From 6960004a38d3dba191e86a2cb362feae057752eb Mon Sep 17 00:00:00 2001 From: Juan Font Date: Fri, 30 Jul 2021 18:42:49 +0200 Subject: [PATCH] Initial Home page --- nginx-configuration.md | 51 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 nginx-configuration.md diff --git a/nginx-configuration.md b/nginx-configuration.md new file mode 100644 index 0000000..b6ac97c --- /dev/null +++ b/nginx-configuration.md @@ -0,0 +1,51 @@ +# nginx configuration + +The original Tailscale protocol relies on HTTP Long-Polling¹ for communication with the control server. Long story short, the client opens a HTTP 1.1 connection to the server and maintains it open, to receive keep-alives + updates in the tailnet/namespace. + +nginx must be aware of this situation if you want to use it as a reverse proxy in front of Headscale. Otherwise it will keep closing the connections from the clients, or even worse not closing them when it is needed. + +Please find below a reference configuration for a standard `proxy_pass` config: + + +```nginx +server { + server_name foobar.example.com; + + client_body_timeout 5m; + client_header_timeout 5m; + + access_log /var/log/nginx/foobar.example.com.access.log; + error_log /var/log/nginx/foobar.example.com.error.log info; + + # reverse proxy + location / { + proxy_pass http://127.0.0.1:8080; # headscale listen_addr + proxy_read_timeout 6m; + proxy_ignore_client_abort off; + proxy_request_buffering off; + proxy_buffering off; + proxy_no_cache "always"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + + listen 443 ssl; # managed by Certbot + # extra stuff... + +} +``` + + + + + + + + + + + +___________________________________ +¹: https://en.wikipedia.org/wiki/Push_technology#Long_polling \ No newline at end of file