dataset/seed/nginx-reverse-proxy/README.md

---
gitea: none
include_toc: true
---


[Return to the list of application services.](../README.md)
# nginx-reverse-proxy

## Synopsis


[Nginx as reverse proxy.](https://nginx.org/)

The reverse proxy provides access to internal services.
These internal services are integrated automatically.

## Example

Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.

```
nginx-reverse-proxy:
  applicationservice: nginx-reverse-proxy
  provider_zone: reverseproxy
  zones_name:
    - localdns
```

## Basic variables

### General

#### NGINX

| Parameter                                                                                                                                                                                                                       | Comments                                                                                                                                                                                                                                                                                        |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **[general.nginx.nginx_default](dictionaries/25_nginx.xml)**<br/>mandatory<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)           | Default reverse proxy domaine name.<br/>If a client access to reverse proxy with an unknown domain name, the connexion is redirect to this domain name. By default this variable is the first associated service to this reverse proxy.<br/>**Default:** *calculated*                           |
| **[general.nginx.nginx_certificates_provider](dictionaries/25_nginx.xml)**<br/>mandatory<br/>**Type:** [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Type of certificate autority signing external certificates.<br/>The certificate can be self-signed (therefore invalid by default for the client) or obtained via the Let's Encrypt service (generally valid for the client).<br/>**Choices:**<br/>- `self-signed` ← default<br/>- `letsencrypt` |


## Variables for expert

### General

#### NGINX

| Parameter                                                                                                                                                                                                                  | Comments                                                                                                       |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| **[general.nginx.nginx_hash_bucket_size](dictionaries/21_nginx.xml)**<br/>mandatory<br/>**Type:** [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The bucket size for the server names hash tables.<br/>**Choices:**<br/>- `128` ← default<br/>- `64`<br/>- `32` |
| **[general.nginx.nginx_post_max_size](dictionaries/21_nginx.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)    | The maximum allowed size of the client request body.<br/>This value is in Mb.<br/>**Default:** 32              |

## Requirements services

### Mandatories

- [LocalDNS](../README.LocalDNS.md): DNS forwarder for local domain name.

### Optionals

- [Journald](../README.Journald.md): Concentrate journal messages on one host.

## Dependances

- [nginx-common](../nginx-common/README.md): Nginx common configuration.
- [base-fedora-37](../base-fedora-37/README.md): Base information of a Fedora 37.
  - [base-fedora](../base-fedora/README.md): Base information of a Fedora.
    - [systemd](../systemd/README.md): Systemd, a system and service manager.
      - [base-machine](../base-machine/README.md): Base information for a machine.
        - [base](../base/README.md): Base of all application services.
        - [dns-local](../dns-local/README.md): DNS client with access to local zones.
        - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
      - [journald](../journald/README.md): Journald.
      - [resolved](../resolved/README.md): Resolved.

## Useful for services

- [dovecot](../dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [forgejo](../forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [gitea](../gitea/README.md): Transitional package for Gitea to Forgejo.
- [grafana](../grafana/README.md): Grafana is an analytics and interactive visualization web application.
- [lemonldap](../lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
- [mailman](../mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [nextcloud](../nextcloud/README.md): Nextcloud, Online collaboration platform.
- [nginx-static](../nginx-static/README.md): Nginx as static web site.
- [odoo](../odoo/README.md): Odoo, an ERP and CRM.
- [peertube](../peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [piwigo](../piwigo/README.md): Piwigo, a photo management software.
- [roundcube](../roundcube/README.md): Roundcube, a webmail.
- [speedtest-rs](../speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
- [vaultwarden](../vaultwarden/README.md): Vaultwarden, a password manager.
docs for application services 2022-12-24 13:01:51 +01:00			`---`
			`gitea: none`
			`include_toc: true`
			`---`

update doc 2023-08-11 09:38:05 +02:00
			`[Return to the list of application services.](../README.md)`
docs for application services 2022-12-24 13:01:51 +01:00			`# nginx-reverse-proxy`

update doc 2023-08-02 09:26:54 +02:00			`## Synopsis`
docs for application services 2022-12-24 13:01:51 +01:00

update doc 2023-08-11 09:38:05 +02:00			`[Nginx as reverse proxy.](https://nginx.org/)`

			`The reverse proxy provides access to internal services.`
			`These internal services are integrated automatically.`

			`## Example`
docs for application services 2022-12-24 13:01:51 +01:00
update doc 2023-08-11 09:38:05 +02:00			`Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.`

			```
			`nginx-reverse-proxy:`
			`applicationservice: nginx-reverse-proxy`
			`provider_zone: reverseproxy`
			`zones_name:`
			`- localdns`
			```
update doc 2023-08-01 15:13:17 +02:00
update doc 2023-08-11 09:38:05 +02:00			`## Basic variables`
update doc 2023-08-01 15:13:17 +02:00
update doc 2023-08-11 09:38:05 +02:00			`### General`
update doc 2023-08-01 15:13:17 +02:00
update doc 2023-08-02 09:26:54 +02:00			`#### NGINX`

update doc 2023-08-11 09:38:05 +02:00			\| Parameter \| Comments \|
			\|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|
			\| [general.nginx.nginx_default](dictionaries/25_nginx.xml)<br/>mandatory<br/>Type: [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) \| Default reverse proxy domaine name.<br/>If a client access to reverse proxy with an unknown domain name, the connexion is redirect to this domain name. By default this variable is the first associated service to this reverse proxy.<br/>Default: calculated \|
			\| [general.nginx.nginx_certificates_provider](dictionaries/25_nginx.xml)<br/>mandatory<br/>Type: [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) \| Type of certificate autority signing external certificates.<br/>The certificate can be self-signed (therefore invalid by default for the client) or obtained via the Let's Encrypt service (generally valid for the client).<br/>Choices:<br/>- `self-signed` ← default<br/>- `letsencrypt` \|
update doc 2023-08-02 09:26:54 +02:00

			`## Variables for expert`

update doc 2023-08-11 09:38:05 +02:00			`### General`
update doc 2023-08-02 09:26:54 +02:00
			`#### NGINX`

update doc 2023-08-11 09:38:05 +02:00			`\| Parameter \| Comments \|`
			`\|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|----------------------------------------------------------------------------------------------------------------\|`
			\| [general.nginx.nginx_hash_bucket_size](dictionaries/21_nginx.xml)<br/>mandatory<br/>Type: [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) \| The bucket size for the server names hash tables.<br/>Choices:<br/>- `128` ← default<br/>- `64`<br/>- `32` \|
			\| [general.nginx.nginx_post_max_size](dictionaries/21_nginx.xml)<br/>mandatory<br/>Type: [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) \| The maximum allowed size of the client request body.<br/>This value is in Mb.<br/>Default: 32 \|
update doc 2023-08-02 09:26:54 +02:00
			`## Requirements services`

update doc 2023-08-11 09:38:05 +02:00			`### Mandatories`
update doc 2023-08-01 15:13:17 +02:00
update doc 2023-08-11 09:38:05 +02:00			`- [LocalDNS](../README.LocalDNS.md): DNS forwarder for local domain name.`
update doc 2023-08-02 09:26:54 +02:00
update doc 2023-08-11 09:38:05 +02:00			`### Optionals`
update doc 2023-08-02 09:26:54 +02:00
update doc 2023-08-11 09:38:05 +02:00			`- [Journald](../README.Journald.md): Concentrate journal messages on one host.`
update doc 2023-08-01 15:13:17 +02:00
docs for application services 2022-12-24 13:01:51 +01:00			`## Dependances`

update doc 2023-08-11 09:38:05 +02:00			`- [nginx-common](../nginx-common/README.md): Nginx common configuration.`
			`- [base-fedora-37](../base-fedora-37/README.md): Base information of a Fedora 37.`
			`- [base-fedora](../base-fedora/README.md): Base information of a Fedora.`
			`- [systemd](../systemd/README.md): Systemd, a system and service manager.`
			`- [base-machine](../base-machine/README.md): Base information for a machine.`
			`- [base](../base/README.md): Base of all application services.`
			`- [dns-local](../dns-local/README.md): DNS client with access to local zones.`
			`- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.`
			`- [journald](../journald/README.md): Journald.`
			`- [resolved](../resolved/README.md): Resolved.`

			`## Useful for services`

			`- [dovecot](../dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).`
			`- [forgejo](../forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.`
			`- [gitea](../gitea/README.md): Transitional package for Gitea to Forgejo.`
			`- [grafana](../grafana/README.md): Grafana is an analytics and interactive visualization web application.`
			`- [lemonldap](../lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.`
			`- [mailman](../mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.`
			`- [nextcloud](../nextcloud/README.md): Nextcloud, Online collaboration platform.`
			`- [nginx-static](../nginx-static/README.md): Nginx as static web site.`
			`- [odoo](../odoo/README.md): Odoo, an ERP and CRM.`
			`- [peertube](../peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.`
			`- [piwigo](../piwigo/README.md): Piwigo, a photo management software.`
			`- [roundcube](../roundcube/README.md): Roundcube, a webmail.`
			`- [speedtest-rs](../speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.`
			`- [vaultwarden](../vaultwarden/README.md): Vaultwarden, a password manager.`