Using Nginx as reverse proxy¶
As Argos has no authentication mechanism for the front-end, you need to protect some routes with HTTP authentication.
To do so on Debian, install apache2-utils
then create a file containing the wanted credentials:
htpasswd -c /etc/nginx/argos.passwd argos_admin
You can then use this file to protect the front-end’s routes:
server {
listen 80;
listen [::]:80;
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name argos.example.org;
ssl_certificate /etc/letsencrypt/live/argos.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/argos.example.org/privkey.pem;
access_log /var/log/nginx/argos.example.org.access.log;
error_log /var/log/nginx/argos.example.org.error.log;
if ($scheme != "https") {
rewrite ^ https://$http_host$request_uri? permanent;
}
location ~ ^/($|domains?/|result/|task/|refresh/) {
auth_basic "Closed site";
auth_basic_user_file argos.passwd;
include proxy_params;
proxy_pass http://127.0.0.1:8000;
}
location / {
include proxy_params;
proxy_pass http://127.0.0.1:8000;
}
}