Wiser behind Nginx Reverse Proxy?

Discussion in 'C-Bus Wiser 1 Controller' started by poldim, Jun 20, 2017.

  1. poldim

    poldim

    Joined:
    Dec 7, 2010
    Messages:
    166
    Likes Received:
    2
    Location:
    San Francisco, CA
    Has anyone setup their Wiser instance to sit behind an Nginx Reverse Proxy?

    I've got it working through a browser, but the mobile app seems to not be connecting. Wondering if there are any special settings required (like the websockets API for UniFi)?
     
    poldim, Jun 20, 2017
    #1
  2. poldim

    poldim

    Joined:
    Dec 7, 2010
    Messages:
    166
    Likes Received:
    2
    Location:
    San Francisco, CA
    This is what I used to get it working:
    Code:
    # listening on port 80 disabled by default, redirect all traffic to https
    server {
    	listen 80;
    	# server_name _;
    	return 301 https://$host$request_uri;
    }
    
    ######### WISER
    server {
    	listen 443 ssl;
    
    	server_name wiser.*;
    
    	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    	ssl_dhparam /config/nginx/dhparams.pem;
    	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    	ssl_prefer_server_ciphers on;
    
    	client_max_body_size 0;
    
        location / {
            proxy_pass http://192.168.1.XXX;
            proxy_set_header Host $host;
        }
    }
     
    poldim, Oct 20, 2017
    #2
  3. poldim

    zei20t

    Joined:
    Aug 18, 2010
    Messages:
    130
    Likes Received:
    1
    Location:
    Sydney, Australia
    damn, this would be good to get working on my synology reverse proxy. this is the last thing still not on SSL

    EDIT: actually i think the web page works fine, its the app that doesnt want to work

    more investigation needed i think
     
    zei20t, Jan 10, 2021
    #3
  4. poldim

    MadMal

    Joined:
    Dec 16, 2009
    Messages:
    79
    Likes Received:
    1
    Location:
    Perth, WA
    Guys,

    Im not an NGINX expert as Im still using Apache2 ...

    Looks like there is a web socket connection required to make this work ...

    In Apache2 speak I needed to set it up with:

    RewriteEngine on
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule .* "ws://192.168.xx.xx%{REQUEST_URI}" [P]

    ProxyPass / http://192.168.xx.xx/
    ProxyPassReverse / http://192.168.xx.xx/

    ProxyRequests Off
     
    MadMal, Feb 12, 2021
    #4
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.