Skip to main content
Version: v1.5

NGINX

Want to use Nginx as your reverse proxy? No problem here are the instructions…

Prerequisites

Before moving on you must have

  • some knowledge of Nginx
  • valid SSL certificates

Installation

To implement Nginx in front of Secured Signal API you need to update your docker-compose.yaml file.

services:
  secured-signal:
    image: ghcr.io/codeshelldev/secured-signal-api:latest
    container_name: secured-signal
    environment:
      API__URL: http://signal-api:8080
      SETTINGS__MESSAGE__VARIABLES__RECIPIENTS: "[+123400002, +123400003, +123400004]"
      SETTINGS__MESSAGE__VARIABLES__NUMBER: "+123400001"
      API__TOKENS: "[LOOOOOONG_STRING]"
    restart: unless-stopped
    networks:
      backend:
        aliases:
          - secured-signal-api

  nginx:
    image: nginx:latest
    container_name: secured-signal-proxy
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
      # Load SSL certificates: cert.key, cert.crt
      - ./certs:/etc/nginx/ssl
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - secured-signal
    restart: unless-stopped
    networks:
      proxy:
      backend:
        ipv4_address: 172.20.0.100

networks:
  backend:
  proxy:

Setup

Create a nginx.conf file in the docker-compose.yaml folder and mount it to /etc/nginx/conf.d/default.conf in your Nginx container.

server {
    # Allow SSL on Port 443
    listen 443 ssl;

    # Add allowed hostnames which nginx should respond to
    # `_` for any
    server_name domain.com;

    # SSL Configuration
    ssl_certificate /etc/nginx/ssl/cert.crt;
    ssl_certificate_key /etc/nginx/ssl/cert.key;

    location / {
        # Use whatever network alias you set in the docker-compose file
        proxy_pass http://secured-signal-api:8880;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Fowarded-Proto $scheme;
    }
}

# Redirect HTTP to HTTPs
server {
    listen 80;
    server_name domain.com;
    return 301 https://$host$request_uri;
}

Add your cert.key and cert.crt into your certs/ folder and mount it to /etc/nginx/ssl.

Configuration

Now you can switch over to Secured Signal API and add Nginx to your trusted proxies:

settings:
  access:
    trustedProxies:
      - 172.20.0.100

Lastly spin up your stack:

docker compose up -d

And you are ready to go!