Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nginx reverse-proxy for RethinkDB Admin UI

Start your rethinkdb instance with this flag: --bind all (or bind=all in the configuration file for your instance)

Block external access to the web UI with these two commands: sudo iptables -A INPUT -i eth0 -p tcp --dport 8080 -j DROP sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 8080 -j ACCEPT

Install nginx: sudo apt-get install nginx

Create a new virtual host (server block): sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/rethinkdb_admin

Edit this file: sudo vi /etc/nginx/sites-available/rethinkdb_admin

to say:

server {
  listen 80;
  server_name domain.com;
  
  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
  }
}

where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

Create username and password (make sure you have apache2-utils installed sudo apt-get install apache2-utils): cd /etc/nginx/ htpasswd -c .rethinkdb.pass <username> where <username> is the username you want. The command will ask you to enter the password for the username you chose.

start/restart nginx sudo service nginx start or sudo service nginx restart

Verify it works: Navigate to http://domain.com/rethinkdb_admin where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

@roblav96

This comment has been minimized.

Copy link

roblav96 commented Jan 26, 2016

this is awesome! Thank you so much!!!

@dhax

This comment has been minimized.

Copy link

dhax commented Feb 9, 2016

Thanks for this! You are missing one step though:
sudo ln -s /etc/nginx/sites-available/rethinkdb_admin /etc/nginx/sites-enabled/

And is "bind=all" really necessary for this to work? For me it's working with the default entry for all local addresses.

@r3wt

This comment has been minimized.

Copy link

r3wt commented Feb 23, 2016

for me its just a blank page that says "Loading..." and all the script and css are 404's in the console...

@dalanmiller

This comment has been minimized.

Copy link

dalanmiller commented Apr 27, 2016

@r3wt did you find a solution to this?

@MarkHerhold

This comment has been minimized.

Copy link

MarkHerhold commented Jul 30, 2016

@dalanmiller @r3wt
I just had a very similar problem and was able to fix it. You may not have the same problem but here's what mine was:

old nginx config

...
    location / {
        proxy_pass http://127.0.0.1:8080;

        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
...

new nginx config

We want the rethinkdb web server to handle 404s. I mistakenly included it so the solution for me was to remove it.

...
    location / {
        proxy_pass http://127.0.0.1:8080;
    }
...
@ghost

This comment has been minimized.

Copy link

ghost commented Dec 27, 2016

Any info how to use https with this?

@jrahaim

This comment has been minimized.

Copy link

jrahaim commented Feb 3, 2017

For https change the
proxy_pass http://127.0.0.1:8080/;
line to
proxy_pass https://127.0.0.1:8080/;

You will need tls enabled in the RethinkDB config file with
http-tls-key=/path/keys/key.pem
http-tls-cert=/path/keys/cert.pem

@jeffjbarbosa

This comment has been minimized.

Copy link

jeffjbarbosa commented Aug 24, 2018

detail:
in ...location /rethinkdb-admin/ {
auth_basic "Restricted";
....
change ( - ) to ( _ )
like this:
...location /rethinkdb_admin/ {
auth_basic "Restricted";
....

@Stylesoftware

This comment has been minimized.

Copy link

Stylesoftware commented Apr 13, 2020

If your getting the 'Loading' only screen, and you see the Content Security warning in the Developer Tools, you may need to fudge the security headers.

This worked for me (Replace [IP-OR-DOMAIN], remove brackets):

server {
  listen 80;           #ip v4
  listen [::]:80       #ip v6
  server_name [IP-OR-DOMAIN];

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP-OR-DOMAIN];";
  }
}

If you need to proxy to another port, and your nginx is configured to upgrade you to HTTPS, you can probably only use your IP address rather than your domain. I didn't find a way around this, and it didn't make sense why I was getting redirected, as the redirect is from port 80.

This works for an [IP] on port 9999 (change [IP] on the last line):
#access: http://[IP]:9999/rethinkdb-admin

server {
  listen 9999;
  server_name _;

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP];";
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.