHART_DATETIME_FORMAT= |
| 22 | + - DATETIME_FORMAT= |
| 23 | + - APP_TIMEZONE= |
| 24 | + # Change both below to the desired domain |
| 25 | + - APP_URL=https://speedtest.yourdomain.com |
| 26 | + - ASSET_URL=https://speedtest.yourdomain.com |
| 27 | + volumes: |
| 28 | + - /path/to/data:/config |
| 29 | + - /path/to-custom-ssl-keys:/config/keys |
| 30 | + image: lscr.io/linuxserver/speedtest-tracker:latest |
| 31 | + restart: unless-stopped |
| 32 | +``` |
| 33 | +
|
| 34 | +Next, you will need to configure nginx to proxy to the Speedtest Tracker app. |
| 35 | +
|
| 36 | +{% hint style="info" %} |
| 37 | +Depending on how you generate your SSL certificates and how you configure your |
| 38 | +Docker network, you may need to adjust the `ssl_` and `proxy_pass` values. |
| 39 | +{% endhint %} |
| 40 | + |
| 41 | +```nginx |
| 42 | +server { |
| 43 | + listen 80; |
| 44 | + server_name speedtest.yourdomain.com; |
| 45 | + return 301 https://$host$request_uri; |
| 46 | +} |
| 47 | +
|
| 48 | +server { |
| 49 | + listen 443 ssl; |
| 50 | + server_name speedtest.yourdomain.com; |
| 51 | +
|
| 52 | + ssl_certificate /etc/letsencrypt/live/speedtest.yourdomain.com/fullchain.pem; |
| 53 | + ssl_certificate_key /etc/letsencrypt/live/speedtest.yourdomain.com/privkey.pem; |
| 54 | +
|
| 55 | + ssl_protocols TLSv1.2; |
| 56 | + ssl_ciphers |
| 57 | +'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; |
| 58 | + ssl_prefer_server_ciphers on; |
| 59 | + ssl_session_cache shared:SSL:10m; |
| 60 | + ssl_session_timeout 10m; |
| 61 | + ssl_dhparam /etc/ssl/certs/dhparam.pem; |
| 62 | +
|
| 63 | + add_header Strict-Transport-Security "max-age=31536000;includeSubdomains"; |
| 64 | +
|
| 65 | + location / { |
| 66 | + proxy_set_header X-Forwarded-Host $host; |
| 67 | + proxy_set_header X-Forwarded-Server $host; |
| 68 | + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 69 | + proxy_set_header X-Forwarded-Proto $scheme; |
| 70 | +
|
| 71 | + proxy_pass http://speedtest-container-host:80; |
| 72 | + } |
| 73 | +} |
| 74 | +``` |
0 commit comments