Reverse Proxy Configuration
Submitted by amazing cvc90 🙏
Note
There are 2 NGINX files for NetAlertX, one for the bare-metal Debian install (netalertx.debian.conf), and one for the docker container (netalertx.template.conf). Both can be found in the install folder. Map, or use, the one appropriate for your setup.
NGINX HTTP Configuration (Direct Path)
-
On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
-
In this file, paste the following code:
server {
listen 80;
server_name netalertx;
proxy_preserve_host on;
proxy_pass http://localhost:20211/;
proxy_pass_reverse http://localhost:20211/;
}
- Activate the new website by running the following command:
nginx -s reload or systemctl restart nginx
- Once NGINX restarts, you should be able to access the proxy website at http://netalertx/
NGINX HTTP Configuration (Sub Path)
-
On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
-
In this file, paste the following code:
server {
listen 80;
server_name netalertx;
proxy_preserve_host on;
location ^~ /netalertx/ {
proxy_pass http://localhost:20211/;
proxy_pass_reverse http://localhost:20211/;
proxy_redirect ~^/(.*)$ /netalertx/$1;
rewrite ^/netalertx/?(.*)$ /$1 break;
}
}
- Activate the new website by running the following command:
nginx -s reload or systemctl restart nginx
- Once NGINX restarts, you should be able to access the proxy website at http://netalertx/netalertx/
NGINX HTTP Configuration (Sub Path) with module ngx_http_sub_module
-
On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
-
In this file, paste the following code:
server {
listen 80;
server_name netalertx;
proxy_preserve_host on;
location ^~ /netalertx/ {
proxy_pass http://localhost:20211/;
proxy_pass_reverse http://localhost:20211/;
proxy_redirect ~^/(.*)$ /netalertx/$1;
rewrite ^/netalertx/?(.*)$ /$1 break;
sub_filter_once off;
sub_filter_types *;
sub_filter 'href="/' 'href="/netalertx/';
sub_filter '(?>$host)/css' '/netalertx/css';
sub_filter '(?>$host)/js' '/netalertx/js';
sub_filter '/img' '/netalertx/img';
sub_filter '/lib' '/netalertx/lib';
sub_filter '/php' '/netalertx/php';
}
}
- Activate the new website by running the following command:
nginx -s reload or systemctl restart nginx
- Once NGINX restarts, you should be able to access the proxy website at http://netalertx/netalertx/
NGINX HTTPS Configuration (Direct Path)
-
On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
-
In this file, paste the following code:
server {
listen 443;
server_name netalertx;
SSLEngine On;
SSLCertificateFile /etc/ssl/certs/netalertx.pem;
SSLCertificateKeyFile /etc/ssl/private/netalertx.key;
proxy_preserve_host on;
proxy_pass http://localhost:20211/;
proxy_pass_reverse http://localhost:20211/;
}
- Activate the new website by running the following command:
nginx -s reload or systemctl restart nginx
- Once NGINX restarts, you should be able to access the proxy website at https://netalertx/
NGINX HTTPS Configuration (Sub Path)
-
On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
-
In this file, paste the following code:
server {
listen 443;
server_name netalertx;
SSLEngine On;
SSLCertificateFile /etc/ssl/certs/netalertx.pem;
SSLCertificateKeyFile /etc/ssl/private/netalertx.key;
location ^~ /netalertx/ {
proxy_pass http://localhost:20211/;
proxy_pass_reverse http://localhost:20211/;
proxy_redirect ~^/(.*)$ /netalertx/$1;
rewrite ^/netalertx/?(.*)$ /$1 break;
}
}
- Activate the new website by running the following command:
nginx -s reload or systemctl restart nginx
- Once NGINX restarts, you should be able to access the proxy website at https://netalertx/netalertx/
NGINX HTTPS Configuration (Sub Path) with module ngx_http_sub_module
-
On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
-
In this file, paste the following code:
server {
listen 443;
server_name netalertx;
SSLEngine On;
SSLCertificateFile /etc/ssl/certs/netalertx.pem;
SSLCertificateKeyFile /etc/ssl/private/netalertx.key;
location ^~ /netalertx/ {
proxy_pass http://localhost:20211/;
proxy_pass_reverse http://localhost:20211/;
proxy_redirect ~^/(.*)$ /netalertx/$1;
rewrite ^/netalertx/?(.*)$ /$1 break;
sub_filter_once off;
sub_filter_types *;
sub_filter 'href="/' 'href="/netalertx/';
sub_filter '(?>$host)/css' '/netalertx/css';
sub_filter '(?>$host)/js' '/netalertx/js';
sub_filter '/img' '/netalertx/img';
sub_filter '/lib' '/netalertx/lib';
sub_filter '/php' '/netalertx/php';
}
}
- Activate the new website by running the following command:
nginx -s reload or systemctl restart nginx
- Once NGINX restarts, you should be able to access the proxy website at https://netalertx/netalertx/
Apache HTTP Configuration (Direct Path)
-
On your Apache server, create a new file called /etc/apache2/sites-available/netalertx.conf.
-
In this file, paste the following code:
<VirtualHost *:80>
ServerName netalertx
ProxyPreserveHost On
ProxyPass / http://localhost:20211/
ProxyPassReverse / http://localhost:20211/
</VirtualHost>
- Activate the new website by running the following command:
a2ensite netalertx or service apache2 reload
- Once Apache restarts, you should be able to access the proxy website at http://netalertx/
Apache HTTP Configuration (Sub Path)
-
On your Apache server, create a new file called /etc/apache2/sites-available/netalertx.conf.
-
In this file, paste the following code:
<VirtualHost *:80>
ServerName netalertx
location ^~ /netalertx/ {
ProxyPreserveHost On
ProxyPass / http://localhost:20211/
ProxyPassReverse / http://localhost:20211/
}
</VirtualHost>
- Activate the new website by running the following command:
a2ensite netalertx or service apache2 reload
- Once Apache restarts, you should be able to access the proxy website at http://netalertx/
Apache HTTPS Configuration (Direct Path)
-
On your Apache server, create a new file called /etc/apache2/sites-available/netalertx.conf.
-
In this file, paste the following code:
<VirtualHost *:443>
ServerName netalertx
SSLEngine On
SSLCertificateFile /etc/ssl/certs/netalertx.pem
SSLCertificateKeyFile /etc/ssl/private/netalertx.key
ProxyPreserveHost On
ProxyPass / http://localhost:20211/
ProxyPassReverse / http://localhost:20211/
</VirtualHost>
-
Activate the new website by running the following command:
a2ensite netalertxorservice apache2 reload -
Once Apache restarts, you should be able to access the proxy website at https://netalertx/
Apache HTTPS Configuration (Sub Path)
-
On your Apache server, create a new file called /etc/apache2/sites-available/netalertx.conf.
-
In this file, paste the following code:
<VirtualHost *:443>
ServerName netalertx
SSLEngine On
SSLCertificateFile /etc/ssl/certs/netalertx.pem
SSLCertificateKeyFile /etc/ssl/private/netalertx.key
location ^~ /netalertx/ {
ProxyPreserveHost On
ProxyPass / http://localhost:20211/
ProxyPassReverse / http://localhost:20211/
}
</VirtualHost>
- Activate the new website by running the following command:
a2ensite netalertx or service apache2 reload
- Once Apache restarts, you should be able to access the proxy website at https://netalertx/netalertx/
Reverse proxy example by using LinuxServer's SWAG container.
Submitted by s33d1ing. 🙏
linuxserver/swag
In the SWAG container create /config/nginx/proxy-confs/netalertx.subfolder.conf with the following contents:
## Version 2023/02/05
# make sure that your netalertx container is named netalertx
# netalertx does not require a base url setting
# Since NetAlertX uses a Host network, you may need to use the IP address of the system running NetAlertX for $upstream_app.
location /netalertx {
return 301 $scheme://$host/netalertx/;
}
location ^~ /netalertx/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app netalertx;
set $upstream_port 20211;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Accept-Encoding "";
proxy_redirect ~^/(.*)$ /netalertx/$1;
rewrite ^/netalertx/?(.*)$ /$1 break;
sub_filter_once off;
sub_filter_types *;
sub_filter 'href="/' 'href="/netalertx/';
sub_filter '(?>$host)/css' '/netalertx/css';
sub_filter '(?>$host)/js' '/netalertx/js';
sub_filter '/img' '/netalertx/img';
sub_filter '/lib' '/netalertx/lib';
sub_filter '/php' '/netalertx/php';
}
Traefik
Submitted by Isegrimm 🙏 (based on this discussion)
Asuming the user already has a working Traefik setup, this is what's needed to make NetAlertX work at a URL like www.domain.com/netalertx/.
Note: Everything in these configs assumes 'www.domain.com' as your domainname and 'section31' as an arbitrary name for your certificate setup. You will have to substitute these with your own.
Also, I use the prefix 'netalertx'. If you want to use another prefix, change it in these files: dynamic.toml and default.
Content of my yaml-file (this is the generic Traefik config, which defines which ports to listen on, redirect http to https and sets up the certificate process). It also contains Authelia, which I use for authentication. This part contains nothing specific to NetAlertX.
version: '3.8'
services:
traefik:
image: traefik
container_name: traefik
command:
- "--api=true"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--providers.file.filename=/traefik-config/dynamic.toml"
- "--providers.file.watch=true"
- "--log.level=ERROR"
- "--certificatesresolvers.section31.acme.email=postmaster@domain.com"
- "--certificatesresolvers.section31.acme.storage=/traefik-config/acme.json"
- "--certificatesresolvers.section31.acme.httpchallenge=true"
- "--certificatesresolvers.section31.acme.httpchallenge.entrypoint=web"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- /appl/docker/traefik/config:/traefik-config
depends_on:
- authelia
restart: unless-stopped
authelia:
container_name: authelia
image: authelia/authelia:latest
ports:
- "9091:9091"
volumes:
- /appl/docker/authelia:/config
restart: u
nless-stopped
Snippet of the dynamic.toml file (referenced in the yml-file above) that defines the config for NetAlertX: The following are self-defined keywords, everything else is traefik keywords: - netalertx-router - netalertx-service - auth - netalertx-stripprefix
[http.routers]
[http.routers.netalertx-router]
entryPoints = ["websecure"]
rule = "Host(`www.domain.com`) && PathPrefix(`/netalertx`)"
service = "netalertx-service"
middlewares = "auth,netalertx-stripprefix"
[http.routers.netalertx-router.tls]
certResolver = "section31"
[[http.routers.netalertx-router.tls.domains]]
main = "www.domain.com"
[http.services]
[http.services.netalertx-service]
[[http.services.netalertx-service.loadBalancer.servers]]
url = "http://internal-ip-address:20211/"
[http.middlewares]
[http.middlewares.auth.forwardAuth]
address = "http://authelia:9091/api/verify?rd=https://www.domain.com/authelia/"
trustForwardHeader = true
authResponseHeaders = ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"]
[http.middlewares.netalertx-stripprefix.stripprefix]
prefixes = "/netalertx"
forceSlash = false
To make NetAlertX work with this setup I modified the default file at /etc/nginx/sites-available/default in the docker container by copying it to my local filesystem, adding the changes as specified by cvc90 and mounting the new file into the docker container, overwriting the original one. By mapping the file instead of changing the file in-place, the changes persist if an updated dockerimage is pulled. This is also a downside when the default file is updated, so I only use this as a temporary solution, until the dockerimage is updated with this change.
Default-file:
server {
listen 80 default_server;
root /var/www/html;
index index.php;
#rewrite /netalertx/(.*) / permanent;
add_header X-Forwarded-Prefix "/netalertx" always;
proxy_set_header X-Forwarded-Prefix "/netalertx";
location ~* \.php$ {
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_connect_timeout 75;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
}
}
Mapping the updated file (on the local filesystem at /appl/docker/netalertx/default) into the docker container:
docker run -d --rm --network=host \
--name=netalertx \
-v /appl/docker/netalertx/config:/app/config \
-v /appl/docker/netalertx/db:/app/db \
-v /appl/docker/netalertx/default:/etc/nginx/sites-available/default \
-e TZ=Europe/Amsterdam \
-e PORT=20211 \
jokobsk/netalertx:latest