NGinx Configuration for ZNC Reverse Proxy with SSL/TLS

Learn how to set up NGinx as a reverse proxy for ZNC with SSL/TLS encryption on a custom domain, ensuring secure access to ZNC's web interface.

DNS Configuration:
- As you mentioned, add an A record for znc.domain.com pointing to the server's IP address.

Nginx Configuration for ZNC:

Create a new Nginx configuration file for ZNC:

nano /etc/nginx/sites-available/znc.domain.com

And add the following:

server {
    listen 80;
    server_name znc.domain.com;

    location / {
        proxy_pass http://localhost:65001; # Pointing to ZNC's port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

The extra headers regarding Upgrade and Connection "upgrade" are important if ZNC uses WebSockets. It ensures that the WebSocket connections are correctly proxied.

Enable the Configuration:

Create a symbolic link to sites-enabled:

ln -s /etc/nginx/sites-available/znc.domain.com /etc/nginx/sites-enabled/

Test the configuration and restart Nginx:

nginx -t
systemctl restart nginx

SSL/TLS for znc.domain.com:

Use Certbot to secure znc.domain.com:
```
certbot --nginx -d znc.domain.com
```
Certbot will take care of adjusting the Nginx configuration for SSL.
Test the Configuration:
- Try accessing http://znc.domain.com (it should automatically redirect you to https://znc.domain.com if you set up Certbot).
- Ensure that ZNC's web interface loads correctly and you can log in without issues.

By setting up Nginx as a reverse proxy for ZNC, you also benefit from the additional layer of security and ease of access through a domain instead of an IP:port combination. As you can see, this approach is modular, and you can add as many services as you need in the same fashion. Enjoy your newly set up systems!

Install and configure Nginx

To install Nginx, use following command for Ubuntu

sudo apt update
sudo apt install nginx nginx-extras

Creating our own website

mkdir /var/www

cat << "EOF" > /var/www/tutorial/index.html
<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <title>Hello, Nginx!</title>
</head>
<body>
    <h1>Hello, Nginx!</h1>
    <p>We have just configured our Nginx web server on Ubuntu Server!</p>
</body>
</html>
EOF

cat << "EOF" > /etc/nginx/sites-available/git.nr1.nu
server {
    listen 80;
    listen [::]:80;
    server_name git.nr1.nu;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name git.nr1.nu;

    ssl_certificate /etc/letsencrypt/live/git.nr1.nu/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/git.nr1.nu/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    root /var/www/;
    error_page 404 /404.html;
    index index.html index.htm index.nginx-debian.html;

        location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Create a symlink

ln -s /etc/nginx/sites-available/git.nr1.nu /etc/nginx/sites-enable/git.nr1.nu
ln -s /etc/nginx/sites-available/www.nr1.nu /etc/nginx/sites-enabled/www.nr1.nu
ln -s /etc/nginx/sites-available/www.adb-shell.com /etc/nginx/sites-enabled/www.adb-shell.com
ln -s /etc/nginx/sites-available/www.nr1.nu  www.nr1.nu

Activating virtual host and testing results

service nginx restart

If everything work, wipe the tutorial file and restart nginx

rm /etc/nginx/sites-enabled/tutorial
/etc/init.d/nginx restart

Create a certificate with certbot

certbot -d www.adb-shell.com -d adb-shell.com -m info@adb-shell.com
certbot -d adb-shell.com -d www.adb-shell.com -m info@adb-shell.com

`speedtest.nr1.nu`

This is an example how to redirect a folder to speedtest.nr1.nu

server {
    listen 80;
    listen [::]:80;
    server_name paste.nr1.nu;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name paste.nr1.nu;

    ssl_certificate /etc/letsencrypt/live/paste.nr1.nu/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/paste.nr1.nu/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    root /var/www/paste.nr1.nu;
    error_page 404 /404.html;
    index index.txt index.html index.htm index.nginx-debian.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Resource(s)

https://nginx.org/en/docs/beginners_guide.html