Reverse Proxy

This page will guide you through setting up a reverse proxy for Zipline using various different methods.

server {
  listen 80;
  # Allows Zipline to handle large file uploads, feel free to change this value
  client_max_body_size 100M;

  # If you have a domain, replace <your domain> with it for DNS resolution
  server_name <your domain (optional)>;

  location / {
    # If Zipline is running on a different port or hostname, change the port here
    proxy_pass http://localhost:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

You may be using NGINX Proxy Manager, a web interface for managing NGINX reverse proxies. You can follow the guide below to set up Zipline with NGINX Proxy Manager.

First navigate to your NGINX Proxy Manager dashboard, and click on the "Proxy Hosts" tab. Then click "Add Proxy Host".

You may change the hostname and port to match your Zipline instance. If you are using a domain, you can enter it in the "Domain Names" field. In this example it is set to zipline.example.com.

Setting up SSL through NGINX Proxy Manager is also very simple, you can use the "SSL" tab to generate a certificate for your domain.

You will need to have a valid SSL certificate to use this configuration. If you don't have one, you can use Let's Encrypt, or Cloudflare for example.

server {
  listen 443 ssl;
  client_max_body_size 100M;
  server_name <your domain>;

  # these paths can be anywhere, depending on where your keys are stored
  ssl_certificate /<your domain>.pem;
  ssl_certificate_key /<your domain>.key;

  location / {
    proxy_pass http://localhost:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

If you are using cloudflare, you can generate a certificate within the dashboard.

First visit dash.cloudflare.com and select your domain. Then navigate to the SSL/TLS tab, and click "Client Certificates". Then click "Create Certificate".

Next, make sure the options are like the following:

Finally, click "Next" and you will be presented with the public and private keys. Make sure the key format is set to PEM.

You will have to save the Certificate to <your domain>.pem and the Private Key to <your domain>.key. For example if your domain is zipline.example.com, you will have the following files:

/zipline.example.com.pem
/zipline.example.com.key

You can save these keys anywhere, but make sure your reverse proxy configuration points to the correct path.

Then within NGINX, you can use the following configuration:

server {
  ...

    ssl_certificate /<your domain>.pem;
    ssl_certificate_key /<your domain>.key;

  ...
}

If you are using Tailscale, and want to create a certificate pair for your domain (e.g. hostname.tails-scales.ts.net) to use with NGINX, you can use the following commands:

tailscale cert <domain>

This will output a <domain>.key and <domain>.crt file. You can then use these files in your NGINX configuration.

Additionally, visit this page for more information on how to use the certificates.

Setting up Zipline with Caddy is very simple. You can use the following Caddyfile configuration:

<your domain> {
  reverse_proxy localhost:3000
}