dyrector.io
  • Welcome 👋
  • Basics
    • Who is it for?
    • How it works
    • Components
    • Use cases
    • API
  • Tutorials
    • Getting started
    • Add your Node
    • Add your Registry
      • Add V2 Registry
      • Add Docker Hub Registry
      • Add GitHub Registry
      • Add GitLab Registry
      • Add Google Registry
      • Add Unchecked Registry
    • Create your Project
      • Create a versionless project
      • Create a versioned project
        • Create a Rolling Version
        • Create an Incremental Version
        • Add a version to your Versioned Project
    • Deploy your Project
    • Create Chat Notifications
    • Inject Files to a Container
  • Features
    • Core functionality
    • Templates
      • Vaultwarden
      • Strapi
      • Cal.com
      • WordPress
      • Minecraft Server
      • Google Microservices Demo
      • Self-managed GitLab
      • MLflow
      • Gitea
      • LinkAce
    • Continuous Deployment
    • Configuration management
      • Container configuration
      • Configuration bundle
    • Monitoring
    • Audit log
    • Storage
  • Self-managed
    • Quick start
    • CLI
    • Proxies
    • Environment variables
    • Self-signed certificates
  • Learn more
    • Changelog
    • Quality Assurance (QA)
    • Roadmap
      • Features in progress
      • Integrations in progress
    • Pricing
    • FAQ
      • Portainer vs. dyrector.io
    • Community
Powered by GitBook
On this page
  • Traefik
  • NGINX
Edit on GitHub
Export as PDF
  1. Self-managed

Proxies

Last updated 1 year ago

Proxies provide secure connection when you set up the platform for self-managed use. But they can be useful for any other uses, when you need a firewall, or you'd like to hide your location, and so on.

When you set up the platform, we highly recommend you to use a proxy, such as Traefik or NGINX, to secure your network.

Traefik

Traefik is used by default, as seen in the designed for production use.

NGINX

By default we recommend using Traefik but if you already use NGINX then here's an example.

When you configure NGINX for the platform, keep in mind the following:

Inbound traffic needs to be directed towards 3 containers: kratos, crux-ui, and crux. The 5 locations defined are below:

  • /crux-ui

  • /kratos (needs to be stripped)

  • Locations routed to crux-ui:

    • /api/auth

    • /api/status

  • Locations routed to crux:

    • /api

Example NGINX config with default ports:

upstream crux-ui {
    server localhost:3000;
}

upstream crux {
    server localhost:1848;
}

upstream kratos {
    server localhost:4433;
}

server {
    listen 80;
    listen [::]:80;

    server_name example.com;

    client_max_body_size 128m;

    proxy_read_timeout 300;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name example.com;

    ssl_certificate /etc/ssl/ssl.crt;
    ssl_certificate_key /etc/ssl/ssl.key;

    client_max_body_size 128m;

    proxy_set_header Host $http_host; # required for docker client's sake
    proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 900;

    location / {
        proxy_pass http://crux-ui;
    }

    location /kratos {
        rewrite ^/kratos(.*)$ /$1 break;

        proxy_pass http://kratos;
    }

    location /api/auth {
            proxy_pass http://crux-ui;
    }
    
    location /api/status {
            proxy_pass http://crux-ui;
    }

    location /api {
                proxy_pass http://crux;
    }
}
docker-compose