Skip to content

Instantly share code, notes, and snippets.

Last active September 27, 2022 11:51
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Teleport behind Nginx Reverse Proxy

General Teleport

If you want to make a cluster for jump host/bastion to your server, you can install Teleport. on this guide, will be guided to install then expose with NGINX Reverse proxy.


  • Ubuntu 20.04LTS
  • 1 GB RAM
  • 1 VCPU
  • 20 GB Storage

Installation Teleport

sudo curl \
  -o /usr/share/keyrings/teleport-archive-keyring.asc
source /etc/os-release
echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] \${ID?} ${VERSION_CODENAME?} stable/v10" \
| sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null

sudo apt-get update
sudo apt-get install teleport

Init Teleport Installation

cd /var/lib/teleport/ 

## OPTIONAL, if you dont have SSL lets generate self-signed
openssl genrsa -out ca.key 2048 
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt 
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./" -out server.csr 
openssl x509 -req -extfile <(printf ",") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
mv server.crt server.pem 
mv server.key server-key.pem 

## If you have ssl lets copy crt & key (.pem) to /var/lib/teleport
cp server.pem /var/lib/teleport
cp server-key.pem /var/lib/teleport

## Installation Init
teleport configure -o /etc/teleport.yaml  \ \ \
--cert-file=/var/lib/teleport/server.pem \

sudo systemctl enable teleport 
sudo systemctl start teleport 
sudo systemctl status teleport 

Create User on Teleport

sudo tctl users add gilang --roles=editor,access --logins=root,ubuntu 

Turn off 2FA (OPTIONAL)

nano /etc/teleport.yaml
    second_factor: off 
systemctl restart teleport

Reverse it with Nginx

  • Define on /etc/hosts
nano /etc/hosts
  • Create conf
nano /etc/nginx/conf.d/teleport.conf
server {
    listen                   443 ssl;

    server_name     *;
    ssl_certificate          /etc/letsencrypt/live/;
    ssl_certificate_key      /etc/letsencrypt/live/;

    location / {

        proxy_buffering      off;
        proxy_set_header     Host $host;
        proxy_set_header     X-Real-IP $remote_addr;
        proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header     X-Forwarded-Proto "https";

        # WebSocket support
        proxy_http_version   1.1;
        proxy_set_header     Upgrade $http_upgrade;
        proxy_set_header     Connection "upgrade";
        proxy_read_timeout   86400;

        proxy_pass ;
nginx -t
service nginx reload


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment