Hi,
I’m looking from some detailed pointers on how to configure nginx in a container setup, where nginx is running ‘in front of’ (reverse proxy) icingaweb.
The compose file exposes port 443 on the nginx container and the nginx container is configured to forward the location to the icingaweb container.
This works - in that I get access to the gui and can navigate everywhere I want.
However, some basic functions of the icingaweb gui no longer work:
- pulldown menus
- menus are fully unfolded instead of collapsed
- filters do not get applied
- auto refresh does not work
- probably others
This topic could help Icinga Web with Nginx - Icinga Web 2 - Icinga Community, and I’m going to try that. However, I’d like a sanity check from the community before I waste days trying to tweak something that is conceptually flawed.
So my questions are:
- Can the concept of running an nginx container in front of icingaweb work, fully featured?
- If so, should the quoted community link suffice?
- If not, what other nginx configuration items are required?
I have decent expertise on containers and Icinga. I have little understanding about php, css and what those technologies require from nginx conf settings.
server {
listen *:443 ssl;
server_name some.server.com;
client_max_body_size 0;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 10;
send_timeout 10;
server_tokens off;
location ~ /\. { deny all; return 404; }
ssl_ecdh_curve secp384r1;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/ssl/some.server.com.crt;
ssl_certificate_key /etc/nginx/ssl/some.server.com.key;
ssl_session_tickets off;
# errors go to docker console
access_log /var/log/nginx/icingaweb_access.log combined;
## Header settings
add_header Content-Security-Policy "default-src 'self'" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=15768000;" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer";
proxy_cookie_path / "/; HTTPOnly; Secure";
location / {
proxy_pass http://icingaweb:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
proxy_hide_header Server;
}
}