Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Example, working, NGINX config for proxying to Unifi Controller software and using letsencrypt. Includes websocket fix.
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor.
# The unifi default port is 8443 running on localhost.
# License: CC0 (Public Domain)
server {
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# Needed to allow the websockets to forward well.
# Information adopted from here:
location /wss/ {
proxy_pass https://localhost:8443;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
location / {
proxy_pass https://localhost:8443/; # The Unifi Controller Port
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Unifi still internally uses its own cert. This was converted to PEM and
# is trusted for the sake of this proxy. See here for details:
ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem;
ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
server {
listen 80;
listen [::]:80;
location / {
return 301 https://$host$request_uri;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment