nalalangan/fiddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f8e426542d
fiddy/docs/08_NGINX_PROXY_MANAGER_SETUP.md
Nico f8e426542d
Some checks failed
Build & Deploy Fiddy (Dokploy) / build (push) Has been cancelled
Details
Build & Deploy Fiddy (Dokploy) / deploy (push) Has been cancelled
Details
feat: implement schedules pivot, scheduler service, and dokploy deploy flow
2026-02-15 17:10:58 -08:00

116 lines
3.0 KiB
Markdown
Raw Blame History

# Nginx Proxy Manager Setup (Existing Edge)
This guide assumes you already run Nginx Proxy Manager (NPM) as your shared reverse proxy and want to route Fiddy through it.
## 1) Proxy Host in NPM UI
1. Create a Proxy Host for your Fiddy domain.
2. Forward Hostname/IP: your app host/internal IP.
3. Forward Port: your app port (for example `3000`).
4. Enable:
- Block Common Exploits
- Websockets Support
- SSL certificate
- Force SSL
- HTTP/2 support
## 2) Host Advanced Config (NPM UI)
In Proxy Host -> Advanced, paste from:
- `docker/nginx/npm/proxy-host-advanced.conf.example`
This adds:
- timeout/body limits
- connection cap
- structured access/error logs
## 3) Required Root Custom Location `/` (NPM UI)
Create a Custom Location for:
- `/`
In that location Advanced field, paste:
- `docker/nginx/npm/location-root-advanced.conf.example`
This handles:
- security headers
- request-id propagation/response header
- upstream proxy timeouts
## 4) Per-Location Rate Limits (NPM UI)
Create Custom Locations in NPM for:
- `/api/auth/login`
- `/api/auth/register`
- `/api/entries`
- `/api/buckets`
- `/api/groups`
- `/api/tags`
- `/api/schedules` (canonical)
- `/api/recurring-entries` (compatibility, deprecated)
Then use:
- `docker/nginx/npm/location-auth-advanced.conf.example` for auth locations
- `docker/nginx/npm/location-write-advanced.conf.example` for write API locations
Note:
- because these are more specific locations than `/`, keep request-id directives in these location snippets too.
## 5) Global NPM Config Needed for Rate Limit Zones
`limit_req_zone`, `limit_conn_zone`, and `log_format` must exist in Nginx `http` context.
Use template:
- `docker/nginx/npm/http_top.conf.example`
Typical NPM path:
- `/data/nginx/custom/http_top.conf`
## 6) SSH Method (If UI Is Not Enough)
If your NPM UI does not expose everything you need:
1. Enter the container:
```bash
docker exec -it <npm_container_name> sh
```
2. Verify active config and custom includes:
```bash
nginx -T | grep -n "include .*custom"
nginx -T | grep -n "http_top.conf"
```
3. Write global HTTP custom file (path may vary by image/version):
```bash
mkdir -p /data/nginx/custom
cat >/data/nginx/custom/http_top.conf <<'EOF'
# paste docker/nginx/npm/http_top.conf.example content
EOF
```
4. Reload Nginx:
```bash
nginx -t
nginx -s reload
```
5. In NPM UI, apply:
- host advanced snippet
- location `/` snippet
- auth/write location snippets
## 7) Log Path Alignment
If your NPM uses a different log path than `/var/log/nginx`:
- update `access_log` / `error_log` lines in your host advanced config
- update:
- `docker/observability/promtail-config.yml`
- `docker/security/fail2ban/jail.d/fiddy-nginx.conf`
- `docker/security/crowdsec/acquis.yaml`
## 8) Validate
Run:
```bash
scripts/smoke-public-launch.sh https://your-domain
```
Then confirm:
- `X-Request-Id` response header exists
- response JSON includes `request_id`
- nginx access logs receive entries for the Fiddy host
- auth and write endpoint bursts are rate limited
Reference in New Issue View Git Blame Copy Permalink