Skip to content

Instantly share code, notes, and snippets.

@jmdobry

jmdobry/Instructions.md

Last active August 31, 2021 18:21
Show Gist options
  • Save jmdobry/6083910 to your computer and use it in GitHub Desktop.
Save jmdobry/6083910 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx reverse-proxy for RethinkDB Admin UI
Raw
Instructions.md

Start your rethinkdb instance with this flag: --bind all (or bind=all in the configuration file for your instance)

Block external access to the web UI with these two commands: sudo iptables -A INPUT -i eth0 -p tcp --dport 8080 -j DROP sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 8080 -j ACCEPT

Install nginx: sudo apt-get install nginx

Create a new virtual host (server block): sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/rethinkdb_admin

Edit this file: sudo vi /etc/nginx/sites-available/rethinkdb_admin

to say:

server {
  listen 80;
  server_name domain.com;
  
  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
  }
}

where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

Create username and password (make sure you have apache2-utils installed sudo apt-get install apache2-utils): cd /etc/nginx/ htpasswd -c .rethinkdb.pass <username> where <username> is the username you want. The command will ask you to enter the password for the username you chose.

start/restart nginx sudo service nginx start or sudo service nginx restart

Verify it works: Navigate to http://domain.com/rethinkdb_admin where domain.com is the host name (or IP address) of the server running the RethinkDB Admin UI.

@Stylesoftware
Copy link

Stylesoftware commented Apr 13, 2020
edited
Loading

If your getting the 'Loading' only screen, and you see the Content Security warning in the Developer Tools, you may need to fudge the security headers.

This worked for me (Replace [IP-OR-DOMAIN], remove brackets):

server {
  listen 80;           #ip v4
  listen [::]:80       #ip v6
  server_name [IP-OR-DOMAIN];

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP-OR-DOMAIN];";
  }
}

If you need to proxy to another port, and your nginx is configured to upgrade you to HTTPS, you can probably only use your IP address rather than your domain. I didn't find a way around this, and it didn't make sense why I was getting redirected, as the redirect is from port 80.

This works for an [IP] on port 9999 (change [IP] on the last line):
#access: http://[IP]:9999/rethinkdb-admin

server {
  listen 9999;
  server_name _;

  location /rethinkdb-admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.rethinkdb.pass;
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;
    proxy_set_header Authorization "";
    add_header Content-Security-Policy "default-src 'self' http://[IP];";
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment