Improved self-host NGINX config example

[dries007]

While evaluating the viability of a self-hosted instance of gBridge, I came across this minor thing with the documentation.

Adding these headers allows the docker Apache to know the actual hostname and origin IP.
This is required for the proper redirection of the browser, such as when logging in to the web interface.

I'd also like to mention the screenshots are out of date, but they are still easy enough to follow along with that I don't think it's worth the effort to update them.

Kind regards,
Dries Kennes

EDIT: This doesn't completely fix the situation if HTTPS is used, because it seems the web interface/apache is hardcoded to generate HTTP urls.

This configuration allows logging in via the web interface:
(Logging in via account linking is still an issue.)

    # gBridge
    location / {
        proxy_pass http://localhost:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect   http://localhost:8080 https://$host;
        proxy_set_header Accept-Encoding "";
        sub_filter http:// https://;
        sub_filter_once off;
    }

[lipigab]

Ahh, you are a live saver!!!! I was stuck for days at the last step where the auth page would always redirect to HTTP and spent days trying to figure it out how to solve this until I saw your post.
However I also had to modify the config a little bit as I was getting errors with Proxy_pass.

Here is my full Nginx config file if it helps for anyone else:

listen 80;
index index.php index.html;
root /var/www/public;

    location / {
        try_files $uri /index.php?$args;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass web-fpm:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

server {
listen 443 ssl;

#usually your public DNS name
server_name XXXXXXX;

#SSL-settings and generic server options here
ssl_certificate           /home/pi/cert/cert.pem;
ssl_certificate_key       /home/pi/cert/privkey.pem;
ssl_trusted_certificate   /home/pi/cert/chain.pem;

ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;

proxy_ssl_session_reuse off;

#the IP of the Docker host gBridge is running on
set $gbridge_host 127.0.0.1;
#the port you've defined for the gBridge web interface
set $gbridge_port 80;

location ~ ^/gapi/(.*)$ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect   http://$gbridge_host:$gbridge_port https://$host;
        proxy_set_header Accept-Encoding "";
        sub_filter http:// https://;
        sub_filter_once off;
        proxy_pass http://$gbridge_host:$gbridge_port/gapi/$1$is_args$args;

        }

location ~ ^/gapi {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect   http://$gbridge_host:$gbridge_port https://$host;
        proxy_set_header Accept-Encoding "";
        sub_filter http:// https://;
        sub_filter_once off;
        proxy_pass http://$gbridge_host:$gbridge_port/gapi/;
 }
}

[dries007]

Thanks.
Just a tip, if you want proper code in github issues (or any markdown), you have to use three of those backticks. Then you can put the name of they code type on the first line to get nice syntax highlighting. This is what my first line looks like: ```nginx