Jump to content

Passwordstate with Nginx Proxy


support

Recommended Posts

For anyone that is looking at setting up a Nginx proxy with Passwordstate, we have received some information below from another customer which may help.  Big thanks to Brandon for this:)

 

Here at Click Studios, we have never set up one of these proxies ourselves, but hopefully the information Brandon has provided us can help point you in the right direction, if you are running in to any issues.  If anyone would like to add anything to this, please feel free to do so.

 

Example of Config for Nginx:

 

-------
server {
    listen      192.168.99.99:443 ssl http2;
    server_name passwordstate.proxy.com ;
    location / {
        proxy_pass      https://10.10.10.99:9119;
        proxy_set_header Host internalpasswordstate.server.domain;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
 
-------

 

 

Brandon has given this detailed explanation of each of the above settings:

"

Listen 192.168.99.99
 (this is the proxy IP, sits behind behind firewall on DMZ)

 

Server_Name passwordstate.proxy.com 
(public domain with certificate, let's encrypt works fine, dons points to public IP of firewall, proxy server will look for this server name for any packet forwarded to it's ip from the firewall, only 80 and 443 are forwarded)

 

Listen /
(Just tells proxy to list on root of server name so passwordstate.proxy.com/ )

 

Proxy pass    https://10.10.10.99:9119
(Internal IP of passwordstate server, if it's in different subnet firewall rules must allow traffic to and from proxy server to password state server to port 9119)

 

Proxy_set_header Host internalpasswordstate.server.domain
(This allows the passwordstate server to keep its existing dns name, just changes the packet headers to match, important otherwise you can't login)

 

Last two lines are for forwarding the real IP address for logging.

 

All the rest of nginx setup, like specifying ssl certificate and what not I didn't include but thats pretty standard.  I'm happy to send more details on anything.
 

Once I had set the X-Fordwarding in the Password state administrator and rebooted, IP's did start to show correctly for Web. "

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...