Skip to content

Instantly share code, notes, and snippets.

Last active Sep 27, 2022
What would you like to do?
Teleport behind Nginx Reverse Proxy

General Teleport

If you want to make a cluster for jump host/bastion to your server, you can install Teleport. on this guide, will be guided to install then expose with NGINX Reverse proxy.


  • Ubuntu 20.04LTS
  • 1 GB RAM
  • 1 VCPU
  • 20 GB Storage

Installation Teleport

sudo curl \
  -o /usr/share/keyrings/teleport-archive-keyring.asc
source /etc/os-release
echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] \${ID?} ${VERSION_CODENAME?} stable/v10" \
| sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null

sudo apt-get update
sudo apt-get install teleport

Init Teleport Installation

cd /var/lib/teleport/ 

## OPTIONAL, if you dont have SSL lets generate self-signed
openssl genrsa -out ca.key 2048 
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt 
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./" -out server.csr 
openssl x509 -req -extfile <(printf ",") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
mv server.crt server.pem 
mv server.key server-key.pem 

## If you have ssl lets copy crt & key (.pem) to /var/lib/teleport
cp server.pem /var/lib/teleport
cp server-key.pem /var/lib/teleport

## Installation Init
teleport configure -o /etc/teleport.yaml  \ \ \
--cert-file=/var/lib/teleport/server.pem \

sudo systemctl enable teleport 
sudo systemctl start teleport 
sudo systemctl status teleport 

Create User on Teleport

sudo tctl users add gilang --roles=editor,access --logins=root,ubuntu 

Turn off 2FA (OPTIONAL)

nano /etc/teleport.yaml
    second_factor: off 
systemctl restart teleport

Reverse it with Nginx

  • Define on /etc/hosts
nano /etc/hosts
  • Create conf
nano /etc/nginx/conf.d/teleport.conf
server {
    listen                   443 ssl;

    server_name     *;
    ssl_certificate          /etc/letsencrypt/live/;
    ssl_certificate_key      /etc/letsencrypt/live/;

    location / {

        proxy_buffering      off;
        proxy_set_header     Host $host;
        proxy_set_header     X-Real-IP $remote_addr;
        proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header     X-Forwarded-Proto "https";

        # WebSocket support
        proxy_http_version   1.1;
        proxy_set_header     Upgrade $http_upgrade;
        proxy_set_header     Connection "upgrade";
        proxy_read_timeout   86400;

        proxy_pass ;
nginx -t
service nginx reload


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment