Reverse Proxy & DNS

Reverse Proxy & DNS

This page covers how to set up Nginx reverse proxies with SSL/TLS for the Meww.me API and WebServer domains.

The project includes two automation scripts in additional-file/:

  • api-domain.sh - configures Nginx for the Fastify REST API (port 2555)
  • ws-domain.sh - configures Nginx for the Express WebServer (port 2444)

Architecture

 Internet                    Nginx                         Application
┌──────────┐              ┌──────────────┐
│ Browser  │   HTTPS      │              │   HTTP
│ Frontend │ ───────────► │ api.meww.me  │ ──────────► localhost:2555 (Fastify)
│ Webhooks │              │ ws.meww.me   │ ──────────► localhost:2444 (Express)
└──────────┘              └──────────────┘

Two subdomains are used:

  • api.yourdomain.com - points to the Fastify REST API + Dashboard (port 2555)
  • ws.yourdomain.com - points to the Express WebServer for webhooks (port 2444)

API Domain Setup (api-domain.sh)

This script automates the Nginx configuration for the REST API domain.

Prerequisites

  • Ubuntu/Debian server with root access
  • Nginx installed
  • Certbot installed (apt install certbot python3-certbot-nginx)
  • A DNS A record pointing api.yourdomain.com to your server IP

Usage

chmod +x additional-file/api-domain.sh
sudo ./additional-file/api-domain.sh

The script will prompt for:

  1. Your API domain (e.g., api.meww.me)
  2. The backend port (default: 2555)

What It Does

  1. Creates an Nginx server block at /etc/nginx/sites-available/<domain>
  2. Configures reverse proxy from https://<domain>http://localhost:<port>
  3. Enables the site via symlink to sites-enabled
  4. Runs certbot --nginx to obtain and configure an SSL certificate
  5. Reloads Nginx

Generated Nginx Config

server {
    server_name api.meww.me;
 
    location / {
        proxy_pass http://localhost:2555;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

The Upgrade and Connection headers are required for WebSocket support (Socket.IO uses WebSocket transport).

WebServer Domain Setup (ws-domain.sh)

This script automates the Nginx configuration for the Express WebServer domain.

Usage

chmod +x additional-file/ws-domain.sh
sudo ./additional-file/ws-domain.sh

The script will prompt for:

  1. Your WebServer domain (e.g., ws.meww.me)
  2. The WebServer port (default: 2444)

Generated Config

Same structure as the API domain but pointing to the Express port (2444).

Manual Nginx Setup

If you prefer to configure Nginx manually:

API Domain

server {
    listen 80;
    server_name api.yourdomain.com;
 
    location / {
        proxy_pass http://127.0.0.1:2555;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
 
        # Increase timeouts for long-polling
        proxy_read_timeout 86400s;
        proxy_send_timeout 86400s;
    }
}

WebServer Domain

server {
    listen 80;
    server_name ws.yourdomain.com;
 
    location / {
        proxy_pass http://127.0.0.1:2444;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

SSL with Certbot

After creating the Nginx configs:

sudo certbot --nginx -d api.yourdomain.com
sudo certbot --nginx -d ws.yourdomain.com

Certbot will automatically modify the configs to add SSL and redirect HTTP to HTTPS.

DNS Configuration

Required DNS Records

TypeNameValuePurpose
AapiYour server IPREST API + Dashboard backend
AwsYour server IPWebhook server
A@ or wwwCDN/hosting IPFrontend dashboard

Cloudflare Notes

If using Cloudflare:

  • Set the proxy status to DNS only (gray cloud) for api and ws records if you need WebSocket support without Cloudflare's WebSocket proxy.
  • Alternatively, set to Proxied (orange cloud) and enable Cloudflare's WebSocket support in the dashboard.
  • Ensure SSL/TLS mode is set to Full (strict) if your origin has a valid certificate.

Production Configuration

After setting up the reverse proxy, update your config.yml and .env:

features:
  RestAPI:
    DashboardUrl: "https://yourdomain.com"
    DiscordRedirectUri: "https://api.yourdomain.com/auth/discord/callback"
  WebServer:
    BaseUrl: "https://ws.yourdomain.com"
    LAST_FM_SCROBBLED:
      Callback: "https://ws.yourdomain.com/lastfm"
FRONTEND_URL=https://yourdomain.com
DISCORD_REDIRECT_URI=https://api.yourdomain.com/auth/discord/callback
NODE_ENV=production

Update the Discord Developer Portal:

  1. Go to your application → OAuth2 → Redirects.
  2. Add https://api.yourdomain.com/auth/discord/callback.

Update Top.gg:

  1. Go to your bot's webhook settings.
  2. Set the webhook URL to https://ws.yourdomain.com/vote.

Update Ko-fi:

  1. Go to Ko-fi settings → Webhooks.
  2. Set the webhook URL to https://ws.yourdomain.com/kofi.
IntegrationsDeployment Guide