Serving MDriven with Nginx Server as a Proxy

After successful installation of MDriven on the Ubuntu Server, this installation also ensured we installed Nginx Web server to create the /var/www/ directory.

Now check the status of Nginx service using the command.

service nginx status

The result should be as shown below with Active: active (running) which indicates that Nginx service is up and running.

Documentation Serving MDriven with Nginx Server as a Proxy 1735837499808.png

If Nginx is not running, you can start the service with the command

service nginx start
Step -1: Configure Nginx

Navigate to the Nginx directory where we will create a configuration file for MDriven Turnkey and the MDriven Server

cd /etc/nginx/sites-available

The “/etc/nginx/sites-available” directory typically contains configuration files for Nginx virtual hosts. Each file in this directory represents a separate virtual host configuration, allowing you to define settings for different websites or applications hosted on your server. There will be a default config file available already. You can remove it or leave it as is.

Step -2: Create a configuration file for MDriven Server
sudo nano /etc/nginx/sites-available/mdrivenserver

Copy and paste the below content in the file. Replace IP_ADDRESS_OR_DOMAIN_NAME with correct IP address or domain name pointing to your MDriven Server.

server {
    listen 80;
    server_name 10.0.2.15; #---domain-name or IP address

    location / {
        proxy_pass http://127.0.0.1:5042;  # Replace with Mono server's port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_redirect off;
    }

    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|html|htm)$ {
        root /var/www/html/mdriven;
        expires max;
        log_not_found off;
    }

    error_log /var/log/nginx/mdriven_server_error.log;
    access_log /var/log/nginx/mdriven_server_access.log;
}
Step -3: Enable the site and restart Nginx
sudo ln -s /etc/nginx/sites-available/mdrivenserver /etc/nginx/sites-enabled/
sudo nginx -t  # Test configuration
sudo systemctl restart nginx
Step -4: Now, you can access MDriven Server and MDriven Turnkey.

Enter the following URL respectively"http://<your_domain_or_IP_address>:5042" - in this case it will be http://10.0.2.15:5042

Step -5: Create a configuration file for MDriven Turnkey
sudo nano /etc/nginx/sites-available/mdriventurnkey

Copy and paste the below content in the file. Replace IP_ADDRESS_OR_DOMAIN_NAME with correct IP address or domain name pointing to your MDriven Server

server {
    listen 8000;
    server_name 10.0.2.15; #---domain-name or IP address

    location / {
        proxy_pass http://127.0.0.1:5011;  # Replace with Mono server's port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_redirect off;
    }

    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|html|htm)$ {
        root /var/www/html/mdriven;
        expires max;
        log_not_found off;
    }

    error_log /var/log/nginx/mdriven_turnkey_error.log;
    access_log /var/log/nginx/mdriven_turnkey_access.log;
}
Step -6: Enable the site and restart Nginx
sudo ln -s /etc/nginx/sites-available/mdriventurnkey /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
Step -7: Access MDriven Turnkey

Now, you can access MDriven Server and MDriven Turnkey by entering the following URL respectively"http://<your_domain_or_IP_address>:5042" in this case it will be http://10.0.2.15:5011

With our current installation setup, MDriven Server and MDriven Turnkey are still running using HTTP: We can proceed to secure our production setup using HTTPS instead. To secure our Nginx proxy server setup, follow the steps below:

Step -1: Install Certbot and Nginx Plugin
sudo apt update
sudo apt install certbot python3-certbot-nginx
Step -2: Ensure Nginx is running.
sudo systemctl start nginx
Step -3: Obtain an SSL Certificate.

Run Certbot with the Nginx plugin to automatically configure SSL:

sudo certbot --nginx

Follow the prompts:

    Select the domain name to secure (e.g., 10.0.2.15 or your custom domain).
    Certbot will generate and configure the SSL certificate automatically.
Step -4: Verify the SSL Configuration.

Certbot updates your Nginx configuration to SSL. However, manually verify that the changes are correct. Your updated configuration should look like this:

server {
    listen 443 ssl;
    server_name 10.0.2.15;  # Replace with your domain or IP

    ssl_certificate /etc/letsencrypt/live/10.0.2.15/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/10.0.2.15/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:5011;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_redirect off;
    }

    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|html|htm)$ {
        root /var/www/html/mdriven;
        expires max;
        log_not_found off;
    }

    error_log /var/log/nginx/mdriven_turnkey_error.log;
    access_log /var/log/nginx/mdriven_turnkey_access.log;
}

server {
    listen 80;
    server_name 10.0.2.15;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

Test the configuration:

sudo nginx -t

Restart Nginx:

sudo systemctl restart nginx
Step -6: Automatic Certificate Renewal.

Let's Encrypt certificates are valid for 90 days, but Certbot automatically renews them. Add a cron job to test renewal periodically:

Open the crontab editor:
sudo crontab -e

Add the following line to test renewal daily:
0 0 * * * certbot renew --quiet && systemctl reload nginx
This page was edited 13 days ago on 01/07/2025. What links here