Initial Home page

nginx-configuration.md

@@ -0,0 +1,51 @@
+# nginx configuration
+
+The original Tailscale protocol relies on HTTP Long-Polling¹ for communication with the control server. Long story short, the client opens a HTTP 1.1 connection to the server and maintains it open, to receive keep-alives + updates in the tailnet/namespace.
+
+nginx must be aware of this situation if you want to use it as a reverse proxy in front of Headscale. Otherwise it will keep closing the connections from the clients, or even worse not closing them when it is needed.
+
+Please find below a reference configuration for a standard `proxy_pass` config:
+
+
+```nginx
+server {
+    server_name foobar.example.com;
+
+    client_body_timeout 5m;
+    client_header_timeout 5m;
+
+    access_log            /var/log/nginx/foobar.example.com.access.log;
+    error_log            /var/log/nginx/foobar.example.com.error.log info;
+
+    # reverse proxy
+    location / {
+         proxy_pass http://127.0.0.1:8080;  # headscale listen_addr
+         proxy_read_timeout 6m;
+         proxy_ignore_client_abort off;
+         proxy_request_buffering off;
+         proxy_buffering off;
+         proxy_no_cache "always";
+         proxy_set_header Host $host;
+         proxy_set_header X-Real-IP $remote_addr;
+         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+
+    listen 443 ssl; # managed by Certbot
+    # extra stuff...
+
+}
+```
+
+
+
+
+
+
+
+
+
+
+
+___________________________________
+¹: https://en.wikipedia.org/wiki/Push_technology#Long_polling