Situation: I already use a nginx reverse-proxy with Let's Encrypt SSL to access all my internal sites. However, after getting my GL.iNet GL-MT6000/Flint 2 router, I had issues access its various pages and services.
I got to learn about WebSockets and the changes I needed to make to my old configurations.
#
# /etc/nginx/sites-available/$server_name
#
# Redirect Default HTTP to HTTPS:
server {
server_name router.domain.local;
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
error_log /var/log/nginx/error-$server_name.log;
access_log /var/log/nginx/access-$server_name.log;
}
# Redirect LuCI HTTP to HTTPS:
server {
server_name router.domain.local;
listen 8080;
listen [::]:8080;
return 301 https://$server_name:8443$request_uri;
error_log /var/log/nginx/error-$server_name.log;
access_log /var/log/nginx/access-$server_name.log;
}
# GL.iNet WebSockets Router:
server {
server_name router.domain.local;
listen 443 ssl;
listen [::]:443 ssl;
# nginix needs cert & chain combined
ssl_certificate /opt/certs/acme/domain.local/fullchain.pem;
ssl_certificate_key /opt/certs/acme/domain.local/privkey.pem;
# nginx ciphers and protocols
include /opt/certs/ssl-options-nginx.conf;
location / {
proxy_pass https://192.168.1.5:443;
# nginx standard proxy settings
include proxy_params;
# enable websockets settings
proxy_http_version 1.1;
proxy_set_header Connection "Upgrade";
proxy_set_header Upgrade $http_upgrade;
# reduce websocket reconnect errors in router log
proxy_read_timeout 1d;
}
error_log /var/log/nginx/error-$server_name.log;
access_log /var/log/nginx/access-$server_name.log;
}
# Advanced Settings / LuCI
server {
server_name router.domain.local;
listen 8443 ssl;
listen [::]:8443 ssl;
# nginix needs cert & chain combined
ssl_certificate /opt/certs/acme/domain.local/fullchain.pem;
ssl_certificate_key /opt/certs/acme/domain.local/privkey.pem;
# nginx ciphers and protocols
include /opt/certs/ssl-options-nginx.conf;
location / {
proxy_pass https://192.168.1.5:8443;
# nginx standard proxy settings
include proxy_params;
}
error_log /var/log/nginx/error-$server_name.log;
access_log /var/log/nginx/access-$server_name.log;
}
# AdGuard Home:
server {
server_name router.domain.local;
listen 3000 ssl;
listen [::]:3000 ssl;
# auto-redirect to https to prevent http error:
error_page 497 https://$server_name:3000;
# nginix needs cert & chain combined
ssl_certificate /opt/certs/acme/domain.local/fullchain.pem;
ssl_certificate_key /opt/certs/acme/domain.local/privkey.pem;
# nginx ciphers and protocols
include /opt/certs/ssl-options-nginx.conf;
location / {
proxy_pass http://192.168.1.5:3000;
# nginx standard proxy settings
include proxy_params;
}
error_log /var/log/nginx/error-$server_name.log;
access_log /var/log/nginx/access-$server_name.log;
}