Skip to content

Instantly share code, notes, and snippets.

@jmdobry
Last active August 31, 2021 18:21
Show Gist options
  • Save jmdobry/6083910 to your computer and use it in GitHub Desktop.
Save jmdobry/6083910 to your computer and use it in GitHub Desktop.
Nginx reverse-proxy for RethinkDB Admin UI

Start your rethinkdb instance with this flag: --bind all (or bind=all in the configuration file for your instance)

Block external access to the web UI with these two commands: sudo iptables -A INPUT -i eth0 -p tcp --dport 8080 -j DROP sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 8080 -j ACCEPT

Install nginx: sudo apt-get install nginx

Create a new virtual host (server block): sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/rethinkdb_admin

Edit this file: sudo vi /etc/nginx/sites-available/rethinkdb_admin

to say:

server {
  listen 80;
  server_name domain.com;
  
  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
  }
}

where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

Create username and password (make sure you have apache2-utils installed sudo apt-get install apache2-utils): cd /etc/nginx/ htpasswd -c .rethinkdb.pass <username> where <username> is the username you want. The command will ask you to enter the password for the username you chose.

start/restart nginx sudo service nginx start or sudo service nginx restart

Verify it works: Navigate to http://domain.com/rethinkdb_admin where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

@dalanmiller
Copy link

@r3wt did you find a solution to this?

@MarkHerhold
Copy link

@dalanmiller @r3wt
I just had a very similar problem and was able to fix it. You may not have the same problem but here's what mine was:

old nginx config

...
    location / {
        proxy_pass http://127.0.0.1:8080;

        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
...

new nginx config

We want the rethinkdb web server to handle 404s. I mistakenly included it so the solution for me was to remove it.

...
    location / {
        proxy_pass http://127.0.0.1:8080;
    }
...

Copy link

ghost commented Dec 27, 2016

Any info how to use https with this?

@jrahaim
Copy link

jrahaim commented Feb 3, 2017

For https change the
proxy_pass http://127.0.0.1:8080/;
line to
proxy_pass https://127.0.0.1:8080/;

You will need tls enabled in the RethinkDB config file with
http-tls-key=/path/keys/key.pem
http-tls-cert=/path/keys/cert.pem

@jeffjbarbosa
Copy link

detail:
in ...location /rethinkdb-admin/ {
auth_basic "Restricted";
....
change ( - ) to ( _ )
like this:
...location /rethinkdb_admin/ {
auth_basic "Restricted";
....

@Stylesoftware
Copy link

Stylesoftware commented Apr 13, 2020

If your getting the 'Loading' only screen, and you see the Content Security warning in the Developer Tools, you may need to fudge the security headers.

This worked for me (Replace [IP-OR-DOMAIN], remove brackets):

server {
  listen 80;           #ip v4
  listen [::]:80       #ip v6
  server_name [IP-OR-DOMAIN];

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP-OR-DOMAIN];";
  }
}

If you need to proxy to another port, and your nginx is configured to upgrade you to HTTPS, you can probably only use your IP address rather than your domain. I didn't find a way around this, and it didn't make sense why I was getting redirected, as the redirect is from port 80.

This works for an [IP] on port 9999 (change [IP] on the last line):
#access: http://[IP]:9999/rethinkdb-admin

server {
  listen 9999;
  server_name _;

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP];";
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment