nalalangan/fiddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a0514f0823
fiddy/docs/08_NGINX_PROXY_MANAGER_SETUP.md
Nico f8e426542d
Some checks failed
Build & Deploy Fiddy (Dokploy) / build (push) Has been cancelled
Details
Build & Deploy Fiddy (Dokploy) / deploy (push) Has been cancelled
Details
feat: implement schedules pivot, scheduler service, and dokploy deploy flow
2026-02-15 17:10:58 -08:00

3.0 KiB
Raw Blame History

Nginx Proxy Manager Setup (Existing Edge)

This guide assumes you already run Nginx Proxy Manager (NPM) as your shared reverse proxy and want to route Fiddy through it.

1) Proxy Host in NPM UI

  1. Create a Proxy Host for your Fiddy domain.
  2. Forward Hostname/IP: your app host/internal IP.
  3. Forward Port: your app port (for example 3000).
  4. Enable:
  • Block Common Exploits
  • Websockets Support
  • SSL certificate
  • Force SSL
  • HTTP/2 support

2) Host Advanced Config (NPM UI)

In Proxy Host -> Advanced, paste from:

  • docker/nginx/npm/proxy-host-advanced.conf.example

This adds:

  • timeout/body limits
  • connection cap
  • structured access/error logs

3) Required Root Custom Location / (NPM UI)

Create a Custom Location for:

  • /

In that location Advanced field, paste:

  • docker/nginx/npm/location-root-advanced.conf.example

This handles:

  • security headers
  • request-id propagation/response header
  • upstream proxy timeouts

4) Per-Location Rate Limits (NPM UI)

Create Custom Locations in NPM for:

  • /api/auth/login
  • /api/auth/register
  • /api/entries
  • /api/buckets
  • /api/groups
  • /api/tags
  • /api/schedules (canonical)
  • /api/recurring-entries (compatibility, deprecated)

Then use:

  • docker/nginx/npm/location-auth-advanced.conf.example for auth locations
  • docker/nginx/npm/location-write-advanced.conf.example for write API locations

Note:

  • because these are more specific locations than /, keep request-id directives in these location snippets too.

5) Global NPM Config Needed for Rate Limit Zones

limit_req_zone, limit_conn_zone, and log_format must exist in Nginx http context.

Use template:

  • docker/nginx/npm/http_top.conf.example

Typical NPM path:

  • /data/nginx/custom/http_top.conf

6) SSH Method (If UI Is Not Enough)

If your NPM UI does not expose everything you need:

  1. Enter the container:
docker exec -it <npm_container_name> sh
  1. Verify active config and custom includes:
nginx -T | grep -n "include .*custom"
nginx -T | grep -n "http_top.conf"
  1. Write global HTTP custom file (path may vary by image/version):
mkdir -p /data/nginx/custom
cat >/data/nginx/custom/http_top.conf <<'EOF'
# paste docker/nginx/npm/http_top.conf.example content
EOF
  1. Reload Nginx:
nginx -t
nginx -s reload
  1. In NPM UI, apply:
  • host advanced snippet
  • location / snippet
  • auth/write location snippets

7) Log Path Alignment

If your NPM uses a different log path than /var/log/nginx:

  • update access_log / error_log lines in your host advanced config
  • update:
    • docker/observability/promtail-config.yml
    • docker/security/fail2ban/jail.d/fiddy-nginx.conf
    • docker/security/crowdsec/acquis.yaml

8) Validate

Run:

scripts/smoke-public-launch.sh https://your-domain

Then confirm:

  • X-Request-Id response header exists
  • response JSON includes request_id
  • nginx access logs receive entries for the Fiddy host
  • auth and write endpoint bursts are rate limited