Running Cells behind a Nginx reverse proxy
Created on 2021/03/31,Category:
Specific Cells parameters
To configure your external and bind for Cells you run the following command:
./cells configure sites
Bind Address: is the interface and port used to bind Cells on the server.
External URL: is the url used to access Cells from outside (in this case, the reverse proxy).
Basic NGINX reverse proxy configuration
To have the latest nginx version follow the official nginx documentation (https://nginx.org/en/linux_packages.html).
server {
server_name my-cells-server.com;
client_max_body_size 200M;
location / {
proxy_pass https://localhost:8080;
# this line is required for cells-sync
# grpc_pass grpcs://localhost:8080;
}
location /ws/ {
proxy_pass https://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
error_log /var/log/nginx/cells-proxy-error.log;
access_log /var/log/nginx/cells-proxy-access.log;
listen [::]:443 ssl;
listen 443 ssl http2;
# certificate configuration (in this case generated by certbot)
ssl_certificate /etc/letsencrypt/live/my-cells-server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my-cells-server.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = my-cells-server.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name my-cells-server.com;
return 404;
}
This config was updated with nginx version: nginx/1.20.0
Cells Sync
Mandatory section for the Sync Client to work behind a Nginx reverse proxy.
If your Cells Server is running behind a Nginx reverse proxy you must meet 2 requirements and then add the config below to your main nginx reverse proxy configuration.
- You need TLS encryption between Cells and Nginx.
- HTTP 2 need to be enabled like this
listen 443 ssl http2;.
Finale note
Make sure to substitute the values of the certificates and ip/domains.
See Also