Nginx Proxy Template

techmatik1 · November 24, 2025, 9:19pm

Hi, I have several servers and I’m using nginx from Hestia for them. I have only one public IP address.

The problem is I’m having issues with UISP and several other servers with WebSockets; the web pages aren’t loading the WebSockets.

sahsanu · November 24, 2025, 9:29pm

Hi,

Are you using Nginx or Nginx+Apache2?
Which template are you using?
Show the current configuration for your domain (replace YourUser and YourDomain with the actual data):

cat /home/YourUser/conf/web/YourDomain/nginx.conf
cat /home/YourUser/conf/web/YourDomain/nginx.ssl.conf

techmatik1 · November 24, 2025, 9:32pm

I created 2 templates
/usr/local/hestia/data/templates/web/nginx/
proxy_ws.tpl
proxy_ws.stpl

proxy config

techmatik1 · November 24, 2025, 9:33pm

Previously, for my other server, I used Nginx Proxy Manager, but with HestiaCP I can have both at the same time.

sahsanu · November 24, 2025, 9:37pm

ok, show me the templates

techmatik1 · November 24, 2025, 9:40pm

#=========================================================================#

# UISP_TechMatik Reverse Proxy SSL Template

#=========================================================================#

server {
listen      %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
error_log   /var/log/%web_system%/domains/%domain%.error.log error;

ssl_certificate     %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling        on;
ssl_stapling_verify on;

# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }

include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

# Bloquer fichiers cachés
location ~ /\.(?!well-known\/|file) {
    deny all;
    return 404;
}

# Proxy principal vers UISP_TechMatik HTTP interne
location / {
    proxy_pass https://10.0.0.22:443;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    # Fichiers statiques
    location ~* ^.+\.(css|js|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
        try_files $uri @fallback;
        root       %sdocroot%;
        access_log /var/log/%web_system%/domains/%domain%.log combined;
        access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
        expires    max;
    }
}

# Fallback vers UISP_TechMatik
location @fallback {
    proxy_pass https://10.0.0.22:443;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

# Pages d'erreur personnalisées
location /error/ {
    alias %home%/%user%/web/%domain%/document_errors/;
}

proxy_hide_header Upgrade;

# Inclusion de configurations SSL supplémentaires
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

sahsanu · November 24, 2025, 9:48pm

The first thing you should do is remove this line from your templates and rebuild your site:

proxy_hide_header Upgrade;

sahsanu · November 24, 2025, 9:53pm

I would use a template like this:

#=========================================================================#
# UISP_TechMatik Reverse Proxy SSL Template
#=========================================================================#
server {
    listen      %ip%:%proxy_ssl_port% ssl;
    server_name %domain_idn% %alias_idn%;
    error_log   /var/log/%web_system%/domains/%domain%.error.log error;
    
    ssl_certificate     %ssl_pem%;
    ssl_certificate_key %ssl_key%;
    
    # TLS 1.3 0-RTT anti-replay
    if ($anti_replay = 307) { return 307 https://$host$request_uri; }
    if ($anti_replay = 425) { return 425; }
    
    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
    
    # Bloquer fichiers cachés
    location ~ /\.(?!well-known\/|file) {
        deny all;
        return 404;
    }
    
    # Fichiers statiques
    location ~* ^.+\.(css|js|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
        try_files $uri @fallback;
        root       %sdocroot%;
        access_log /var/log/%web_system%/domains/%domain%.log combined;
        access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
        expires    max;
    }
    
    # Proxy principal vers UISP_TechMatik HTTP interne
    location / {
        proxy_pass https://10.0.0.22:443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400s;
        proxy_send_timeout 86400s;
        proxy_buffering off;
    }
    
    # Fallback vers UISP_TechMatik
    location @fallback {
        proxy_pass https://10.0.0.22:443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    
    # Pages d'erreur personnalisées
    location /error/ {
        alias %home%/%user%/web/%domain%/document_errors/;
    }
    
    # Inclusion de configurations SSL supplémentaires
    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

techmatik1 · November 24, 2025, 9:55pm

merci

techmatik1 · November 24, 2025, 9:55pm

Thanks, it works