Skip to content

Commit c1d2881

Browse files
author
eleith
committed
add nginx proxy example
1 parent 5148d17 commit c1d2881

File tree

1 file changed

+83
-0
lines changed

1 file changed

+83
-0
lines changed

other/proxies/nginx.md

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
# Nginx
2+
3+
[Nginx](https://nginx.org) can be used as a Reverse Proxy in front of Speedtest
4+
Tracker when you want to expose the Dashboard publicly with a trusted
5+
certificate.
6+
7+
First, you will need to add the `APP_URL` and `ASSET_URL` environment variables
8+
to the docker compose for the URL you will be exposing to reach the Dashboard.
9+
10+
```yaml
11+
services:
12+
speedtest-tracker:
13+
container_name: speedtest-tracker
14+
environment:
15+
- PUID=1000
16+
- PGID=1000
17+
- APP_KEY=
18+
- DB_CONNECTION=sqlite
19+
- SPEEDTEST_SCHEDULE=
20+
- SPEEDTEST_SERVERS=
21+
- PRUNE_RESULTS_OLDER_THAN=
22+
- CHART_DATETIME_FORMAT=
23+
- DATETIME_FORMAT=
24+
- APP_TIMEZONE=
25+
# Change both below to the desired domain
26+
- APP_URL=https://speedtest.yourdomain.com
27+
- ASSET_URL=https://speedtest.yourdomain.com
28+
volumes:
29+
- /path/to/data:/config
30+
- /path/to-custom-ssl-keys:/config/keys
31+
image: lscr.io/linuxserver/speedtest-tracker:latest
32+
restart: unless-stopped
33+
```
34+
35+
Next, you will need to configure nginx to reverse proxy the Speedtest Tracker
36+
app.
37+
38+
at something like /etc/nginx/sites-enabled/speedtest.conf, have the following:
39+
40+
```nginx
41+
server {
42+
listen 80;
43+
server_name speedtest.yourdomain.com;
44+
return 301 https://$host$request_uri;
45+
}
46+
47+
server {
48+
listen 443 ssl;
49+
server_name speedtest.yourdomain.com;
50+
51+
ssl_certificate /etc/letsencrypt/live/speedtest.yourdomain.com/fullchain.pem;
52+
ssl_certificate_key /etc/letsencrypt/live/speedtest.yourdomain.com/privkey.pem;
53+
54+
ssl_protocols TLSv1.2;
55+
ssl_ciphers
56+
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
57+
ssl_prefer_server_ciphers on;
58+
ssl_session_cache shared:SSL:10m;
59+
ssl_session_timeout 10m;
60+
ssl_dhparam /etc/ssl/certs/dhparam.pem;
61+
62+
add_header Strict-Transport-Security "max-age=31536000;includeSubdomains";
63+
64+
location / {
65+
proxy_set_header X-Forwarded-Host $host;
66+
proxy_set_header X-Forwarded-Server $host;
67+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
68+
proxy_set_header X-Forwarded-Proto $scheme;
69+
proxy_redirect http:// https://;
70+
proxy_http_version 1.1;
71+
proxy_pass_request_headers on;
72+
proxy_set_header Connection "keep-alive";
73+
proxy_store off;
74+
75+
proxy_pass http://speedtest-container-host:80;
76+
}
77+
}
78+
```
79+
80+
{% hint style="info" %}
81+
Depending on how you generate your SSL certificates and how you configure your
82+
docker network, you may need to further adjust the `ssl_` and `proxy_pass` settings.
83+
{% endhint %}

0 commit comments

Comments
 (0)