Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

==== 6.3 Configure Nginx ====

Create a new Nginx configuration file:

<pre>sudo nano /etc/nginx/sites-available/frigate</pre>
If this directory does not exist, you might be using a newer version of nginx, which places configuration files in <code>/etc/nginx/conf.d</code> instead. Running <code>nginx -v</code> will tell you whether you are using an older version that defaults to [https://www.reddit.com/r/nginx/comments/re8ksm/why_is_sitesenabled_and_sitesavailable_deprecated/ <code>/etc/nginx/sites-available</code> and <code>/etc/nginx/sites-enabled</code>] or a newer version that uses <code>/etc/nginx/conf.d/</code> in that case:

<pre>sudo nano /etc/nginx/sites-available/frigate</pre>
Add the following configuration: remember to replace '''“happycloud.home.arpa”''' as well as '''“192.168.5.2”''' with the hostname &amp; IP address of YOUR server!

<pre>server {
    listen 80;
    server_name happycloud.home.arpa 192.168.5.2;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl;
    server_name happycloud.home.arpa 192.168.5.2;
    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    auth_basic &quot;Restricted Access&quot;;
    auth_basic_user_file /etc/nginx/.htpasswd;
    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    location /ws {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection &quot;upgrade&quot;;
        proxy_set_header Host $host;
    }
}</pre>
<blockquote>'''NOTE''': Many open source projects suggest using nginx as a reverse proxy. They are kind &amp; cordial enough to provide their own configuration files for you so you don’t have to write everything above &amp; configure it yourself.

While well meaning, many of them set the cipher(security thingie) manually, a throwback tot he days when nginx used to default to insecure ciphers. So you may see old docs by developers that MEANT WELL to provide you a helping hand with stuff like this in their nginx configuration files:
</blockquote>
<pre>    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384;</pre>
<blockquote>This is bad. Remove things like this as long as you are using a modern version of nginx. These change often and if you are manually setting it, that is not a great thing to be doing. Also consider politely''(POLITELY)'' mentioning to the devs who had that in there that this isn’t necessary anymore since nginx no longer defaults to insecure ciphers.
</blockquote>
<span id="enable-the-nginx-configuration"></span>