Asger Weirsøe
36 lines
1.3 KiB
Plaintext
36 lines
1.3 KiB
Plaintext
# Paste into NginxProxyManager → your proxy host → "Advanced" tab.
|
|
#
|
|
# Forward Hostname/IP and Forward Port are set normally via the UI (point at
|
|
# the LXC's internal IP, port 8080). This snippet only adds header-based auth.
|
|
|
|
# 1. API key. Replace with a long random value (>= 32 chars).
|
|
# Generate one with: openssl rand -hex 32
|
|
set $weircon_api_key "REPLACE_WITH_A_LONG_RANDOM_API_KEY";
|
|
|
|
# 2. Auth gate. Pass if either (a) the API key matches, or (b) it's a
|
|
# request for the built-in /ui tester page (line below — comment it out
|
|
# if you want the UI itself to require the key too).
|
|
set $weircon_auth_ok 0;
|
|
if ($http_x_weircon_random_ip = $weircon_api_key) { set $weircon_auth_ok 1; }
|
|
if ($request_uri ~* "^/ui($|\?|/)") { set $weircon_auth_ok 1; }
|
|
|
|
if ($weircon_auth_ok = 0) {
|
|
return 401;
|
|
}
|
|
|
|
# 3. Strip the auth header before forwarding — backend should never see it.
|
|
proxy_set_header X-Weircon-Random-Ip "";
|
|
|
|
# 4. Generous timeouts: upstream fetches can be slow.
|
|
proxy_connect_timeout 15s;
|
|
proxy_send_timeout 60s;
|
|
proxy_read_timeout 60s;
|
|
|
|
# 5. No buffering — let the body stream through.
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
proxy_http_version 1.1;
|
|
|
|
# 6. Higher body cap in case you ever POST something heavy.
|
|
client_max_body_size 32m;
|