Table of Contents

How to use nginx as a Reverse Proxy with Synchronet

nignx is a popular multiplatform web server and reverse proxy. If can be used to proxy traffic to multiple physical/virtual webservers and to host web services with different hostnames (or subdirectories if the webserver can be configured that way) to a single IP address. Additionally, you can use nginx to handle the certificate for SSL.

Configuring nginx with SSL

Here is an example configuration for proxying to the machine on your network (in this example 10.0.0.10) with Synchronet BBS Webserver:

  server {
      listen       443 ssl;
      server_name   mybbs.com;
      location / {
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_pass         http://10.0.0.10:80;
      }
      ssl_certificate      web.cer;
      ssl_certificate_key  web.key;
      ssl_session_cache    shared:SSL:1m;
      ssl_session_timeout  5m;     
      ssl_prefer_server_ciphers  on;
      ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
      ssl_ciphers    TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;
  }

WebSocket Service (WS/WSS)

fTelnet, the web based telnet client, is currently used in both the runemaster and ecWebV4 Shynchronet web pages. It (generally) uses the web socket service that runs on Synchronet. You can also use nginx to proxy from the SSL port (11235) to the unencrypted port (1123) running as a Synhronet service.

Here is an example configuration for proxying to WS:

  server {
     listen       11235 ssl;
     location / {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_pass         http://10.0.0.10:1123;
     }
     ssl_certificate      web.cer;
     ssl_certificate_key  web.key;
     ssl_session_cache    shared:SSL:1m;
     ssl_session_timeout  5m;     
     ssl_prefer_server_ciphers  on;
     ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_ciphers    TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;
  }

While this is a working configuration, fTelnet seems to have a very short inactivity timer when proxying WS. An alternative is to use fTelnet Proxy instead of nginx to proxy from the WSS port to the telnet port on Synchronet. fTelnet proxy has a configurable session and inactivity timer.

Additionally, if the root of your nginx configuration contains this line or similar:

keepalive_timeout  65;

This will cause the fTelnet to timeout (regardless if you are using fTelnet proxy or not).

Using synchronet on non-root url

Example for run sbbs on /webbbs url

  location ^~ /webbbs {
      try_files $uri @app;
  }
  location @app {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://127.0.0.1:8088;
      proxy_redirect off;
      rewrite /webbbs(.*) /$1 break;
  }  
  # api call seems to be absolute, so you must alias /api/ url's
  location /api/ {
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header Host $host;
      proxy_pass http://127.0.0.1:8088/api/;
  }

See Also