While hosting a trading post, you might need to set up a reverse proxy.
Nginx
You can find the official docs for setting up a reverse proxy at https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
Install nginx on a Ubuntu server
sudo apt-get update
sudo apt-get install nginx
You can confirm your nginx installation using
nginx -v
Adding your domain
First, create a Nginx virtual host configuration using the follwing command:
sudo touch /etc/nginx/sites-available/YOUR-DOMAIN
Be sure to replace YOUR-DOMAIN with the domain you plan to associate with the trading post.
Create nginx configuration
Next, we setup our nginx configuration by editing the file that we just created.
sudo nano /etc/nginx/sites-available/YOUR-DOMAIN
You can either use
vimornanoas your text editor
You can now paste the following configuration:
server {
listen 80;
listen [::]:80;
server_name YOUR-DOMAIN;
location ^~ /.well-known/acme-challenge {
default_type text/plain;
root /path/to/letsencrypt/challenge;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR-DOMAIN;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
ssl_trusted_certificate /path/to/ca.pem;
ssl_dhparam /path/to/dhparams.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_ecdh_curve prime256v1:secp384r1;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; preload;" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1;
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
access_log /var/log/nginx/access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
# change this to the port where the trading post is running
proxy_read_timeout 90;
}
}
SSL is compulsory otherwise CORS for the trading post API will be blocked. You can easily generate SSL certificates using Let's Encrypt and specify the certificate file and key in the above configuration
Be sure to replace YOUR-DOMAIN with your actual domain and make sure your trading post is running at port 8080.
Save the file and proceed to the final step.
Start nginx
Before starting nginx, we will need to link the file in the sites-available folder to a location within the sites-enabled folder.
Again, change YOUR-DOMAIN here with the actual name of the file you created earlier.
ln -s /etc/nginx/sites-avaialable/YOUR-DOMAIN /etc/nginx/sites-enabled/YOUR-DOMAIN.conf
Let’s now test the configuration file.
sudo nginx -t
If the test is successful, you’ll see this output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now that we know it’s going to work as expected, issue the command to restart the Nginx service
sudo systemctl restart nginx
# OR #
sudo service nginx restart
Both commands perform the same task, simply preference decides your method here.
Congratulations! You should now be able to launch your trading post (if it wasn’t running already) and visit YOUR-DOMAIN in a browser, assuming the DNS is correct. :smile: