search

sandstorm-io / sandstorm

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.
https://sandstorm.io
Other
6.71k stars 704 forks source link

Perfect Configuration in Nginx for Sandstorm *.Wildcard Setup #3694

Open sathishksingh opened 1 year ago

sathishksingh commented 1 year ago

Hello Guys

i have Installed Sandstorm Successfully. Centos 7 Now i am looking for Wildcard Setup. I would like to know. in Sandstorm Server itself need to be install *.Wildcard Certificate Can you please share me the Correct file to do Configure This my Current Configfile:- After installed Nginx

For more information on configuration, see:

* Official English Documentation: http://nginx.org/en/docs/

* Official Russian Documentation: http://nginx.org/ru/docs/

user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid;

Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events { worker_connections 1024; }

http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 4096;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    listen       80;
    listen       [::]:80;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    error_page 404 /404.html;
    location = /404.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}

Settings for a TLS enabled server.

#

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

servername ;

root /usr/share/nginx/html;

#

ssl_certificate "/etc/pki/nginx/server.crt";

ssl_certificate_key "/etc/pki/nginx/private/server.key";

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 10m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

#

Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

#

error_page 404 /404.html;

location = /40x.html {

}

#

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

}

Guide me how to link with Sandstorm Service ? image above which one to be used for WildCard Certificate

ocdtrekkie commented 1 year ago

I guess the question is, is there a specific reason you are putting a reverse proxy in front of Sandstorm? While we have an Nginx config example in the Sandstorm docs, if you are solely using the proxy to connect to Sandstorm, you can allow Sandstorm to handle HTTPS directly. In that scenario, you would set HTTPS_PORT to 443 in your sandstorm.conf file, and use the "SSL/TLS Certificates" section of the admin panel to connect to your Gandi DNS API, so it can set up an automatically-renewing Let's Encrypt certificate.

https://docs.sandstorm.io/en/latest/administering/ssl/ <- about using Sandstorm's built-in HTTPS/Let's Encrypt

https://docs.sandstorm.io/en/latest/administering/reverse-proxy/ <- talks about setting up Nginx and links to an example config.

If you do use the Nginx reverse proxy setup, you do not need to install the certificate in Sandstorm, as Sandstorm is serving HTTP, and your reverse proxy is implementing HTTPS.

sathishksingh commented 1 year ago

I guess the question is, is there a specific reason you are putting a reverse proxy in front of Sandstorm? While we have an Nginx config example in the Sandstorm docs, if you are solely using the proxy to connect to Sandstorm, you can allow Sandstorm to handle HTTPS directly. In that scenario, you would set HTTPS_PORT to 443 in your sandstorm.conf file, and use the "SSL/TLS Certificates" section of the admin panel to connect to your Gandi DNS API, so it can set up an automatically-renewing Let's Encrypt certificate.

https://docs.sandstorm.io/en/latest/administering/ssl/ <- about using Sandstorm's built-in HTTPS/Let's Encrypt

https://docs.sandstorm.io/en/latest/administering/reverse-proxy/ <- talks about setting up Nginx and links to an example config.

If you do use the Nginx reverse proxy setup, you do not need to install the certificate in Sandstorm, as Sandstorm is serving HTTP, and your reverse proxy is implementing HTTPS.

So Perfect Setup of Sandstorm 2 Servers 1) Server 1:- Installing Sandstorm App only with http://test-sandstorm-01.local:6080/admin

Can you guide me anything missing? in Sandstorm Server? Can you please advise me what will be sandstrom.config file to be change

2) Server 2:- Installing Apache Sever for reverse proxy DMZ Zone for Security reason image image is it Configuration is fine?

ocdtrekkie commented 1 year ago

I don't know enough about proxy configs to help you much there, unfortunately.