Skip to content

Using NGINX as a reverse proxy

Kay Kim edited this page Jul 3, 2023 · 1 revision

This is an Archived Page: The following content has been ported from solidproject.org


Using NGINX as a Reverse Proxy

A reverse proxy allows you to run a Solid server on an internal port and let the proxy handle traffic to public HTTP and HTTPS ports. This example below shows one way to achieve this for the Community Solid Server.

In the code snippet, we assume that:

  • your public URL is https://solid.example/
  • your server is running on http://localhost:3000/
  • you have installed NGINX and its configuration folder is /etc/nginx/
  • your TLS certificates are stored at /etc/letsencrypt/live/solid.example/

You can replace these values with those of your configuration.

Configuration

Add a new site to your NGINX configuration by creating a file /etc/nginx/sites-available/solid.example with the following contents:

# Your local Solid server instance
upstream community-solid-server {
  server 127.0.0.1:3000;
}

# Redirect HTTP to HTTPS
server {
  server_name solid.example;
  listen 80;
  return 301 https://$host$request_uri;
}

# Proxy traffic for https://solid.example/ to http://localhost:3000/
server {
  server_name solid.example;

  # HTTPS certificate setup (can be autogenerated by tools such as certbot)
  listen 443 ssl http2;
  ssl_certificate         /etc/letsencrypt/live/solid.example/fullchain.pem;
  ssl_certificate_key     /etc/letsencrypt/live/solid.example/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/solid.example/chain.pem;
  include snippets/https.conf;

  # Include this for certificate renewal if you are using Let's Encrypt
  location ^~ /.well-known/acme-challenge/ {
    root /var/www/solid.example; # or a folder of your choice
  }

  # Proxy all other traffic to the Solid server
  location / {
    # Delegate to the Solid server, passing the original host and protocol
    proxy_pass http://community-solid-server$request_uri;
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Pass these headers from the Solid server back to the client
    proxy_pass_header Server;
    proxy_pass_header Set-Cookie;

    # Enable Websocket support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    # Prevent ETag modification (https://github.com/solid/community-server/issues/1036)
    gzip off;
  }
}

We are reusing an HTTPS configuration file at /etc/nginx/snippets/https.conf, which you should create if it does not exist.

Activating the configuration

Don't forget to restart NGINX to activate the new configuration:

sudo systemctl restart nginx
Clone this wiki locally