Uibuilder and nginx


I am experimenting with uibilder nginx. To install nginx i follow this guide from:

I tried to test nginx with a very simple node. i created a simple uibilder npde that has the URL

My second step was to create a user and a password with; sudo htpasswd -c /etc/apache2/.htpasswd user1. I verified, that there is a file htppasswd and that there is a user1:pw in it

Now i created a new conf.d in at /etc/nginx/conf.d#. in this i entered:

server {
  listen 80;
  server_name <my server ip>;

  location /test {
  auth_basic "Restricted";
  auth_basic_user_file /etc/apache2/.htpasswd;
  proxy_pass http://localhost:1880/;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

I expected that now when i enter my server ip. i will be redirected to myserverip:1880/test and asked for a pasword.

Sorry when this are noob-questions. I am a the beginning of this journey

No problem, it is a fairly gnarly journey to begin with.

You might want to try the uibuilder docs for a more up-to-date and detailed version of the WIKI.

How to use NGINX as a reverse proxy with TLS and identity authentication (totallyinformation.github.io)

Pay particular attention to slashes in your location, it is possible that you need a trailing slash. Also note that you have to proxy websockets as well which is missing in your example.

thank you.

its much more complex than i thought. but u will try it.

but do i assume it correct, if i just want to test (the not secure) http redirect of my uibuilder test node (myip:1880/test/), my example settings above should be enough? Or do i have also configure node red websocket-proxy-stuff?

What i am asking myselft: in my directory /etc/nginx/conf.d i have 2 files now:
conf.d AND default.conf

conf.d was edited by me to :

server {
listen 80;
server_name myServerIP;

location /test/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://localhost:1880/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


What i understand should "server_name" be my ip adress of my linux server?
.htpasswd exists with a user in the right directory.
i also tested different cominations with Trailing Slashes for the soruce of the htppasswd and location

thank you again and sry

It is complex but you only have to do the hard bit once. After that, it is pretty simple. BTW, I have my settings split into different parts because there are things like security settings that need to be re-specified in different sections if you are handling more than 1 location. I've shared the full set before I think here in the forum.

Well, it should redirect but it won't work correctly. So you will get a page shown but it will only partly work.

I don't think you need the server name at all if you are just using IP addresses. Not 100% certain since I use a DNS domain name and so the server name looks like: .example.com (note the leading dot).

I also have 2 server sections, one listening on listen *:80 default_server; and the other on listen *:443 ssl default_server;. The first redirects to the 2nd.

I also simply have a location / { ... so that everything is proxied. Then I have sub-locations such as this for the editor:

  # Proxy the Node-RED Editor https://my.public.domain/red/ to http://localhost:1880/red/
  location /red/ {
    # ==> Of course, you could have a separate auth here! <==

    # Reverse Proxy for websockets
    include /etc/nginx/conf.d/includes/common_ws_proxy_headers.conf;

    # Reverse Proxy
    proxy_pass https://localhost:1880/red/; # <== CHANGE TO MATCH THE EDITOR's URL
    # Tell upstream which proxy was used
    proxy_set_header X-JK-Proxy "RED";
    # Tell client which proxy was used (not really all that useful)
    add_header X-JK-Proxy "RED";


The custom headers are useful because it lets you detect if the correct proxy has been applied.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.