From d3092eb5945c4b6aff48495fe2f583ed5621fb6f Mon Sep 17 00:00:00 2001
From: Gianmarco Mameli <gnammyx@gmail.com>
Date: Thu, 6 Nov 2025 15:19:21 +0100
Subject: [PATCH 1/5] Add sample configuration for hbbs subdomain with SSL
 support

---
 hbbs.subdomain.conf.sample | 63 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 hbbs.subdomain.conf.sample

diff --git a/hbbs.subdomain.conf.sample b/hbbs.subdomain.conf.sample
new file mode 100644
index 00000000..58cf6384
--- /dev/null
+++ b/hbbs.subdomain.conf.sample
@@ -0,0 +1,63 @@
+## Version 2025/11/06
+# make sure that your hbbs container is named hbbs
+# make sure that your dns has a cname set for hbbs
+# /ws/relay location only works if you have hbbr container configured and named hbbr
+# full guide https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/faq/#set-up-https-for-web-console-manually
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name hbbs.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        proxy_set_header        X-Real-IP       $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_pass http://hbbs:21114;
+
+    }
+
+    location /ws/id {
+        proxy_pass http://hbbs:21118;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+    }
+
+    location /ws/relay {
+        proxy_pass http://hbbr:21119;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+    }
+}
\ No newline at end of file

From c818c75abaa5d913b15970dc719819952dabea77 Mon Sep 17 00:00:00 2001
From: Gianmarco Mameli <gnammyx@gmail.com>
Date: Thu, 6 Nov 2025 15:44:08 +0100
Subject: [PATCH 2/5] Testing fixes

---
 hbbs.subdomain.conf.sample | 39 +++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/hbbs.subdomain.conf.sample b/hbbs.subdomain.conf.sample
index 58cf6384..a119f50d 100644
--- a/hbbs.subdomain.conf.sample
+++ b/hbbs.subdomain.conf.sample
@@ -15,30 +15,21 @@ server {
     client_max_body_size 0;
 
     location / {
-        # enable the next two lines for http auth
-        #auth_basic "Restricted";
-        #auth_basic_user_file /config/nginx/.htpasswd;
-
-        # enable for ldap auth (requires ldap-server.conf in the server block)
-        #include /config/nginx/ldap-location.conf;
-
-        # enable for Authelia (requires authelia-server.conf in the server block)
-        #include /config/nginx/authelia-location.conf;
-
-        # enable for Authentik (requires authentik-server.conf in the server block)
-        #include /config/nginx/authentik-location.conf;
-
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         proxy_set_header        X-Real-IP       $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
 
-        proxy_pass http://hbbs:21114;
-
+        set $upstream_app hbbs;
+        set $upstream_port 21114;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
     }
 
     location /ws/id {
-        proxy_pass http://hbbs:21118;
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
@@ -47,10 +38,19 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 120s;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app hbbs;
+        set $upstream_port 21118;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
     }
 
     location /ws/relay {
-        proxy_pass http://hbbr:21119;
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
@@ -59,5 +59,10 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 120s;
+
+        set $upstream_app hbbr;
+        set $upstream_port 21119;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
     }
 }
\ No newline at end of file

From c1705956350e068a10027c31b2125dddaaa27ab4 Mon Sep 17 00:00:00 2001
From: Gianmarco Mameli <gnammyx@gmail.com>
Date: Thu, 6 Nov 2025 15:50:26 +0100
Subject: [PATCH 3/5] fix tests

---
 hbbs.subdomain.conf.sample | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hbbs.subdomain.conf.sample b/hbbs.subdomain.conf.sample
index a119f50d..21afcaed 100644
--- a/hbbs.subdomain.conf.sample
+++ b/hbbs.subdomain.conf.sample
@@ -30,39 +30,39 @@ server {
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
 
-        proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 120s;
 
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
         set $upstream_app hbbs;
         set $upstream_port 21118;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_http_version 1.1;
+        proxy_read_timeout 120s;
     }
 
     location /ws/relay {
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
 
-        proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 120s;
 
         set $upstream_app hbbr;
         set $upstream_port 21119;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_http_version 1.1;
+        proxy_read_timeout 120s;
     }
 }
\ No newline at end of file

From e1aaa5374b47a28301e2fc715a4e29e0b84fcf78 Mon Sep 17 00:00:00 2001
From: Gianmarco Mameli <gnammyx@gmail.com>
Date: Thu, 6 Nov 2025 15:54:02 +0100
Subject: [PATCH 4/5] Remove unnecessary proxy_http_version directive from hbbs
 subdomain configuration

---
 hbbs.subdomain.conf.sample | 2 --
 1 file changed, 2 deletions(-)

diff --git a/hbbs.subdomain.conf.sample b/hbbs.subdomain.conf.sample
index 21afcaed..ec21e18e 100644
--- a/hbbs.subdomain.conf.sample
+++ b/hbbs.subdomain.conf.sample
@@ -42,7 +42,6 @@ server {
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_http_version 1.1;
         proxy_read_timeout 120s;
     }
 
@@ -62,7 +61,6 @@ server {
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_http_version 1.1;
         proxy_read_timeout 120s;
     }
 }
\ No newline at end of file

From 5307a669794189fcd710ca184f3c5565473963eb Mon Sep 17 00:00:00 2001
From: Gianmarco Mameli <gnammyx@gmail.com>
Date: Thu, 6 Nov 2025 15:55:02 +0100
Subject: [PATCH 5/5] Remove redundant proxy_read_timeout directives from hbbs
 subdomain configuration

---
 hbbs.subdomain.conf.sample | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/hbbs.subdomain.conf.sample b/hbbs.subdomain.conf.sample
index ec21e18e..478b11c8 100644
--- a/hbbs.subdomain.conf.sample
+++ b/hbbs.subdomain.conf.sample
@@ -41,8 +41,6 @@ server {
         set $upstream_port 21118;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-
-        proxy_read_timeout 120s;
     }
 
     location /ws/relay {
@@ -60,7 +58,5 @@ server {
         set $upstream_port 21119;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-
-        proxy_read_timeout 120s;
     }
 }
\ No newline at end of file