Custom Nginx Setup
This guide shows you how to set up Rybbit with your own Nginx installation instead of using the built-in Caddy server.
Prerequisites
- Existing Nginx installation
- SSL certificates (Let’s Encrypt recommended)
- Domain pointed to your server
- Rybbit running with
--no-webserverflag
Setup Steps
Run Rybbit without Caddy
First, set up Rybbit to expose ports without the built-in webserver:
./setup.sh your.domain.name --no-webserverThis will expose:
- Backend service on port 3001
- Client service on port 3002
Configure Nginx
Create or update your Nginx configuration file (usually in /etc/nginx/sites-available/):
server {
listen 80;
server_name your.domain.name;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name your.domain.name;
# SSL configuration (using Let's Encrypt)
ssl_certificate /etc/letsencrypt/live/your.domain.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain.name/privkey.pem;
# Modern SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# API requests
location /api/ {
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Client app
location / {
proxy_pass http://localhost:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}Enable the Site
Enable your Nginx configuration:
# Create symlink to enable the site
sudo ln -s /etc/nginx/sites-available/your-site /etc/nginx/sites-enabled/
# Test the configuration
sudo nginx -t
# Reload Nginx
sudo systemctl reload nginxVerify Setup
Check that everything is working:
# Check Nginx status
sudo systemctl status nginx
# Check Rybbit services
docker compose ps
# Test the website
curl -I https://your.domain.nameSSL Certificate Setup with Certbot
If you need to set up SSL certificates with Let’s Encrypt:
Install Certbot
# Ubuntu/Debian
sudo apt update
sudo apt install certbot python3-certbot-nginx
# CentOS/RHEL
sudo yum install certbot python3-certbot-nginxObtain Certificate
sudo certbot --nginx -d your.domain.nameAuto-renewal
Set up automatic renewal:
# Test renewal
sudo certbot renew --dry-run
# Check existing cron job
sudo crontab -lCertbot usually sets up auto-renewal automatically, but you can add this cron job if needed:
0 12 * * * /usr/bin/certbot renew --quietCustom Ports
If you need to use custom ports for Rybbit:
./setup.sh your.domain.name --no-webserver --backend-port 8080 --client-port 8081Update your Nginx configuration accordingly:
location /api/ {
proxy_pass http://localhost:8080; # Custom backend port
# ... rest of config
}
location / {
proxy_pass http://localhost:8081; # Custom client port
# ... rest of config
}Troubleshooting
Common Issues
502 Bad Gateway: Check if Rybbit services are running:
docker compose ps
docker compose logsSSL Certificate Issues: Verify certificate paths:
sudo certbot certificatesPermission Denied: Check Nginx error logs:
sudo tail -f /var/log/nginx/error.logLogs
Monitor logs for debugging:
# Nginx access logs
sudo tail -f /var/log/nginx/access.log
# Nginx error logs
sudo tail -f /var/log/nginx/error.log
# Rybbit logs
docker compose logs -fFor step-by-step Nginx installation and SSL setup, see our Nginx Setup Guide.