Nginx proxy example

Note that this example assumes a Nginx installation *without* Docker. See: https://nginx.org/en/linux_packages.html#instructions

To validate Nginx configuration after changes (like adding below example files), run: 

nginx -t

To reload Nginx configuration: 

service nginx reload

This chapter shows an example configuration of a Nginx reverse-proxy that listens to http(s) web - and (wss) web socket requests for particular domains, and redirects to particular ports running particular Docker containers accordingly. In this example we have multiple MSP Challenge servers running on different docker container using different ports. If a MSP Challenge client connection is encountered, the version of the connected client will dictate to which port to redirect to. File /etc/nginx/conf.d/maps.conf: 

##
# Connection header for web socket reverse proxy
##
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
# web proxy targets for connections with different versions of the client
map $http_msp_client_version $backend {
    default "http://127.0.0.1:45082";
    "5.0.0" "http://127.0.0.1:45081";
    "4.0.2" "http://127.0.0.1:45080";
}
# web socket proxy targets for connections with different versions of the client
map $http_msp_client_version $ws_backend {
    default "http://127.0.0.1:45007";
    "5.0.0" "http://127.0.0.1:45005";
    "4.0.2" "http://127.0.0.1:45003";
}

File /etc/nginx/sites-enabled/server.mspchallenge.info: 

server {
    server_name server.mspchallenge.info;
    location /.well-known {
        root /var/www/certbot;
    }
    client_max_body_size 100M;
    client_body_buffer_size 16K;
    location / {
        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto      $scheme;
        proxy_set_header X-Real-IP              $remote_addr;
        proxy_set_header Host                   $http_host;
        proxy_pass       $backend;
    }
    location /ws/ {
        proxy_pass $ws_backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/server.mspchallenge.info/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/server.mspchallenge.info/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = server.mspchallenge.info) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    listen [::]:80;
    listen 80;
    server_name server.mspchallenge.info;
}

It is assumed that the file /etc/nginx/nginx.conf contains these lines to include any newly created configuration files: 

http {
    # .... some other lines
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}
Retrieved from "https://community.mspchallenge.info/index.php?title=Nginx_proxy_example&oldid=3505"
This page was last edited on 4 September 2025, at 18:46. Content is available under GPLv3 unless otherwise noted.