What nginx configuration did you apply on the reverse proxy for Azure AD

Help Developers
1

@AlexHofbeck I have the same issue. What nginx configuration did you apply on the reverse proxy? I’ve followed the default nginx configuration on speckle-server/utils/docker-compose-ingress/nginx/default.conf at main · specklesystems/speckle-server · GitHub.

2

Hi @bekraft,
the link of yours is the configuration for the connection for Frontend to Backend which you usually do not have to care about. This nginx ingress for the Speckle Server is used for the Docker-Compose set-up and only necessary for that as far as I understood.

In case you want to have a reverse proxy in front of your Speckle config, we used this config … as I’m far away from an expert and did not have the time to research deeper … please double check with another expert. For serious production stuff be careful with that

server {​
    server_name yourservername.com;​ #this you can modify
    proxy_read_timeout 8h;​
    proxy_connect_timeout 8h;​
    proxy_send_timeout 8h;​

        location / {​
        proxy_pass http://yourserverip:yourport; #here you have to modify the values​
        client_max_body_size 400M;​
        proxy_busy_buffers_size   512k;​
        proxy_buffers     4 512k;​
        proxy_buffer_size   512k;​
        ​
        proxy_http_version 1.1;​
        proxy_set_header X-Real-IP $remote_addr;​
        proxy_set_header Host $host;​
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;​
        proxy_set_header X-Forwarded-Proto $scheme;
        server_tokens off;        ​
        }​
}​

This is the config without letsencrypt.

these links were for me the way to start:
Installation of Nginx and Server Block​
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04

Installation of Letsencrypt​
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

Proper configuration​
https://help.dreamhost.com/hc/en-us/articles/222784068-The-most-important-steps-to-take-to-make-an-nginx-server-more-secure

3 Likes
3

Hey @AlexHofbeck,

I checked my nginx configuration against your config snippet and found that I missed the proxy header forwarding for the backend location (here speckle-server/utils/docker-compose-ingress/nginx/default.conf at 99bf268a7470bbf2e405251e379c8e87f38e515a · specklesystems/speckle-server · GitHub). After adding these lines to the backend location config, the auth finally worked successfully.

The current configuration is only intented for a test stage. For production I like to switch to k8s.

3 Likes