Le bilan:
1 Raspberry avec NGINX en reverse proxy
1 Raspberry avec DOMOTICZ et MyDomoAthome
Après des heures de recherche je n'arrive pas à faire comprendre
Je veux bien un coup de pouce.
Du toujours excellent Korben http://korben.info/configurer-nginx-reverse-proxy.htmlDernière petite chose. Pour que l'Apache logue correctement les IPs qui se connectent à votre serveur, il faut installer le module suivant :
sudo apt-get install libapache2-mod-rpaf
Domoticz n'y est pour rienZIONIII a écrit :...je n'arrive pas à faire comprendreà Domoticz de prendre les vrais adresses IP et non l'ip du proxy dans les logs...
Code : Tout sélectionner
...
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Code : Tout sélectionner
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;Code : Tout sélectionner
## Default all HTTP Traffic to HTTPS
server {
listen 80 default;
server_name xxxxx.xxxxx.ovh; # Set to your FQDN
rewrite ^ https://$server_name$request_uri? permanent;
}
## Domoticz Secure Proxy
server {
listen 443 default ssl;
server_name xxxxx.xxxx.ovh; # Set to your FQDN
ssl_certificate /etc/letsencrypt/live/xxxxx.xxxxx.ovh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxxxx.xxxxx.ovh/privkey.pem;
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 60m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4;
ssl_prefer_server_ciphers on;
### UNCOMMENT BELOW FOR x509 CLIENT AUTH
#ssl_client_certificate /etc/ssl/ca/ca.crt;
#ssl_verify_client optional;
#if ($ssl_client_verify != SUCCESS) {
# return 303 http://www.domoticz.com; # Set to your Error Page FQDN.
#}
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
## Domoticz
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.xx.xx:8080/;
access_log /var/log/nginx/domoticz.access.log;
error_log /var/log/nginx/domoticz.error.log;
### UNCOMMENT BELOW FOR x509 CLIENT SSO
#proxy_set_header Authorization $ssl_client_s_dn;
#proxy_hide_header Authorization;
}
### IP Camera Proxys ####
# IPCam 1 - Give URL to Live View Page
#location /ipcameras/cam1 {
# proxy_pass http://192.168.1.100:9989/onvif/media_service/snapshot;
#}
}
### Custom Access Denied Page for x509
#server {
# listen 80;
# server_name access-denied.your_domain_name.com; # Set to your Error Page FQDN
# root /var/www/access-denied; # Path to your error page
# index index.html; # Name of your error page
# error_page 404 /index.html;
# error_page 400 /index.html;
# access_log /var/log/nginx/auth-fail.access.log; # Logs of failed auths.
#}