Setting up a reverse proxy for VoxelDash provides several benefits:
- SSL/TLS Encryption: Secure your dashboard with HTTPS
- Custom Domain: Access your dashboard via a domain name instead of an IP address
- Security: Hide the backend port and add an extra layer of protection
- WebSocket Support: Properly proxy the real-time console and live updates
Important: VoxelDash uses WebSockets for real-time features like the console. Make sure your reverse proxy configuration supports WebSocket connections.
Nginx
Apache
Caddy
Traefik
Install Nginx on your server:
sudo apt update
sudo apt install nginx
Create a new configuration file for VoxelDash:
sudo nano /etc/nginx/sites-available/voxeldash
Add the following configuration:
server {
listen 80;
server_name voxeldash.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:7867;
proxy_http_version 1.1;
# WebSocket support
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Pass original headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeout settings for long-running connections
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
}
Enable the site and restart Nginx:
sudo ln -s /etc/nginx/sites-available/voxeldash /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
Install Certbot and obtain a certificate:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d voxeldash.yourdomain.com
Certbot will automatically modify your Nginx configuration to use HTTPS.
Install Apache and enable required modules:
sudo apt update
sudo apt install apache2
sudo a2enmod proxy proxy_http proxy_wstunnel headers rewrite ssl
Create a new configuration file:
sudo nano /etc/apache2/sites-available/voxeldash.conf
Add the following configuration:
<VirtualHost *:80>
ServerName voxeldash.yourdomain.com
ProxyPreserveHost On
ProxyRequests Off
# Regular HTTP traffic
ProxyPass / http://127.0.0.1:7867/
ProxyPassReverse / http://127.0.0.1:7867/
# WebSocket support
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) ws://127.0.0.1:7867/$1 [P,L]
# Headers
RequestHeader set X-Forwarded-Proto "http"
RequestHeader set X-Forwarded-Port "80"
</VirtualHost>
Enable the site and restart Apache:
sudo a2ensite voxeldash.conf
sudo systemctl restart apache2
Install Certbot and obtain a certificate:
sudo apt install certbot python3-certbot-apache
sudo certbot --apache -d voxeldash.yourdomain.com
After obtaining the certificate, update the X-Forwarded-Proto header to https in your configuration.
Install Caddy:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
Edit the Caddyfile:
sudo nano /etc/caddy/Caddyfile
Add the following configuration:
voxeldash.yourdomain.com {
reverse_proxy 127.0.0.1:7867
}
Restart Caddy:
sudo systemctl restart caddy
That's it! Caddy automatically handles SSL certificates, WebSocket upgrades, and header forwarding. It's the simplest option for setting up a reverse proxy.
If you're using Traefik with Docker, add the following labels to your VoxelDash container:
services:
voxeldash:
image: your-voxeldash-image
labels:
- "traefik.enable=true"
- "traefik.http.routers.voxeldash.rule=Host(`voxeldash.yourdomain.com`)"
- "traefik.http.routers.voxeldash.entrypoints=websecure"
- "traefik.http.routers.voxeldash.tls.certresolver=letsencrypt"
- "traefik.http.services.voxeldash.loadbalancer.server.port=7867"
Create a configuration file:
http:
routers:
voxeldash:
rule: "Host(`voxeldash.yourdomain.com`)"
service: voxeldash
entryPoints:
- websecure
tls:
certResolver: letsencrypt
services:
voxeldash:
loadBalancer:
servers:
- url: "http://127.0.0.1:7867"
After setting up a reverse proxy, you should block direct access to port 7867 from external networks:
# Allow HTTP/HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Block external access to VoxelDash port (allow only localhost)
sudo ufw deny 7867/tcp
# Enable the firewall
sudo ufw enable
# Allow localhost access to port 7867
sudo iptables -A INPUT -p tcp -s 127.0.0.1 --dport 7867 -j ACCEPT
# Drop all other connections to port 7867
sudo iptables -A INPUT -p tcp --dport 7867 -j DROP
# Save the rules
sudo iptables-save | sudo tee /etc/iptables/rules.v4
If the console or real-time features aren't working:
- Check your proxy configuration - Ensure WebSocket upgrade headers are being passed correctly
- Verify timeout settings - WebSocket connections need long timeouts
- Check browser console - Look for WebSocket connection errors
If you're getting a 502 error:
- Verify VoxelDash is running - Check if the dashboard is accessible at
http://localhost:7867 - Check the proxy pass URL - Ensure the backend URL is correct
- Review logs - Check your reverse proxy logs for more details:
# Nginx
sudo tail -f /var/log/nginx/error.log
# Apache
sudo tail -f /var/log/apache2/error.log
# Caddy
sudo journalctl -u caddy -f
If you're having trouble with SSL:
- Check DNS - Ensure your domain points to your server's IP
- Verify ports - Port 80 and 443 must be open for Certbot validation
- Check certificate status:
sudo certbot certificates
