WebServer Proxy

From Domoticz
Jump to navigation Jump to search

Introduction

If you are running a NGINX or Apache webserver or a Synology NAS and you want to forward (proxy) requests to your internal Domoticz installation then this is a guideline how to do so:

See for more background information the Security page

We assume the following:


Domoticz is running on a system with:

IP Address: 192.168.0.210

Port: 8080 (No SSL)


We will forward all requests ending on domoticz/ to the Internal Domoticz application


for example: https://www.mydomain.com/domoticz/ ===> http://192.168.0.210:8080

Please Note:

For the "Forwarded" (RFC7239), "X-Forwarded-For" or "X-Real-IP" HTTP Header to be recognized in Domoticz, make sure you enter the IP address of your proxy server (which could be on the same machine like 127.0.0.1) in the main Domoticz setup page underneath "Local Networks" or when you run a old version (<14299) in "RemoteProxyIPs". Else external Users are either not allowed at all or can enter Domoticz without login.

APACHE:

 <IfModule mod_ssl.c>
 <VirtualHost *:443>
       ServerName www.mydomoain.com
       ServerAlias www.mydomoain.com
       ProxyPreserveHost On
       
       # ProxyPass domoticz/json ws://192.168.0.210:8080/json
       # ProxyPassReverse domoticz/json ws://192.168.0.210:8080/json
       
       ProxyPass domoticz/ http://192.168.0.210:8080/
       ProxyPassReverse domoticz/ http://192.168.0.210:8080/

       <Location "domoticz/json">
           ProxyPass "ws://192.168.0.210:8080/json"
       </Location>

       ErrorLog ${APACHE_LOG_DIR}/site1-web_error.log

       # Possible values include: debug, info, notice, warn, error, crit,
       # alert, emerg.
       LogLevel warn

       CustomLog ${APACHE_LOG_DIR}/domoticz_access.log combined

       Include /etc/letsencrypt/options-ssl-apache.conf
       SSLCertificateFile /etc/letsencrypt/live/www.mydomoain.com/fullchain.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomoain.com/privkey.pem
 </VirtualHost>
 </IfModule>

NGINX:

 server {
       listen 443 ssl default_server;
       listen [::]:443 ssl default_server;
       server_name www.mydomoain.com;

       ssl_certificate www.mydomoain.com.crt;
       ssl_certificate_key www.mydomoain.com.key;

       access_log /var/log/nginx/domoticz-access.log;
       error_log /var/log/nginx/domoticz-error.log;

       location /domoticz {
               rewrite ^/domoticz/?(.*) /$1 break;
               proxy_http_version		1.1;
               proxy_read_timeout		90;
               proxy_set_header        Host $host;
               proxy_set_header        X-Real-IP $remote_addr;
               proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header        X-Forwarded-Proto $scheme;
               proxy_set_header		X-Scheme $scheme;
               proxy_set_header		Upgrade $http_upgrade;
               proxy_set_header		Connection $connection_upgrade;
               add_header				X-Frame-Options SAMEORIGIN;
               proxy_pass http://192.168.0.210:8080;
       }
 }

Synology NAS

IIS

Using IIS as a reverse proxy for Domoticz does not require any configuration and will work out-of-the-box

(when using version beta 2023.2 15595 or higher)

Retrieved from "https://wiki.domoticz.com/index.php?title=WebServer_Proxy&oldid=18329"