This is an old revision of the document!
Table of Contents
How to use nginx as a Reverse Proxy with Synchronet
nignx is a popular multiplatform web server and reverse proxy. If can be used to proxy traffic to multiple physical/virtual webservers and to host web services with different hostnames (or subdirectories if the webserver can be configured that way) to a single IP address. Additionally, you can use nginx to handle the certificate for SSL.
Configuring nginx with SSL
Here is an example configuration for proxying to the machine on your network (in this example 10.0.0.10) with Synchronet BBS Webserver:
server { listen 443 ssl; server_name mybbs.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://10.0.0.10:80; } ssl_certificate web.cer; ssl_certificate_key web.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5; }
WebSocket Service (WS/WSS)
fTelnet, the web based telnet client, is currently used in both the runemaster and ecWebV4 Shynchronet web pages. It (generally) uses the web socket service that runs on Synchronet. You can also use nginx to proxy from the SSL port (11235) to the unencrypted port (1123) running as a Synhronet service.
Here is an example configuration for proxying to WS:
server { listen 11235 ssl; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://10.0.0.10:1123; } ssl_certificate web.cer; ssl_certificate_key web.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5; }
While this is a working configuration, fTelnet seems to have a very short inactivity timer when proxying WS. An alternative is to use fTelnet Proxy instead of nginx to proxy from the WSS port to the telnet port on Synchronet. fTelnet proxy has a configurable session and inactivity timer.
Additionally, if the root of your nginx configuration contains this line or similar:
keepalive_timeout 65;
This will cause the fTelnet to timeout (regardless if you are using fTelnet proxy or not).