Configuring an NGINX Reverse Proxy Entry

Creating an NGINX Reverse Proxy Site

Below we provide the default NGINX Configuration file that Interlock uses in it’s APT Package.

# Relevant Variables
WORK_PATH=""
FRONTEND_URL=""
FRONTEND_PATH=""

echo \
"server {
	listen 80;
	server_name $FRONTEND_URL;
	return 301 https://\$host\$request_uri;
}

server {
	listen 443 ssl http2;
	server_name $FRONTEND_URL;
	ssl_certificate $WORK_PATH/sslcerts/fullchain.pem;
	ssl_certificate_key $WORK_PATH/sslcerts/privkey.pem;

	location / {
		root $FRONTEND_PATH;

		index index.html index.htm index.nginx-debian.html;
		try_files \$uri /index.html;

		# kill cache
		add_header Last-Modified \$date_gmt;
		# add_header Cache-Control 'no-store, no-cache';
		add_header Cache-Control 'no-cache, no-store, max-age=0, must-revalidate';
		# if_modified_since off;
		# expires off;
		# etag off;
	}
	location ~ ^/(api|admin|static|openid|.well-known) {
		proxy_pass https://127.0.0.1:8000;
		access_log /var/log/nginx/interlock-access.log ilckupstreamlog;

		# Disable Cache on backend routes
		add_header Cache-Control 'no-cache, no-store, max-age=0, must-revalidate';

		# Disable buffering to serve data immediately to clients.
		# Increase timeouts from default 60 seconds to 5 minutes for the console not to close when no data is transferred.
		# Additionally the max_body_size was increased to 5 GB to allow uploads of huge ISOs via the Web UI.
		proxy_buffering off;
		proxy_buffer_size 4k;
		client_max_body_size 1g;
		proxy_connect_timeout 300s;
		proxy_read_timeout 300s;
		proxy_send_timeout 300s;
		send_timeout 300s;

		# Enable proxy websockets
		proxy_http_version 1.1;
		proxy_set_header Upgrade \$http_upgrade;
		proxy_set_header Connection \"upgrade\";

		# SSL proxying headers
		proxy_set_header X-Forwarded-Proto \$scheme;
		proxy_set_header X-Forwarded-Ssl on;

		# Standard proxying headers
		proxy_set_header Host \$host;
		proxy_set_header X-Real-IP \$remote_addr;
		proxy_set_header X-Forwarded-Host \$server_name;
		proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	}
}" > "$workpath/interlock.conf"

# Copy the file
ln -s "$workpath/interlock.conf" "/etc/nginx/sites-enabled/interlock.conf"

# Test nginx config
nginx -t

# Restart and Enable nginx
systemctl enable nginx && systemctl restart nginx
Last modified at Jun 27, 2025
← Installing the Front-end from Source
Endpoints - Table of Contents →