Jump to content
Sign in to follow this  
support

Passwordstate with Nginx Proxy

Recommended Posts

For anyone that is looking at setting up a Nginx proxy with Passwordstate, we have received some information below from another customer which may help.  Big thanks to Brandon for this:)

 

Here at Click Studios, we have never set up one of these proxies ourselves, but hopefully the information Brandon has provided us can help point you in the right direction, if you are running in to any issues.  If anyone would like to add anything to this, please feel free to do so.

 

Example of Config for Nginx:

 

-------
server {
    listen      192.168.99.99:443 ssl http2;
    server_name passwordstate.proxy.com ;
    location / {
        proxy_pass      https://10.10.10.99:9119;
        proxy_set_header Host internalpasswordstate.server.domain;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
 
-------

 

 

Brandon has given this detailed explanation of each of the above settings:

"

Listen 192.168.99.99
 (this is the proxy IP, sits behind behind firewall on DMZ)

 

Server_Name passwordstate.proxy.com 
(public domain with certificate, let's encrypt works fine, dons points to public IP of firewall, proxy server will look for this server name for any packet forwarded to it's ip from the firewall, only 80 and 443 are forwarded)

 

Listen /
(Just tells proxy to list on root of server name so passwordstate.proxy.com/ )

 

Proxy pass    https://10.10.10.99:9119
(Internal IP of passwordstate server, if it's in different subnet firewall rules must allow traffic to and from proxy server to password state server to port 9119)

 

Proxy_set_header Host internalpasswordstate.server.domain
(This allows the passwordstate server to keep its existing dns name, just changes the packet headers to match, important otherwise you can't login)

 

Last two lines are for forwarding the real IP address for logging.

 

All the rest of nginx setup, like specifying ssl certificate and what not I didn't include but thats pretty standard.  I'm happy to send more details on anything.
 

Once I had set the X-Fordwarding in the Password state administrator and rebooted, IP's did start to show correctly for Web. "

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...