VPN/panel
1
0
Fork 0
mirror of https://github.com/remnawave/panel.git synced 2026-04-04 03:21:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into pr/DigneZzZ/64

Browse Source
This commit is contained in:
kastov
2025-05-19 17:02:12 +03:00
parent c8918231c1 0b482db51f
commit 8efd5fdee7
3 changed files with 242 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
docs/install/remnawave-node.md
View File

@@ -110,6 +110,7 @@ Usage in xray config:
]
}
```
### Log from Node
You can access logs from the node by mounting them to your host's file system.
@@ -164,7 +165,6 @@ Create a logrotate configuration file:
nano /etc/logrotate.d/remnanode
```
Paste the following logrotate configuration for RemnaNode:
```bash
@@ -183,3 +183,60 @@ Run logrotate manually to test:
```bash
logrotate -vf /etc/logrotate.d/remnanode
```
### XRay SSL cert for Node
If youre using certificates for your XRay configuration, you need to mount them into the panel.
:::info
Mount the folder via Docker volumes, and in the config refer to the internal path.
Inside the container theres a dedicated (empty) folder for certs:
/var/lib/remnawave/configs/xray/ssl/
:::
Add the following to the `docker-compose.yml` file:
```yaml
remnawave:
image: remnawave/backend:latest
container_name: 'remnawave'
hostname: remnawave
restart: always
ports:
- '127.0.0.1:3000:3000'
env_file:
- .env
networks:
- remnawave-network
// highlight-next-line-green
volumes:
// highlight-next-line-green
- '/opt/remnawave/nginx:/var/lib/remnawave/configs/xray/ssl'
depends_on:
remnawave-db:
condition: service_healthy
remnawave-redis:
condition: service_healthy
```
:::info
When the panel pushes the config to the node, it will automatically read the mounted files and send the certs to the node.
:::
Usage in XRay config:
```json
"certificates": [
{
"keyFile": "/var/lib/remnawave/configs/xray/ssl/privkey.key",
"certificateFile": "/var/lib/remnawave/configs/xray/ssl/fullchain.pem"
// Other fields
}
]
```
:::caution
Pay attention to the **.key** and **.pem** extensions.
:::
> > > > > > > origin/main

177
docs/install/reverse-proxies/angie.md Normal file
View File

@@ -0,0 +1,177 @@
---
sidebar_position: 5
title: Angie
description: Reverse proxy with automatic SSL certificates
---
import PointDomainToIp from '/docs/partials/\_point_domain_to_ip.md';
import OpenLoginPage from '/docs/partials/\_open_login_page.md';
## Overview
In this guide we will be using Angie as a reverse proxy to access the Remnawave panel.
We will point a domain name to our server and configure Angie.
<PointDomainToIp />
### Create a folder for Angie
```bash
mkdir -p /opt/remnawave/angie && cd /opt/remnawave/angie
```
## Angie configuration
### Simple configuration
Create a file called `angie.conf` in the `/opt/remnawave/angie` directory.
```bash
cd /opt/remnawave/angie && nano angie.conf
```
Paste the following configuration.
:::warning
Please, replace `REPLACE_WITH_YOUR_DOMAIN` with your domain name.
Review the configuration below, look for red highlighted lines.
:::
```angie title="angie.conf"
upstream remnawave {
server remnawave:3000;
}
# Connection header for WebSocket reverse proxy
map $http_upgrade $connection_upgrade {
default upgrade;
"" close;
}
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220;
acme_client acme_le https://acme-v02.api.letsencrypt.org/directory;
server {
// highlight-next-line-red
server_name REPLACE_WITH_YOUR_DOMAIN;
listen 443 ssl reuseport;
listen [::]:443 ssl reuseport;
http2 on;
acme acme_le;
# SSL Configuration (Mozilla Intermediate)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:1m;
ssl_session_tickets off;
ssl_certificate $acme_cert_acme_le;
ssl_certificate_key $acme_cert_key_acme_le;
location / {
proxy_http_version 1.1;
proxy_pass http://remnawave;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Gzip Compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl_reject_handshake on;
}
server {
listen 80;
return 444; # https://angie.software/angie/docs/configuration/acme/#http
}
```
### Create docker-compose.yml
Create a `docker-compose.yml` file in the `/opt/remnawave/angie` directory.
```bash
cd /opt/remnawave/angie && nano docker-compose.yml
```
Paste the following configuration.
```yaml title="docker-compose.yml"
services:
remnawave-angie:
image: docker.angie.software/angie:1.9.0
container_name: remnawave-angie
hostname: remnawave-angie
restart: always
ports:
- '0.0.0.0:443:443'
- '0.0.0.0:80:80'
networks:
- remnawave-network
volumes:
- angie-ssl-data:/var/lib/angie/acme/
- ./angie.conf:/etc/angie/http.d/default.conf:ro
networks:
remnawave-network:
name: remnawave-network
driver: bridge
external: true
volumes:
angie-ssl-data:
driver: local
external: false
name: angie-ssl-data
```
### Start the container
```bash
docker compose up -d && docker compose logs -f -t
```
<OpenLoginPage />

32
docs/install/reverse-proxies/nginx.md
View File

@@ -73,12 +73,6 @@ This shows that the certificate is issued. `Acme.sh` will take care of automatic
### Simple configuration
We are going to need a `dhparam.pem` file.
```bash
curl https://ssl-config.mozilla.org/ffdhe2048.txt > /opt/remnawave/nginx/dhparam.pem
```
Create a file called `nginx.conf` in the `/opt/remnawave/nginx` directory.
```bash
@@ -123,34 +117,23 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# SSL Configuration (Mozilla Intermediate Guidelines)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # ~40,000 sessions
ssl_dhparam "/etc/nginx/ssl/dhparam.pem";
ssl_session_cache shared:MozSSL:1m;
ssl_session_tickets off;
ssl_certificate "/etc/nginx/ssl/fullchain.pem";
ssl_certificate_key "/etc/nginx/ssl/privkey.key";
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate "/etc/nginx/ssl/fullchain.pem";
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220;
# HTTP Strict Transport Security (HSTS)
proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security "max-age=15552000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
# Gzip Compression
gzip on;
@@ -210,7 +193,6 @@ services:
hostname: remnawave-nginx
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./dhparam.pem:/etc/nginx/ssl/dhparam.pem:ro
- ./fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro
- ./privkey.key:/etc/nginx/ssl/privkey.key:ro
restart: always