-
Notifications
You must be signed in to change notification settings - Fork 28
LightningTip via Nginx reverse proxy
If your website is SSL-enabled, such as via LetsEncrypt certbot certificates, and you are finding LightningTip is having permissions errors reading those certificate files with the available LightningTip configuration options, you may want to consider running LightningTip via nginx reverse proxy instead and let nginx handle the encryption for you.
Configure LightningTip to run on an alternative REST port by editing $HOME/.lightningtip/lightningtip.conf as follows:
resthost = localhost:10000
accessdomain = *
Setup an nginx reverse proxy by editing /etc/nginx/sites-available/default as follows, replacing YOUR_SERVER_NAME, and adding the correct paths for your certbot issued certificates, or other authority-issued SSL certificates:
server {
listen 8081;
listen [::]:8081;
server_name YOUR_SERVER_NAME;
ssl on;
ssl_certificate /path/to/your/ssl/cert;
ssl_certificate_key /path/to/your/ssl/key;
include /etc/letsencrypt/options-ssl-nginx.conf; # set by certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # set by certbot
location / {
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:10000;
proxy_set_header Connection '';
proxy_set_header Host $host;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
}
}
The configured options are the suggested defaults for allowing
EventSourcevia proxied sources as covered in
Restart nginx to implement the changes.
sudo service nginx restart
This will work with the default lightningTip.js without any further changes to that file.
nginx will proxy connections to port 8081 to LightningTip running on localhost:10000 as well as take care of the SSL certificates.