Mr Shark recently wrote a comment which I believe warrants it’s own blog entry, so see below (update August 7, 2019).
Despite still showing Apache in “the script”, I have replaced Apache with Nginx with success and so has Mr Shark (Antonio) so feel free to use this separate script (always make backups first) if you are interested in the change to Nginx…
https://gist.github.com/fragolinux/7229c1785652e4598d0bb61e50aa9093
And as Nginx is apparently great as a reverse proxy, too, Antonio has reversed Grafana, Chronograf and Nodered also the Nodered UI using Nginx, read comments in his script below for more info:
https://gist.github.com/fragolinux/2f66b6ca9396330a9063a05c38108939
This way anyone using “The Script” to set up Grafana, Node Red and perhaps Chronograf can have the following changes:
Grafana moved from ip:3000 to ip/grafana
Nodered and its dashboardmoved from ip:1880 to ip/nodered and ip/ui
Chronograf moved from ip:8888 to ip/chronograf
if you change the Nginx default port, all the above will change accordingly (example: web on http://ip:81 then Nodered on http://ip:81/nodered)
Antonio has tried the above and no issues so far, please test and report back to Antonio, thanks.. I’m still mulling over the point of the reverse proxy if you change the default port for NGINX, though at least you now just specify only one port.
hello Mr shark
thanks for the correction I must of missed the point.
Will change utility
regards Brian
By false or true the reverseproxy entry
192.168.178.97/grafana result was this
hope this helps maybe I should use chrome not firefox
or maybe clear cache at exit
regards Brian
when I changed to sub path true I got this note ip is the same!
hello Mr Shark
All was ok till I cleared firefox stored cookies, site data, and cache .
I immediately had grafana login problem again when useing Pete’s utility
to access it see grafana1_Pete utility false ( sub_path false)
you don’t have to use Pete’s index file if you want to point to reverse proxied services, or you need to correct it to point to the new urls, i thought that was implied… if you’re using subpath, that file still points to standard url, which has no subpath, hence the error… point to new urls directly, or modify that file, you choose 🙂
Hello Mr Shark
I did another test taking out my change
serve_from_sub_path = true
and entering it as before
serve_from_sub_path = false
It made to change that is I am getting the login correct
so Sorry the serve can not have been my the problem.
The sub_path login is working whether I have false or true
I dont know what was causing my problem it appears to be cured.
I was at the time also trying to get my static directory to work in reverseproxy
regards Brian
Hello Mr Shark
update report
On further testing
was getting problems with grafana reverse proxy and local login
This is in on virgin Buster on pi4 with Pete’s script
To get # grafana, from ip:3000 to ip/grafana
In /etc/grafana/grafana.ini
Change line after root url
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = http://localhost:3000/grafana/
# Serve Grafana from subpath specified in `root_url` setting. By default it is $false
#******* I had to Set this to true to get http://localhost/grafana/login ********
serve_from_sub_path = true
In /etc/nginx/sites-enabled/default
location /grafana/ {
proxy_pass http://localhost:3000/;
}
Grafana now to local login as
http://localhost:3000/
This gives http://localhost :3000/grafana/login *****ok works
http://localhost/grafana/
This gives http://localhost/grafana/login ************ok works
both working
Iv had no success with the static problem.
regards Brian
strange, i used same setup and had no problems with /login sub url… have to redo a test in a vm, after snapshot… thanks
hello Mr Shark
feedback php pear
used this one
Package php-pear
buster (stable) (php): PEAR Base System
1:1.10.6+submodules+notgz-1.1: all
installed no problems
Thanks once more
regards Brian
Looks like everyone’s having a good day.
hello Mr Shark
this line was in js.settings
httpStatic: ‘/home/pi/.node-red/public’,
it was there Id forgotten otherwise it would not have shown gauges via Petes utilities I will try googling and also playing with the reverse proxy files
with regards to static directories.
regards Brian
Hello Mr Shark
yes sorry I had forgotten to change this as this is a completely new version
original busterlite and it has been a year or to that my stretch was always cloned.
Thank you Im an idiot!
regards Brian
and this is 2)
Hello Mr Shark
Sorry to be such a pain
Iv just instigated reverse proxy and have a funny!!!
entering nodered ui from Petes utilities works perfectly
entering ip/ui appears to be okay untill you notice all gauges from my public directory and darksky pics are not displayed see jps attached my public directory is as set up by Pete
1)
Address changes to this on Petes utility input
http://192.168.178.97:1880/ui/#!/4?socketid=8S0FdNGtuuDL927eAAAG
2)
Address chages to this on ui input
http://192.168.178.97/ui/#!/4?socketid=TRl-BT2xtv_DHu2OAAAF
all normal gauges from pallette are displayed as normal
oh, i think it’s the “httpStatic” option in settings.js which needs to be altered… don’t have time now but you can try to play with this line or adding it someway to nginx proxy, too… try a little google and let me know, otherwise i’ll try to look at that in next weekend…
file: .node-red/settings.js
search for something like:
httpStatic: ‘/home/pi/.node-red/public
that folder should contain all your static file as addon js files, icons, etc
Hello Mr Shark
can I use this to install Pear was on github Pear site
install-pear-nozlib.phar installs PEAR automatically without asking anything. It is shipped with PHP itself.
or should I use this one
Package php-pear
buster (stable) (php): PEAR Base System
1:1.10.6+submodules+notgz-1.1: all
as in your suggestion
regards Brian
honestly, don’t know the difference…
hello Mr Shark
I ran script without PEAR
I changed line 3 and also took out PEAR run line which couldnt be found
as I had read that its now included in 7.3 ,but I cant find where I read it
so maybe you can check this as I have not a clue where to look. I can only say your script worked and nginx is perfect for what I want will now implement the reverse proxy
Thanks for everything
regards Brian
try installing php-pear, look at penultimate result here:
https://packages.debian.org/search?keywords=pear&searchon=names&suite=stable§ion=all
Hello Mr Shark
line1 and 2 run
sudo apt-get -y remove –purge *apache* *php*
sudo apt-get -y autoremove
Okokok
line 3 with change
sudo apt-get -y install nginx sqlite3 php php-{common,cli,fpm,json,zip,gd,mbstring,curl,xml,pear,bcmath,sqlite}
now gives
Reading package lists… Done
Building dependency tree
Reading state information… Done
Package php-sqlite is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package ‘php-sqlite’ has no installation candidate
I changed line 3 and also took out pear run line which couldnt be found
line 3 run
sudo apt-get -y install nginx sqlite3 php php7.3-{common,cli,fpm,json,zip,gd,mbstring,curl,xml,bcmath,sqlite3}
Reading package lists… Done
Building dependency tree
Reading state information… Done
…………………………
………………………….lots more
…………………………….
Creating config file /etc/php/7.3/cli/php.ini with new version
Setting up php7.3-fpm (7.3.4-2) …
Creating config file /etc/php/7.3/fpm/php.ini with new version
Created symlink /etc/systemd/system/multi-user.target.wants/php7.3-fpm.service → /lib/systemd/system/php7.3-fpm.service.
Setting up nginx (1.14.2-2) …
Setting up php7.3 (7.3.4-2) …
Setting up php (2:7.3+69) …
Processing triggers for systemd (241-5+rpi1) …
Processing triggers for man-db (2.8.5-2) …
Processing triggers for libc-bin (2.28-10+rpi1) …
line 4 to 9 no changes
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
sudo sed -i -e ‘s/index index.html/index index.php index.html/g’ /etc/nginx/sites-enabled/default
sudo sed -i -e ‘s/#location ~ \\.php$ {/location ~ \\.php$ {/g’ /etc/nginx/sites-enabled/default
sudo sed -i -e ‘s/#.*include snippets/ include snippets/g’ /etc/nginx/sites-enabled/default
sudo sed -i -e ‘s/#.*fastcgi_pass unix/ fastcgi_pass unix/g’ /etc/nginx/sites-enabled/default
sudo sed -i -e ’63s/#}/}/’ /etc/nginx/sites-enabled/default
bak file now made in sites-available
in sites-enabled default file has correct entries
# Self signed certs generated by the ssl-cert package
# Don’t use them in a production server!
#
include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
lines 10 to end
sudo nginx -t
sudo systemctl restart nginx php7.3-fpm
pi@raspberrypi:~ $ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
pi@raspberrypi:~ $
pi@raspberrypi:~ $ sudo systemctl restart nginx php7.3-fpm
put test screen in www and call it works see jpg
hope this helps
regards Brian
php package should be a meta package pointing to the correct version, 7.0 on stretch, 7.3 on buster… it’s not working, then… ok, i’ll specify the correct version directly, then thanks
Hello Mr Shark
I ran sudo apt-get install sqlite3 php7.3-sqlite
now have all working
hope this helps with your script
regards Brian
added to script, thanks!
Hello Mr Shark
I set up new card to update my system
sorry but the nginx script problem is repeatable. I took a new copy of busterlite
added Pete’s script nothing else no flows only raspi-config local parameters.
Ran the script for nginx. Did not purge all directories if files within.
Script stopped after purge.
So I reran from line 5 again . No index.php in default file.
Sqlite gives forbidden all as my first report
I enter by hand index.php
I enter by hand fastcgi pass unix:/run/php/php7.3-fpm.sock;
and test
pi@rpi4buster:~ $ sudo nginx -t
nginx: [emerg] “fastcgi_pass” directive is not allowed here in /etc/nginx/sites-enabled/default:60
nginx: configuration file /etc/nginx/nginx.conf test failed
I # the line fastcgi
Then run script from line 7
test
pi@rpi4buster:~ $ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
pi@rpi4buster:~ $
in the default file is now
#
include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
The index.php written by me.
The fastcgi —– now enabled which I had # out
At no time was a bak file made by the script
Tested webmin ok
node-red control panel ok no flows entered
node.red ui ok no flows
Grafana ok
Chronograf ok
Ha bridge ok
SQLite gives *
There was a problem setting up your database, /home/pi/dbs/esp8266.db. An attempt will be made to find out what’s going on so you can fix the problem more easily.
Checking supported SQLite PHP extensions…
PDO: installed
PDO SQLite Driver: not installed
SQLite3: not installed
SQLiteDatabase: not installed
…done.
It appears that your database is of SQLite version 3 but your installation of PHP does not contain the necessary extensions to handle this version. To fix the problem, either delete the database and allow phpLiteAdmin to create it automatically or recreate it manually as SQLite version 2.
See https://bitbucket.org/phpliteadmin/public/wiki/Installation for help.
Nearly same as I reported before. Except the sqlite info.
System info ok on my ist report was forbidden 403
This test running script on virgin busterlite with Pete’s script which ran fault free the only entry by me.
The original sd I tested is still running all ok except sqlite which now refuses my password, At the beginning it had accepted it.
regards Brian
i’ll take a look once i get decent connection again, can’t now on 3G, sorry…
sqlite problems are pdo related, have to take a look on an actual rpi, as i tested everything on a buster virtual machine, but had reports it worked on rpi too… have to test again, once i’ve decent connectivity…
Well., my broadband has been off all afternoon so I’m playing catchup.
Hello Mr Shark
Thank you correct php was missing I reran lines from 5 onwards. Now have all working and index.php is in the default file, I still dont know why this occurred
I have rerun the install lines at least 3 times, maybe its my copypaste malfunctioning?
Will now change my running system Pete’s script + go + sonoffs + some of myown to nginx
regards from a still sunny and very dry (not in the “Alt Stadt” Düsseldorf
Hello Mr Shark
looking at this location
sudo sed -i -e ‘s/index index.html/index index.php index.html/g’ /etc/nginx/sites-enabled/default
Doesnt look like script wrote to this file here is what I have in this file
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
I cant get a reaction for php no index.php
will check further
regards Brian
php seems missing, rerun lines from 5 onwards of 1st script in blog post
Hello Mr Shark
heres what’s runnung
pi@rpi4buster:~ $ sudo netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9001 0.0.0.0:* LISTEN 533/mosquitto
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 534/vncserver-x11-c
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 645/perl
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 565/nginx: master p
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 433/pure-ftpd (SERV
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 545/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 327/cupsd
tcp 0 0 127.0.0.1:8088 0.0.0.0:* LISTEN 530/influxd
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 321/node-red
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 533/mosquitto
tcp6 0 0 :::5900 :::* LISTEN 534/vncserver-x11-c
tcp6 0 0 :::80 :::* LISTEN 565/nginx: master p
tcp6 0 0 :::21 :::* LISTEN 433/pure-ftpd (SERV
tcp6 0 0 :::8086 :::* LISTEN 530/influxd
tcp6 0 0 :::22 :::* LISTEN 545/sshd
tcp6 0 0 ::1:631 :::* LISTEN 327/cupsd
tcp6 0 0 :::8888 :::* LISTEN 532/chronograf
tcp6 0 0 :::3000 :::* LISTEN 531/grafana-server
tcp6 0 0 :::1883 :::* LISTEN 533/mosquitto
pi@rpi4buster:~ $
will look at your other suggestions
regards Brian
Hello Mr Shark
Nginx script update
a new sandisk 32gb uhs-1 with latest busterlite virgin Petes script
with webmin,sqlite,grafana and infoflux without office and the maths prog
These all working . Added my flows via import json
All working.
ran your new script via copy to putty
script ran and purged apache and php.
but did not carry on to install nginx.
I then recopied from script to putty the install part again
sudo apt-get -y install nginx php php-{common,cli,fpm,json,zip,gd,mbstring,curl,xml,pear,bcmath}
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
sudo sed -i -e ‘s/index index.html/index index.php index.html/g’ /etc/nginx/sites-enabled/default
sudo sed -i -e ‘s/#location ~ \\.php$ {/location ~ \\.php$ {/g’ /etc/nginx/sites-enabled/default
sudo sed -i -e ‘s/#.*include snippets/ include snippets/g’ /etc/nginx/sites-enabled/default
sudo sed -i -e ‘s/#.*fastcgi_pass unix/ fastcgi_pass unix/g’ /etc/nginx/sites-enabled/default
sudo sed -i -e ’63s/#}/}/’ /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl restart nginx php7.3-fpm
This ran and installed nginx.
From Petes utility web
webmin works
Nodered control panel works
Nodered ui desktop works
grafana works
chronograf works
SQLite gives 403 forbidden
phpsysinfo gives 403 forbidden
fing is working
So all addresses that are direct ip and port work
Addresses that have ip but no port only name give forbidden.
I have not looked yet why this is, just to let you know Nginx appears to be working,
but I still have apache directory in etc which I will remove as you suggested (it contains 2 files). The purge did not remove all
Will investigate further
Once again a BIG thankyou for the info and speed of your response
regards Brian
check if php is working, try adding a basic phpinfo page in your /var/www/html (search the net, i can’t add in comments), peter had similar issues and was because he had php 7.0 sock file instead of 7.3 in his nginx config
check with
sudo netstat -lntp
what’s running and on which port, and share it
check nginx logs under /var/log/nginx
hello Mr Shark
thanks for all your usefull infos
I have a problem with your script for useing nginx and removing apache
I have busterlite running with script from pete no problems.
I run your script apache and php are removed , but I get on install of nginx a problem with php
which one should install?
The removal of apache also removed the php 7.3
installed by petes script
here is what I get which one do I need?
sudo apt-get -y install nginx php php-{common,cli,fpm,json,pdo,zip,gd,mbstring,curl,xml,pear,bcmath}
Reading package lists… Done
Building dependency tree
Reading state information… Done
Package php-pdo is a virtual package provided by:
php7.3-common 7.3.4-2
php7.2-common 7.2.9-1+b2
php7.1-common 7.1.20-1+b2
You should explicitly select one to install.
E: Package ‘php-pdo’ has no installation candidate
pi@rpi4buster:~ $ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
cp: cannot stat ‘/etc/nginx/sites-available/default’: No such file or directory
pi@rpi4buster:~ $ sudo sed -i -e ‘s/index index.html/index index.php index.html/g’ /etc/nginx/sites-enabled/default
regards Brian
pete had same problems last weekend, don’t know what happened from when i published script, as i had good working reports about it, too, in comments above, and i personally tested various time on buster (in a vm, though, not on any rpi)…
anyway, i’m updating script, try this new version (same url as before)
https://gist.github.com/fragolinux/7229c1785652e4598d0bb61e50aa9093
i removed php-pdo and fully remove all apache and php stuff… php stuff is reinstalled soon after, in a clean state
So no changes for me then.
no, i just added what we did last weekend to solve your problems, hope not forgetting anything we did on skype…
for Brian Gentles: if this is not enough, remove or move elsewhere every apache/php/nginx folder you have in /etc then relaunch that script to have them clean as just installed… Pete had some remainings of php 7.0, for example, as he upgraded from stretch to buster…
This might be interesting for people who want to learn a bit more about reverse proxying specific lan based devices / services with nginx:
https://jjssoftware.github.io/secure-your-esp8266/
It includes use of a letsencrypt TLS cert as previously mentioned by other people in the comments above.
oh, i remember to have read that! thanks!
It could be worth a look but to be honest it barely scratches the surface of what can be done with nginx. From reverse proxying to content caching to load balancing, nginx is truly fabulous.
Works a treat, thank you for sharing! I was using this to access nodered from outside through SSL but couldn’t get the proxy config nailed down correctly for the nodered admin and Grafana… Perfect now!
thank you to report back 🙂
thanks for the blog entry, Pete 🙂
to be clearer: with nodered on port 81 in last sentences, i mean, a reverse proxy “masks” the ports of underlying “proxied” services and exposes only its own, default 80… so every local service proxied is served as it was a sub-url of the default site…
if you move default webserver port from 80, you have to add that to the url, then, so, if you move to port 81, if nodered “proxied” was before at http://ip/nodered now it’s on http://ip:81/nodered but nothing else needs to be changed in both nginx and nodered configs, just default port of nginx… this to help you and whomever uses Alexa which insists in using port 80 for its own “female” businesses 😀
but i plan to reverse proxy even alexa, so you’ll have all on port 80, ALL, but need to test to see if it’s possible, i think yes
And, of course, you can now (always assuming that you have control over your own firewall) use the magic of NAT, port-forwarding, the reverse proxy and letsencrypt to put your ESP8266 on the internet with a genuine, browser-recognized certificate.
That means not only being able to have an SSL/TLS encrypted web site (although I’ve never really seen the point of that on an ESP, other than novelty value), but also to enable encrypted communication with your internal ESPs from the internet. With a reverse proxy like nginx (or Pound), you can do pattern matching on the incoming request and then forward it to which ever of your internal machines should handle it. So a request coming in on port 443 to switch on the porch lights is decrypted by nginx and sent to the ESP8266 which handles that triac/relay in plain text.
Great stuff!
exactly, all of that, too 🙂
a reverse proxy is like NAT for webservices, so you can expose other local lan http servers using the same proxy 🙂
i didn’t add the ssl part as i think that coming in in vpn is more secure than exposing the web server, and all the underlying services thanks to reversing them…
but who wants can easily add letsencrypt, which has an automatic setup/install/renewal script for both apache and nginx
or you can easily install docker and this proxy manager which is excellent… no need to use docker for anything else if you’re scared, but it’s a little step 😉
https://nginxproxymanager.jc21.com/