SSL termination

Expose BugSnag dashboard and other endpoints via HTTPS using Nginx.

<%= partial “on-premise/legacy-single-machine/legacy-warning” %>

To make your BugSnag services available over secured TLS/SSL connections, see the following example configuration using Nginx to set up a reverse proxy. The following example is for the BugSnag dashboard but can be applied to other endpoints. Ensure that security TLS/SSL best practices are followed when configuring this.

Install Nginx

Install Nginx on the server where your BugSnag On-premise installation is located.

Locate your configuration file

Locate the nginx.conf for your install, typically at /etc/nginx/nginx.conf.

Increasing header buffer sizes

If running your own Nginx in front of BugSnag you will likely need to update the default Nginx configuration to accomodate larger headers:

server {
  # ...other config options

  # Increase size of buffers for reading response from proxied server
  proxy_buffers 4 256k; 
  proxy_buffer_size 128k; 
  proxy_busy_buffers_size 256k;

  # Increase request header buffer sizes for large cookies
  client_header_buffer_size 16k;
  large_client_header_buffers 8 64k;
}

These can also be set in the http block of your Nginx configuration.

Handle HTTPS traffic

Create a server block in your Nginx configuration file to handle HTTPS traffic, and configure your SSL certificate:

server {
  listen 443 default_server ssl;
  ssl_certificate /path/to/your/cert.pem;
  ssl_certificate_key /path/to/your/cert.key;
  server_name bugsnag.your-domain.com;

  location / {
    proxy_pass http://127.0.0.1:49080;
    proxy_set_header HOST $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Restart Nginx to pick up config changes, for example by running /etc/init.d/nginx restart.