From 2769926d1c6794907acd296dac97153d8c8819d0 Mon Sep 17 00:00:00 2001 From: Fraybyl Date: Mon, 19 May 2025 01:17:24 +0300 Subject: [PATCH 1/8] feat: angie reverse proxy --- docs/install/reverse-proxies/angie.md | 148 ++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) create mode 100644 docs/install/reverse-proxies/angie.md diff --git a/docs/install/reverse-proxies/angie.md b/docs/install/reverse-proxies/angie.md new file mode 100644 index 0000000..e4ca09a --- /dev/null +++ b/docs/install/reverse-proxies/angie.md @@ -0,0 +1,148 @@ +--- +sidebar_position: 5 +title: Angie +description: Reverse proxy with automatic SSL certificates +--- + +import PointDomainToIp from '/docs/partials/\_point_domain_to_ip.md'; +import OpenLoginPage from '/docs/partials/\_open_login_page.md'; + +## Overview + +In this guide we will be using Angie as a reverse proxy to access the Remnawave panel. +We will point a domain name to our server and configure Angie. + + + +### Create a folder for Angie + +```bash +mkdir -p /opt/remnawave/angie && cd /opt/remnawave/angie +``` + +## Angie configuration + +### Simple configuration + +Create a file called `angie.conf` in the `/opt/remnawave/angie` directory. + +```bash +cd /opt/remnawave/angie && nano angie.conf +``` + +Paste the following configuration. + +:::warning + +Please, replace `REPLACE_WITH_YOUR_DOMAIN` with your domain name. + +Review the configuration below, look for red highlighted lines. + +::: + +```angie title="angie.conf" +upstream remnawave { + server remnawave:3000; +} + +# Connection header for WebSocket reverse proxy +map $http_upgrade $connection_upgrade { + default upgrade; + "" close; +} + +acme_client acme_le https://acme-v02.api.letsencrypt.org/directory; + +server { + // highlight-next-line-red + server_name REPLACE_WITH_YOUR_DOMAIN; + + listen 443 ssl reuseport; + listen [::]:443 ssl reuseport; + http2 on; + + acme acme_le; + + # SSL Configuration (Mozilla Modern) + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_certificate $acme_cert_acme_le; + ssl_certificate_key $acme_cert_key_acme_le; + + add_header Strict-Transport-Security "max-age=15552000" always; + + location / { + proxy_http_version 1.1; + proxy_pass http://remnawave; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + server_name _; + + ssl_reject_handshake on; +} + +server { + listen 80; + return 444; # https://angie.software/angie/docs/configuration/acme/#http +} +``` + +### Create docker-compose.yml + +Create a `docker-compose.yml` file in the `/opt/remnawave/angie` directory. + +```bash +cd /opt/remnawave/angie && nano docker-compose.yml +``` + +Paste the following configuration. + +```yaml title="docker-compose.yml" +services: + remnawave-angie: + image: docker.angie.software/angie:1.9.0 + container_name: remnawave-angie + hostname: remnawave-angie + restart: always + ports: + - '0.0.0.0:443:443' + networks: + - remnawave-network + volumes: + - angie-ssl-data:/data + - ./angie.conf:/etc/angie/http.d/default.conf:ro + +networks: + remnawave-network: + name: remnawave-network + driver: bridge + external: true + +volumes: + angie-ssl-data: + driver: local + external: false + name: angie-ssl-data +``` + +### Start the container + +```bash +docker compose up -d && docker compose logs -f -t +``` + + From 031456860942023c6c613eb54c55a1fca9c8558e Mon Sep 17 00:00:00 2001 From: Fraybyl Date: Mon, 19 May 2025 01:25:04 +0300 Subject: [PATCH 2/8] fix: add resolver --- docs/install/reverse-proxies/angie.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/install/reverse-proxies/angie.md b/docs/install/reverse-proxies/angie.md index e4ca09a..92694f9 100644 --- a/docs/install/reverse-proxies/angie.md +++ b/docs/install/reverse-proxies/angie.md @@ -51,6 +51,8 @@ map $http_upgrade $connection_upgrade { "" close; } +resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220; + acme_client acme_le https://acme-v02.api.letsencrypt.org/directory; server { From 8de6c45fd73c8ab501824c9808b50bd1193ebb0a Mon Sep 17 00:00:00 2001 From: Fraybyl Date: Mon, 19 May 2025 01:26:45 +0300 Subject: [PATCH 3/8] fix: ssl path --- docs/install/reverse-proxies/angie.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/install/reverse-proxies/angie.md b/docs/install/reverse-proxies/angie.md index 92694f9..f275d40 100644 --- a/docs/install/reverse-proxies/angie.md +++ b/docs/install/reverse-proxies/angie.md @@ -125,7 +125,7 @@ services: networks: - remnawave-network volumes: - - angie-ssl-data:/data + - angie-ssl-data:/var/lib/angie/acme/ - ./angie.conf:/etc/angie/http.d/default.conf:ro networks: From e821f562bde500900e5c1e6f7dac2c0455723278 Mon Sep 17 00:00:00 2001 From: Fraybyl Date: Mon, 19 May 2025 01:37:47 +0300 Subject: [PATCH 4/8] fix: open 80 port for acme --- docs/install/reverse-proxies/angie.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/install/reverse-proxies/angie.md b/docs/install/reverse-proxies/angie.md index f275d40..93fd695 100644 --- a/docs/install/reverse-proxies/angie.md +++ b/docs/install/reverse-proxies/angie.md @@ -122,6 +122,7 @@ services: restart: always ports: - '0.0.0.0:443:443' + - '0.0.0.0:80:80' networks: - remnawave-network volumes: From ba3df3ed93a3d037d4395e675c047ab4ccc8befd Mon Sep 17 00:00:00 2001 From: Fraybyl Date: Mon, 19 May 2025 02:35:18 +0300 Subject: [PATCH 5/8] fix: delete unused header --- docs/install/reverse-proxies/angie.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/install/reverse-proxies/angie.md b/docs/install/reverse-proxies/angie.md index 93fd695..85076d1 100644 --- a/docs/install/reverse-proxies/angie.md +++ b/docs/install/reverse-proxies/angie.md @@ -75,8 +75,6 @@ server { ssl_certificate $acme_cert_acme_le; ssl_certificate_key $acme_cert_key_acme_le; - add_header Strict-Transport-Security "max-age=15552000" always; - location / { proxy_http_version 1.1; proxy_pass http://remnawave; From d96a6c36796efd903be6f2ff4de1b226cd162c0f Mon Sep 17 00:00:00 2001 From: Fraybyl Date: Mon, 19 May 2025 02:57:32 +0300 Subject: [PATCH 6/8] fix: add support TLSv1.2 --- docs/install/reverse-proxies/angie.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/install/reverse-proxies/angie.md b/docs/install/reverse-proxies/angie.md index 85076d1..35e2fa3 100644 --- a/docs/install/reverse-proxies/angie.md +++ b/docs/install/reverse-proxies/angie.md @@ -65,10 +65,9 @@ server { acme acme_le; - # SSL Configuration (Mozilla Modern) - ssl_protocols TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; + # SSL Configuration (Mozilla Intermediate) + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; From 8c5d4e95cd5996b2f543af9a7cf8377c6b0e7f0c Mon Sep 17 00:00:00 2001 From: Fraybyl Date: Mon, 19 May 2025 03:00:10 +0300 Subject: [PATCH 7/8] fix: add support Gzip --- docs/install/reverse-proxies/angie.md | 29 +++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/install/reverse-proxies/angie.md b/docs/install/reverse-proxies/angie.md index 35e2fa3..4f02847 100644 --- a/docs/install/reverse-proxies/angie.md +++ b/docs/install/reverse-proxies/angie.md @@ -84,6 +84,35 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } + + # Gzip Compression + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_min_length 256; + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/x-javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml; } server { From 864964600a4b7d77d1104ed3cd237d716a09b88b Mon Sep 17 00:00:00 2001 From: Fraybyl Date: Mon, 19 May 2025 03:21:51 +0300 Subject: [PATCH 8/8] fix: fix SSL --- docs/install/reverse-proxies/angie.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/install/reverse-proxies/angie.md b/docs/install/reverse-proxies/angie.md index 4f02847..26d135d 100644 --- a/docs/install/reverse-proxies/angie.md +++ b/docs/install/reverse-proxies/angie.md @@ -67,9 +67,9 @@ server { # SSL Configuration (Mozilla Intermediate) ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_session_timeout 1d; - ssl_session_cache shared:SSL:10m; + ssl_session_cache shared:SSL:1m; ssl_session_tickets off; ssl_certificate $acme_cert_acme_le; ssl_certificate_key $acme_cert_key_acme_le;