Skip to content

Reverse Proxy: Nginx and SSL

Jump to bottom
oznu edited this page May 28, 2019 · 1 revision

If you wish to enable secure connections to your homebridge-config-ui-x instance you can use any suitable reverse proxy to achieve this. For example, Nginx.

Nginx is a free, open source web server which can also be used as a reverse proxy, load balancer and HTTP cache and run on Linux, macOS and Windows.

How to initially setup Nginx and generate your SSL certificates will depend on what system you are using. This guide shows how to get Nginx and Let's Encrypt up and running on Debian Linux / Raspbian.

Assistance with your personal reverse proxy setup is not in scope of this project. This is not a guide explaining how to setup Nginx or Let's Encrypt. Do not use the issue tracker to raise issues related to this.

Once you have Nginx and an SSL certificate installed on your system create a new vhost config:

server {
  listen 80;
  server_name example.com; # replace with your domain

  location / {
    return 301 https://$host$request_uri;
  }
}

server {
  listen 443 ssl http2;
  server_name example.com www.example.com; # replace with your domain
 
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # replace with path to cert
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # replace with path to key

  ssl                         on;
  ssl_session_cache           builtin:1000  shared:SSL:10m;
  ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers                 EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
  ssl_prefer_server_ciphers   on;
  ssl_stapling                on;
  ssl_stapling_verify         on;

  location / {
    proxy_pass                  http://127.0.0.1:8080; # replace 8080 with the port the ui is running on
    proxy_http_version          1.1;
    proxy_buffering             off;
    proxy_set_header            Host $host;
    proxy_set_header            Upgrade $http_upgrade;
    proxy_set_header            Connection "Upgrade";
    proxy_set_header            X-Real-IP $remote_addr;
    proxy_set_header            X-Forward-For $proxy_add_x_forwarded_for;
  }
}

Installation

Homebridge Help

Homebridge UI Help

Versioning

Plugins

Developers

Clone this wiki locally