Last active
May 6, 2024 12:41
-
-
Save vidia/fbef2ee643b23848d8b24211d5860b78 to your computer and use it in GitHub Desktop.
Example, working, NGINX config for proxying to Unifi Controller software and using letsencrypt. Includes websocket fix.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor. | |
# The unifi default port is 8443 running on localhost. | |
# License: CC0 (Public Domain) | |
server { | |
# SSL configuration | |
# | |
listen 443 ssl default_server; | |
listen [::]:443 ssl default_server; | |
server_name unifi.hostname.com; | |
# Needed to allow the websockets to forward well. | |
# Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354 | |
location /wss/ { | |
proxy_pass https://localhost:8443; | |
proxy_http_version 1.1; | |
proxy_buffering off; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
proxy_read_timeout 86400; | |
} | |
location / { | |
proxy_pass https://localhost:8443/; # The Unifi Controller Port | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; | |
} | |
# Unifi still internally uses its own cert. This was converted to PEM and | |
# is trusted for the sake of this proxy. See here for details: | |
# https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/td-p/1406670 | |
ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem; | |
ssl_certificate /etc/letsencrypt/live/unifi.hostname.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/unifi.hostname.com/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
} | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name unifi.hostname.com; | |
location / { | |
return 301 https://$host$request_uri; | |
} | |
} |
hi to all, i configure them, but open a white paga without any error.
location /wss/ {
proxy_pass https://192.168.1.5:8443;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
location / {
proxy_pass https://192.168.1.5:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I found myself wanting to do this for putting the Unifi controller inside an iFrame to use with HomeAssistant.
To add it into the iFrame you need to set a few additional headers into both the
location /wss/
andlocation /
parts of the nginx conf.Here they are: