realmiketalbot/nginx-unificontroller.conf

## nginx-unificontroller.conf
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor.
# The unifi default port is 8443 running on localhost.

# License: CC0 (Public Domain)

server {
        # SSL configuration
        #
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        server_name unifi.hostname.com;

        # Needed to allow the websockets to forward well.
        # Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354
        location /wss/ {
                proxy_pass https://localhost:8443;
                proxy_http_version 1.1;
                proxy_buffering off;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_read_timeout 86400;
        }

        location / {
                proxy_pass https://localhost:8443/; # The Unifi Controller Port
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        }

        # Unifi still internally uses its own cert. This was converted to PEM and
        # is trusted for the sake of this proxy. See here for details:
        # https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/td-p/1406670
        ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem;

        ssl_certificate /etc/letsencrypt/live/unifi.hostname.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/unifi.hostname.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}

server {
        listen 80;
        listen [::]:80;

        server_name unifi.hostname.com;

        location / {
                return 301 https://$host$request_uri;
        }
}
	# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor.
	# The unifi default port is 8443 running on localhost.

	# License: CC0 (Public Domain)

	server {
	# SSL configuration
	#
	listen 443 ssl default_server;
	listen [::]:443 ssl default_server;

	server_name unifi.hostname.com;

	# Needed to allow the websockets to forward well.
	# Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354
	location /wss/ {
	proxy_pass https://localhost:8443;
	proxy_http_version 1.1;
	proxy_buffering off;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_read_timeout 86400;
	}

	location / {
	proxy_pass https://localhost:8443/; # The Unifi Controller Port
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
	}

	# Unifi still internally uses its own cert. This was converted to PEM and
	# is trusted for the sake of this proxy. See here for details:
	# https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/td-p/1406670
	ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem;

	ssl_certificate /etc/letsencrypt/live/unifi.hostname.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/unifi.hostname.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	}

	server {
	listen 80;
	listen [::]:80;

	server_name unifi.hostname.com;

	location / {
	return 301 https://$host$request_uri;
	}
	}