Skip to content

Instantly share code, notes, and snippets.

@mfalkvidd

mfalkvidd/nginx-thingsboard

Last active February 7, 2024 17:02
Show Gist options
  • Star 28 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save mfalkvidd/3920bd5035806a583b5c1e20eaddabae to your computer and use it in GitHub Desktop.
Save mfalkvidd/3920bd5035806a583b5c1e20eaddabae to your computer and use it in GitHub Desktop.
Download ZIP
Thingsboard nginx reverse proxy with websocket and HTTPS support (Let's Encrypt)
Raw
nginx-thingsboard
server {
listen 80;
server_name EXTERNAL_THINGSBOARD_DOMAIN.com;
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443 ssl;
server_name EXTERNAL_THINGSBOARD_DOMAIN.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_pass http://LOCAL_THINGSGBOARD_IP_OR_DOMAN:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
@navneet-indusworks
Copy link

Thank You so much for this... I was trying to solve this for 3 hours

@wz2b
Copy link

wz2b commented Feb 7, 2024

This is very helpful. One thing I want to raise here is that there are issues with http2 and thingsboard with certain browsers like Chrome. One way to get around this is to do use an nginx proxy, which can't relay to the backend using http2 anyway. I think that there might be some advantage to enable http2 anyway:

listen 1.2.3.4:443 ssl http2;

so that the client can talk to nginx using http2, then nginx will talk to thingsboard using http/1.1 which should get around the problem of thingsboard running out of connections.

Either way ... keep http/2 in mind when you do this and make a deliberate decision what to do; the way you have this written it may be disabled (which may be exactly what you want).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment