Atinoda/text-generation-webui-docker

Nginx proxy with ssl support?

ai792 opened this issue · 2 comments

ai792 commented

I am looking for a working Docker configuration with an Nginx proxy? Did you get this working by chance?

ai792 commented

Amazing. ChatGPT (4) to the rescue, this worked for me:

location / {
  proxy_pass ##PROXY_PASS##;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-Host $host;
  # Do not pass Authorization header to destination
  proxy_set_header Authorization "";

GPT4 Comment:
This looks good. You've added the necessary directives to handle the WebSocket upgrade request. Here's a brief explanation of what each directive does:

  • proxy_pass ##PROXY_PASS##; - This directive sets the address of the proxied server. This is where Nginx will forward the incoming requests.

  • proxy_http_version 1.1; - This directive sets the HTTP version to 1.1, which is necessary for WebSocket connections.

  • proxy_set_header Upgrade $http_upgrade; - This directive sets the 'Upgrade' request header to the same value as the incoming 'Upgrade' header from the client. This is part of the WebSocket handshake process.

  • proxy_set_header Connection "upgrade"; - This directive sets the 'Connection' request header to 'upgrade', indicating to the server that the client wants to establish a WebSocket connection.

  • proxy_set_header Host $host; - This directive sets the 'Host' request header to the same value as the incoming 'Host' header from the client. This is necessary if the proxied server needs to know the original host name.

  • auth_basic "Restricted"; and auth_basic_user_file /etc/nginx/.htpasswd; - These directives set up basic HTTP authentication.

  • proxy_set_header X-Forwarded-Host $host; - This directive sets the 'X-Forwarded-Host' request header to the same value as the incoming 'Host' header from the client. This is often used for logging or for use in applications that need to know the original host name.

  • proxy_set_header Authorization ""; - This directive removes the 'Authorization' header from the proxied request. This is useful if you don't want to pass the client's credentials to the proxied server.

Remember to replace ##PROXY_PASS## with the actual address of your backend server. After making these changes, you should restart or reload Nginx for the changes to take effect.

Great work! Very fitting to use ChatGPT to help as well :) Thank you for sharing the results of your work too, other people can certainly benefit from your contribution.

I have also tested it using nginx to expose a subdomain textgen.yourdomain.com, with the following template:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name textgen.*;

    include /config/nginx/ssl.conf;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app <IP_OR_HOSTNAME_OF_TEXTGEN_SERVER>;
        set $upstream_port 7860;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
}

The template comes from the nginx letsencrypt docker container, but this is an "all roads lead to Rome" kind of thing, where we can happily confirm that a couple of different configurations have both successfully reverse proxied an https connection to text-generation-webui in this docker container.

I will leave this issue open until I add a note to the README.md to let people know that it runs with nginx.