Skip to content

Instantly share code, notes, and snippets.

@wieshka

wieshka/ajenti.conf

Created December 21, 2015 23:42
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save wieshka/b3bc83e6c06052e4ce13 to your computer and use it in GitHub Desktop.
Save wieshka/b3bc83e6c06052e4ce13 to your computer and use it in GitHub Desktop.
Download ZIP
Working NGINX configuration for Ajenti reverse proxy
Raw
ajenti.conf
server {
listen *:443 ssl;
listen *:80;
ssl_certificate /etc/self-signed-ssl/cert.crt;
ssl_certificate_key /etc/self-signed-ssl/cert.key;
server_name FQDN;
access_log /var/log/nginx/ajenti-web-panel.access.log;
error_log /var/log/nginx/ajenti-web-panel.error.log;
root /srv/new-website;
index index.html index.htm index.php;
location ~ /ajenti.* {
rewrite (/ajenti)$ / break;
rewrite /ajenti/(.*) /$1 break;
proxy_pass http://127.0.0.1:8000;
proxy_redirect / /ajenti/;
proxy_set_header Host $host;
proxy_set_header Origin http://$host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
@digimbyte
Copy link

digimbyte commented Jun 23, 2023
edited

doesn't appear to be valid with a simple subdomain proxy (ie: no redirects) as it never logs in.
if anyone else comes across this, setting http v1.1 and the origin helped resolve asset 401/403 errors.
but it doesn't log in.

my current:

server {
    listen 80;
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name sub.domain.com;

    ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem;

    keepalive_timeout    60;

    location ~ /* {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $http_host;
        proxy_set_header Origin http://$host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_http_version 1.1;

        allow all;
        expires max;
        access_log off;
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment