Got it, let's build the exact Nginx reverse proxy setup you need. Here's a clear, maintainable configuration that handles your main domain, subdomains, and routes traffic to your Raspberry Pi cluster's Docker-hosted Node-RED instances:

Step 1: Basic Nginx Configuration Structure #

First, create a dedicated config file for your domain (instead of editing the main nginx.conf directly) — this keeps things organized. Let's use /etc/nginx/sites-available/mydomain.conf (link it to the enabled sites folder afterward with sudo ln -s /etc/nginx/sites-available/mydomain.conf /etc/nginx/sites-enabled/).

Option 1: Explicit Server Blocks (Great for a Small Number of Subdomains) #

This approach is straightforward if you only have a few subdomains like sd01, sd02, sd03:

# Main domain: mydomain.com → forwards to Node-RED on port 8080 of your Pi cluster
server {
    listen 80;
    server_name mydomain.com;

    location / {
        # Proxy traffic to your internal Pi cluster IP and target port
        proxy_pass http://192.168.1.33:8080;
        
        # Critical headers to preserve original request details for Node-RED
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Subdomain sd01.mydomain.com → forwards to port 8081
server {
    listen 80;
    server_name sd01.mydomain.com;

    location / {
        proxy_pass http://192.168.1.33:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Subdomain sd02.mydomain.com → forwards to port 8082
server {
    listen 80;
    server_name sd02.mydomain.com;

    location / {
        proxy_pass http://192.168.1.33:8082;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Copy and modify the above block for sd03, sd04, etc.

Option 2: Regex-Based Server Block (Perfect for Lots of Subdomains) #

If you plan to add more subdomains like sd04, sd05 later, use a regex to auto-map subdomains to ports (e.g., sd01 → 8081, sd02 → 8082). Pair this with a separate block for your main domain:

# Main domain block (same as Option 1)
server {
    listen 80;
    server_name mydomain.com;

    location / {
        proxy_pass http://192.168.1.33:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Auto-map sdXX.mydomain.com to port 808XX
server {
    listen 80;
    # Regex matches subdomains starting with "sd" followed by numbers (e.g., sd01, sd10)
    server_name ~^sd(\d+)\.mydomain\.com$;

    location / {
        # Capture the number from the subdomain and append it to port 808
        set $node_port 808$1;
        proxy_pass http://192.168.1.33:$node_port;
        
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Step 2: Critical Pre-Requisites & Checks #

Before testing the config, make sure these boxes are checked:

• Router Port Forwarding: Your router must forward incoming port 80 traffic to your Nginx host (host1)'s internal IP (e.g., if host1 is at 192.168.1.10, set up a rule: External 80 → 192.168.1.10:80).
• Firewall Rules: Allow port 80 on host1's firewall. For UFW, run sudo ufw allow 80/tcp; for firewalld, use sudo firewall-cmd --add-port=80/tcp --permanent && sudo firewall-cmd --reload.
• Docker Port Mapping: Ensure each Node-RED container is mapped to the correct port on your Pi cluster (192.168.1.33). For example, to map container port 1880 (Node-RED's default) to host port 8081, use docker run -d -p 8081:1880 nodered/node-red.
• DNS Setup: Make sure mydomain.com and all sdXX.mydomain.com subdomains point to your public IP address.
• Config Validation: Test your Nginx config for errors with sudo nginx -t. If it passes, reload Nginx with sudo systemctl reload nginx.

Extra Security Tip (Optional but Recommended) #

Since port 80 uses unencrypted HTTP, consider setting up HTTPS with Let's Encrypt. Certbot can automatically configure Nginx for HTTPS and redirect all HTTP traffic to HTTPS. Just run sudo certbot --nginx and follow the prompts.

内容的提问来源于stack exchange，提问作者Jéan