Sample Nginx config for MAD and RM

nginx site config

# This is a sample site config for Nginx utilizing a single (sub)domain for
# everything MAD related.
#
# MADmin will be available under https://mad.domain.tld/madmin
# RGC needs to be configured to connect to "wss://mad.domain.tld/rgc"
# PD needs to be configured to send data to "https://mad.domain.tld/pd"
# RocketMAD will be available under https://mad.domain.tld/

# How to test if everything's working:
#
# /ws: use websocket.org/echo.html and connect to "wss://mad.domain.tld/ws".
#      If it connects and disconnects without an error, your're fine
#
# /madmin: you should be redirected to /madmin/settings or /madmin/settings/devices
#          if everything's correct. If you get redirected to /settings you forgot
#          to configure madmin_base_path in MAD
#
# /mitm: if you open "https://mad.domain.tld/mitm" in your browser. If you see a
#        "Method Not Allowed" error in your browser, you're fine
#
# /: this should either open your RM map directly or redirect you to "/login", if
#    you configured auth in RM. If you use Telegram auth, make sure you set the
#    correct URL in your Telegram bot.

upstream mad_mitm_receiver {
  # change this port to your mitmreceiver_port
  # leave the IP as is unless you know what you do
  server 127.0.0.1:8000;
}

upstream mad_websocket {
  # change this port to your ws_port
  # leave the IP as is unless you know what you do
  server 127.0.0.1:8080;
}

upstream mad_madmin {
  # change this port to your madmin_port
  # leave the IP as is unless you know what you do
  server 127.0.0.1:5000;
}

upstream rocketmad {
  # change this port to your RocketMAD port
  # the default port for RM is also 5000 but only one service is
  # allowed to listen on a port thus you need to either change
  # MADmin's or RM's port.
  # leave the IP as is unless you know what you do
  server 127.0.0.1:5001;
}

# this block will redirect http to https. Leave it as is
server {
  listen 80;
  listen [::]:80;

  server_name mad.doamin.tld;
  server_tokens off;

  # redirect every request to https
  return 301 https://$http_host$request_uri;
}

# main block for https related things
server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name mad.domain.tld;
  server_tokens off;

  access_log /var/log/nginx/access.log;

  # RGC will connect to this. This is a websocket! 
  # No need to change anything
  location /ws {
    proxy_redirect off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_pass http://mad_websocket/;
  }

  # this is your MADmin
  # also requires madmin_base_path in MAD to be set to "/madmin"
  location /madmin {
    proxy_redirect off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://mad_madmin/;
  }

  # this is where PD sends its data to. No need to change anything
  location /mitm {
    proxy_redirect off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://mad_mitm_receiver/;
  }

  # this is for your map. No need to change anything
  location / {
    proxy_redirect off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://rocketmad/;
  }

  # change these paths to your actual cert location
  ssl_certificate /path/to/mad.domain.tld.chain.pem;
  ssl_certificate_key /path/to/mad.domain.tld.key;
}