LibreNMS (nginx) behind reverse proxy (nginx)

Jon_Kensy · 11 August 2017 01:23

Hello all - I have a working (HTTPS) LibreNMS implementation. The following is my /etc/nginx/conf.d/librenms.conf output:

server {
    listen         80;
    server_name    nms.domain.com;
    return         301 https://$server_name$request_uri;
        }

server {
 listen      443;
 server_name nms.domain.com;


    ssl on;
    ssl_certificate /etc/ssl/cert.pem;
    ssl_certificate_key /etc/ssl/privkey.pem;
    ssl_session_cache shared:SSL:50m;

 root        /opt/librenms/html;
 index       index.php;
 access_log  /opt/librenms/logs/access_log;
 error_log   /opt/librenms/logs/error_log;
 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location /api/v0 {
  try_files $uri $uri/ /api_v0.php?$query_string;
 }
 location ~ \.php {
  include fastcgi.conf;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
 }
 location ~ /\.ht {
  deny all;
 }
}

I am trying to reverse proxy this setup with Nginx. I have a reverse proxy setup that works with Nextcloud, OwnCloud, etc. no problem. I would like to use SSL at the reverse proxy, which I’ve done before a number of times, but for some reason I just get bad gateway over and over. DNS is correct and resolves correctly. I must be missing something to satisfy the LibreNMS config. Does anyone have this working? Thanks!

murrant · 11 August 2017 01:26

bad gateway likely means it cannot connect to php-fpm. Check that your socket path is correct.

Also, did you not include the reverse proxy configuration?

Jon_Kensy · 11 August 2017 01:48

Thanks Murrant - I forgot to post the reverse proxy portion. I’ve been using what works for another php site I run:

server {

listen 443;

server_name nms.domain.com;

ssl on;
ssl_certificate /certs/domain/cert.pem;
ssl_certificate_key /certs/domain/privkey.pem;
ssl_session_cache shared:SSL:50m;


location / {
  proxy_pass                      https://192.168.254.35;
  proxy_set_header        Host    $Host;

}

}

kc3scuba · 22 August 2017 05:09

Did you ever get an answer to this?

I have been trying to get this configured for several days.

my setup I think is similar. I’m doing this on open stack

LibreNMS
192.168.2.17 ens3 - Floating IPs: attach public interface 10.75.145.223

murrant · 28 August 2017 13:45

@Jon_Kensy and @kc3scuba

Can you reach your proxy target from your proxy server?

For example: https://192.168.254.35

Piteball · 27 April 2018 06:36

I’m also trying to get access to my LibreNMS through my nginx app proxy. But I’m getting really strange layout problems when accessing the interface through the proxy. I had to add server_name nms.mydomain.tld to even get something to show up.

It seems as if the css templates or some php code doesn’t parse correctly I suppose (without much knowledge about web coding).

Piteball · 27 April 2018 07:13

Finally got it working. Had to enable HTTPS for the LibreNMS backend using self-signed certifikate. Now Google Chrome doesn’t see the site as unsecure anymore and the layout is working.