Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Example, working, NGINX config for proxying to Unifi Controller software and using letsencrypt. Includes websocket fix.
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor.
# The unifi default port is 8443 running on localhost.
# License: CC0 (Public Domain)
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name unifi.hostname.com;
# Needed to allow the websockets to forward well.
# Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354
location /wss/ {
proxy_pass https://localhost:8443;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
location / {
proxy_pass https://localhost:8443/; # The Unifi Controller Port
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
# Unifi still internally uses its own cert. This was converted to PEM and
# is trusted for the sake of this proxy. See here for details:
# https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/td-p/1406670
ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem;
ssl_certificate /etc/letsencrypt/live/unifi.hostname.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/unifi.hostname.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name unifi.hostname.com;
location / {
return 301 https://$host$request_uri;
}
}
@Max101
Copy link

Max101 commented Dec 19, 2021

Hi, I found myself wanting to do this for putting the Unifi controller inside an iFrame to use with HomeAssistant.

To add it into the iFrame you need to set a few additional headers into both the location /wss/ and location / parts of the nginx conf.

Here they are:

# Headers required for unifi to work
proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
proxy_hide_header X-Content-Type-Options;
proxy_cookie_path / "/; secure; SameSite=none";
add_header X-Frame-Options "ALLOWALL";

@manustars
Copy link

manustars commented Mar 10, 2022

hi to all, i configure them, but open a white paga without any error.
location /wss/ {
proxy_pass https://192.168.1.5:8443;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
location / {
proxy_pass https://192.168.1.5:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";

}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment