Serving MDriven with Nginx Server as a Proxy
    mNo edit summary
    Tags: Manual revert Visual edit
    mNo edit summary
    Line 46: Line 46:
         access_log /var/log/nginx/mdriven_server_access.log;
         access_log /var/log/nginx/mdriven_server_access.log;
    }
    }
    </syntaxhighlight>'''Step -3: Enable the site and restart Nginx'''<syntaxhighlight>
    sudo ln -s /etc/nginx/sites-available/mdrivenserver /etc/nginx/sites-enabled/
    sudo nginx -t  # Test configuration
    sudo systemctl restart nginx
    </syntaxhighlight>'''Step -4: Now, you can access MDriven Server and MDriven Turnkey by entering the following URL respectively"http://<your_domain_or_IP_address>:5042" in this case it will be <nowiki>http://10.0.2.15:5042</nowiki>'''
    '''Step -5: Create a configuration file for MDriven Turnkey'''<syntaxhighlight>
    sudo nano /etc/nginx/sites-available/mdriventurnkey
    </syntaxhighlight>Copy and paste the below content in the file. Replace IP_ADDRESS_OR_DOMAIN_NAME with correct IP address or domain name pointing to your MDriven Server<syntaxhighlight>
    server {
        listen 8000;
        server_name 10.0.2.15; #---domain-name or IP address
        location / {
            proxy_pass http://127.0.0.1:5011;  # Replace with Mono server's port
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_read_timeout 300;
            proxy_connect_timeout 300;
            proxy_redirect off;
        }
        location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|html|htm)$ {
            root /var/www/html/mdriven;
            expires max;
            log_not_found off;
        }
        error_log /var/log/nginx/mdriven_turnkey_error.log;
        access_log /var/log/nginx/mdriven_turnkey_access.log;
    }
    </syntaxhighlight>'''Step -6: Enable the site and restart Nginx'''<syntaxhighlight>
    sudo ln -s /etc/nginx/sites-available/mdriventurnkey /etc/nginx/sites-enabled/
    sudo nginx -t
    sudo systemctl restart nginx
    </syntaxhighlight>'''Step -7: Access MDriven Turnkey'''
    Now, you can access MDriven Server and MDriven Turnkey by entering the following URL respectively"http://<your_domain_or_IP_address>:5042" in this case it will be <nowiki>http://10.0.2.15:5011</nowiki>
    With our current installation setup, MDriven Server and MDriven Turnkey are still running using HTTP: We can proceed to secure our production setup using HTTPS instead. To secure our Nginx proxy server setup, follow the steps below:
    '''Step -1: Install Certbot and Nginx Plugin'''<syntaxhighlight>
    sudo apt update
    sudo apt install certbot python3-certbot-nginx
    </syntaxhighlight>'''Step -2: Ensure Nginx is running.'''<syntaxhighlight>
    sudo systemctl start nginx
    </syntaxhighlight>'''Step -3: Obtain an SSL Certificate.'''
    Run Certbot with the Nginx plugin to automatically configure SSL:<syntaxhighlight>
    sudo certbot --nginx
    </syntaxhighlight>Follow the prompts:<syntaxhighlight>
        Select the domain name to secure (e.g., 10.0.2.15 or your custom domain).
        Certbot will generate and configure the SSL certificate automatically.
    </syntaxhighlight>'''Step -4: Verify the SSL Configuration'''
    Certbot updates your Nginx configuration to SSL. However, manually verify that the changes are correct. Your updated configuration should look like this:<syntaxhighlight>
    server {
        listen 443 ssl;
        server_name 10.0.2.15;  # Replace with your domain or IP
        ssl_certificate /etc/letsencrypt/live/10.0.2.15/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/10.0.2.15/privkey.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
            proxy_pass http://127.0.0.1:5011;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_read_timeout 300;
            proxy_connect_timeout 300;
            proxy_redirect off;
        }
        location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|html|htm)$ {
            root /var/www/html/mdriven;
            expires max;
            log_not_found off;
        }
        error_log /var/log/nginx/mdriven_turnkey_error.log;
        access_log /var/log/nginx/mdriven_turnkey_access.log;
    }
    server {
        listen 80;
        server_name 10.0.2.15;
        # Redirect HTTP to HTTPS
        return 301 https://$host$request_uri;
    }
    </syntaxhighlight>Test the configuration:<syntaxhighlight>
    sudo nginx -t
    </syntaxhighlight>Restart Nginx:<syntaxhighlight>
    sudo systemctl restart nginx
    </syntaxhighlight>'''Step -6: Automatic Certificate Renewal'''
    Let's Encrypt certificates are valid for 90 days, but Certbot automatically renews them. Add a cron job to test renewal periodically:<syntaxhighlight>
    Open the crontab editor:
    sudo crontab -e
    Add the following line to test renewal daily:
    0 0 * * * certbot renew --quiet && systemctl reload nginx
    </syntaxhighlight>
    </syntaxhighlight>

    Revision as of 17:46, 2 January 2025

    This page was created by Stephanie@mdriven.net on 2024-12-20. Last edited by Edgar on 2025-01-20.

    After successful installation of MDriven on the Ubuntu Server, this installation also ensured we installed Nginx Web server to create the /var/www/ directory.

    Now check the status of nginx service using the command.

    service nginx status

    The result should be as shown below with Active: active (running) which indicates that Nginx service is up and running.

    Documentation Serving MDriven with Nginx Server as a Proxy 1735837499808.png

    If Nginx is not running, you can start the service with the command

    service nginx start



    Step -1: Configure Nginx

    Navigate to the nginx directory where we will create a configuration file for MDriven Turnkey and the MDriven Server

    cd /etc/nginx/sites-available

    The “/etc/nginx/sites-available” directory typically contains configuration files for Nginx virtual hosts. Each file in this directory represents a separate virtual host configuration, allowing you to define settings for different websites or applications hosted on your server. There will be a default config file available already. You can remove it or leave it as is.


    Step -2: Create a configuration file for MDriven Server

    sudo nano /etc/nginx/sites-available/mdrivenserver

    Copy and paste the below content in the file. Replace IP_ADDRESS_OR_DOMAIN_NAME with correct IP address or domain name pointing to your MDriven Server.

    server {
    listen 80;
    server_name 10.0.2.15; #---domain-name or IP address

    location / {
        proxy_pass http://127.0.0.1:5042;  # Replace with Mono server's port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_redirect off;
    }

    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|html|htm)$ {
        root /var/www/html/mdriven;
        expires max;
        log_not_found off;
    }

    error_log /var/log/nginx/mdriven_server_error.log;
    access_log /var/log/nginx/mdriven_server_access.log;
}

    Step -3: Enable the site and restart Nginx

    sudo ln -s /etc/nginx/sites-available/mdrivenserver /etc/nginx/sites-enabled/
sudo nginx -t  # Test configuration
sudo systemctl restart nginx

    Step -4: Now, you can access MDriven Server and MDriven Turnkey by entering the following URL respectively"http://<your_domain_or_IP_address>:5042" in this case it will be http://10.0.2.15:5042 Step -5: Create a configuration file for MDriven Turnkey

    sudo nano /etc/nginx/sites-available/mdriventurnkey

    Copy and paste the below content in the file. Replace IP_ADDRESS_OR_DOMAIN_NAME with correct IP address or domain name pointing to your MDriven Server

    server {
    listen 8000;
    server_name 10.0.2.15; #---domain-name or IP address

    location / {
        proxy_pass http://127.0.0.1:5011;  # Replace with Mono server's port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_redirect off;
    }

    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|html|htm)$ {
        root /var/www/html/mdriven;
        expires max;
        log_not_found off;
    }

    error_log /var/log/nginx/mdriven_turnkey_error.log;
    access_log /var/log/nginx/mdriven_turnkey_access.log;
}

    Step -6: Enable the site and restart Nginx

    sudo ln -s /etc/nginx/sites-available/mdriventurnkey /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

    Step -7: Access MDriven Turnkey

    Now, you can access MDriven Server and MDriven Turnkey by entering the following URL respectively"http://<your_domain_or_IP_address>:5042" in this case it will be http://10.0.2.15:5011

    With our current installation setup, MDriven Server and MDriven Turnkey are still running using HTTP: We can proceed to secure our production setup using HTTPS instead. To secure our Nginx proxy server setup, follow the steps below:

    Step -1: Install Certbot and Nginx Plugin

    sudo apt update
sudo apt install certbot python3-certbot-nginx

    Step -2: Ensure Nginx is running.

    sudo systemctl start nginx

    Step -3: Obtain an SSL Certificate. Run Certbot with the Nginx plugin to automatically configure SSL:

    sudo certbot --nginx

    Follow the prompts:

        Select the domain name to secure (e.g., 10.0.2.15 or your custom domain).
    Certbot will generate and configure the SSL certificate automatically.

    Step -4: Verify the SSL Configuration Certbot updates your Nginx configuration to SSL. However, manually verify that the changes are correct. Your updated configuration should look like this:

    server {
    listen 443 ssl;
    server_name 10.0.2.15;  # Replace with your domain or IP

    ssl_certificate /etc/letsencrypt/live/10.0.2.15/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/10.0.2.15/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:5011;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_redirect off;
    }

    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|html|htm)$ {
        root /var/www/html/mdriven;
        expires max;
        log_not_found off;
    }

    error_log /var/log/nginx/mdriven_turnkey_error.log;
    access_log /var/log/nginx/mdriven_turnkey_access.log;
}

server {
    listen 80;
    server_name 10.0.2.15;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

    Test the configuration:

    sudo nginx -t

    Restart Nginx:

    sudo systemctl restart nginx

    Step -6: Automatic Certificate Renewal Let's Encrypt certificates are valid for 90 days, but Certbot automatically renews them. Add a cron job to test renewal periodically:

    Open the crontab editor:
sudo crontab -e

Add the following line to test renewal daily:
0 0 * * * certbot renew --quiet && systemctl reload nginx
    Retrieved from "https://learn.mdriven.net/index.php?title=Documentation:Serving_MDriven_with_Nginx_Server_as_a_Proxy&oldid=24557"

    © MDRIVEN . All Rights Reserved

    API Docs
    MDriven World | Portal | Blog | YouTube | StackOverflow | Facebook

    © MDRIVEN . All Rights Reserved