nginx reference configuration

[lm93129]

For friends who use NGINX ENDPOINT="/admin" nginx config：

  map $http_upgrade $connection_upgrade {
    default      keep-alive;
    'websocket'  upgrade;
    ''           close;
  }

server {
  listen 443 ssl http2 ;
  server_name headscale.xxx.com;

    # IPv6
  listen [::]:443 ssl http2;

  # SSL setting
  ssl_certificate /acme.sh/headscale.xxx.com/fullchain.cer;
  ssl_certificate_key /acme.sh/headscale.xxx.com/*.inwo.win.key;
  ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

  location /admin {
      alias /home/headscale-admin/build;
      index index.html;
  }

  # proxy
  location ^~/ {
    proxy_pass http://headscale:27896;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $server_name;
    proxy_redirect http:// https://;
    proxy_buffering off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    }
}

 server {
     if ($host = headscale.inwo.win) {
         return 301 https://$host$request_uri;
     }
     server_name headscale.inwo.win;
     listen 80;
     return 404;
 }

You can visit https://headscale.xxx.com/admin headscale.xxx.com is you domain name

The project is very good, thanks to the open source contribution, hope to add more features, such as ACL

[GoodiesHQ]

This is great! The only caveat I will say is that "/web" is not the default endpoint within the svelte application itself. It should be built with the env var ENDPOINT=/web due to the fact that ${ENDPOINT} is used as the application's base URL for redirects and things like that. The corresponding docker container would have to be built with --build-arg ENDPOINT=/web as far as I can tell.

Also, I would love to add ACL support. That was ultimately the goal and the reason that I created this project in the first place. Unfortunately, the ACL's have no exposure over the API so I have to make a choice:

1) Make this application not static so the server side of the application can read and interact with the HuJSON ACL config file. 2) Keep this application static and create a completely separate server-side API (likely in golaang) to to interact with the ACLs.

I'm leaning towards option 2 to keep this application relatively simple.

[lm93129]

I re-modified the NGINX configuration to illustrate endpoint. With regard to ACL configuration, I also prefer the second approach, or wait for headscale to open up the relevant API

[BeyondEvil]

This is great! The only caveat I will say is that "/web" is not the default endpoint within the svelte application itself. It should be built with the env var ENDPOINT=/web due to the fact that ${ENDPOINT} is used as the application's base URL for redirects and things like that. The corresponding docker container would have to be built with --build-arg ENDPOINT=/web as far as I can tell.

Also, I would love to add ACL support. That was ultimately the goal and the reason that I created this project in the first place. Unfortunately, the ACL's have no exposure over the API so I have to make a choice:

1. Make this application not static so the server side of the application can read and interact with the HuJSON ACL config file.
2. Keep this application static and create a completely separate server-side API (likely in golaang) to to interact with the ACLs.

I'm leaning towards option 2 to keep this application relatively simple.

For sure option 2.

[SyRaza]

I've sort of a noob at this. I'm using SWAG so I'm curious how I'd adapt this configuration for that. And I'm assuming this is a different conf file than the one meant for headscale?