So i have a Nginx server working as a reverse proxy with this configuration
http {
server {
listen 80;
listen [::]:80;
server_name www.example.tdl;
access_log logs/reverse-access.log;
error_log logs/reverse-error.log;
location / {
proxy_pass https://127.0.0.1:443;
}
}
}
My only problem is that when i connect to example.tdl it redirects correctly, but not with HTTPS. But its redirecting to the https port of my Apache server so i dont know where is the problem.
I never used nginx before so this is probably a configuration error.
How can i make that nginx redirects to that port with https?
This may sound dumb but what you've got is that nginx is working as a proxy for you. You connect to nginx via HTTP, nginx forwards your request to apache via HTTPS, then gets the answer back and transmit it to you using HTTP.
You need to make nginx listen for HTTPS with listen 443 ssl; and supply it with a certificate (ssl_certificate <path>;) and a key (ssl_certificate_key <path>;). After that add the following piece of code to the server block:
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
This will redirect everything to HTTPS.
Related
i have a NGINX server running as a reverse proxy. Proxy works for windows hosts however i have a owncloud server and the proxy will instead re wright the url to the internal host name or IP address. ex(I type cloud.example.com and my url bar will change to 10.1.1.19 which is unresolvable over wan
i have checked DNS records and made sure NGINX can resolve host name. also tried just forwarding http traffic to cloud server to make sure using domain name was not the issue.
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
proxy_pass http://10.1.1.16:80/;
}
}
server {
listen 80;
listen [::]:80;
server_name cloud.example.com;
location / {
proxy_pass http://10.1.1.19:80/;
}
}
server {
listen 80;
listen [::]:80;
server_name remote.example.com;
location / {
proxy_pass http://10.1.1.17:80/;
}
}
i just need NGINX to run as a proxy for "cloud.example.com" instead of rewriting URL
I found a partial answer to this -- Why is my Nginx reverse proxy doing a 301 redirect instead of proxying?.
For me, it kept nginx from changing the hostname (i.e. from good-domain.com to 10.1.5.5:8080), but there doesn't appear to be a way to stop nginx from appending the port to the client's request URL.
So, in using the answer referenced above, I was able to go from http://10.1.5.5:8080 to http://good-domain:8080. It's still not where I want to be, but it definitely gets me closer.
I have a nginx server which is running multiple vhost, I have configured one more vhost and tried to make it https, but when I tried to access it redirects to default page. I have configured SSL certs with letsencrypt.
my config file is
server {
listen 443 ssl;
root /var/www/html;
server_name abc.xyz.com;
include includes/letsencrypt;
location / {
proxy_pass http://abc;
include includes/proxy-config;
}
}
I have also tried with below config
server {
listen 80;
server_name abc.xyz.com;
return 301 https://abc.xyz.com$request_uri;
}
server {
listen 443 ssl;
server_name abc.xyz.com;
ssl on;
include includes/letsencrypt;
access_log /var/log/nginx/log/abc.access.log;
error_log /var/log/nginx/log/abc.error.log;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location / {
proxy_pass http://abc;
}
}
After this page is redirecting to my firewall.
Port 443 is also opened up.
Any Ideas what is wrong here?
I have nail down this by adding NAT rule in firewall.
Basically nothing wrong in above configuration.
I had only opened port on firewall.
As opening port is just between Internet and firewall
NAT redirects traffic from public-ip:443 -> local-ip:443
I too had this problem, but for me the solution was eventually found in a problem with the configuration file for php-fpm. There was a problem creating/accessing the error log for php-fpm, which I had turned on myself in the config file for php-fpm earlier thinking it was a good thing to do. Turning it back off again, restarting php-fpm and nginx got everything working as expected.
Just in case you're googling around like I was and kept finding this question at the top ;-)
I currently have a NGINX configuration with many subdomains. I started a mumble-server on port 27845, it works if I try to access it on a Mumble client with <ip_adress>:27845.
I tried to use NGINX to provide a subdomain mumble.example.com on port 80, which use proxy_pass http://localhost:27845. But when I try to connect to mumble.example.com on my Mumble client, it says that :
This server is using an older encryption standard, and is no longer supported by modern versions of Mumble.
How can I use a valid SSL configuration for NGINX on the port 80 ? I can use solely ports 80 and 443, and 443 is used for OpenVPN.
Subdomain conf NGINX :
server {
server_name mumble.example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
proxy_pass http://localhost:27845;
}
}
Nginx is an HTTP proxy, but mumble protocol is based on TCP/UDP, so I don't think Nginx can proxy for murmur service.
I am using nginx docker for deploying my app in aws server. I have to access my api using nginx proxy url which looks like https://domain.com/api/. This is a https request so i have to set proxy redirection to another port where api service running and the service is running under another docker container in same server instance. so my nginx conf file looks like below,
server {
listen 80;
server_name domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain.com;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
location /api/ {
proxy_pass http://my-public-ip-address:3000;
}
}
So my problem is that while I am trying to access the api endpoint using above url its showing ERR_TOO_MANY_REDIRECTS. So any one know about this issue? And also i went through all the article with same issue mentioned but no luck.
I'm using nginx for hosting multiple websites on a ubuntu server. Basically my setup is as follows.
My first domain example1.com (SSL enabled) can be accessed from http://example1.com as well as from https://example1.com. This working fine.
But my 2nd domain example2.com, I don't have SSL enabled - but when I type https://example2.com the url redirects to the first domain https://example1.com - Which is wrong
Now currently I have added this server block if someone type in the URL with https:// it will redirect back to http:// on the same domain. But this is not the right way to handle this issue. Does anyone has some better ideas?
server {
listen 443 ssl;
server_name example2.com www.example2.com;
rewrite ^ http://$server_name$request_uri? permanent;
}
The problem here is that you’re only using a single IP address (server-side) and rely on the TLS Server Name Indication extension (client-side). Nginx will always use your default HTTPS server if nothing else is available to handle the request.
Your solution looks quite right to me, although it will produce an error on the client-side if you have no valid certificate. The only other possibility would be to create a default invalid HTTPS server that simply drops the connection attempt. But I guess that’s not what you want.
server {
listen 443 ssl;
server_name example2.com *.example2.com;
return 301 http://$server_name$request_uri;
}
Always use return if you redirect at such a point.
A default invalid catch all configuration could look like the following:
server {
listen 443 ssl;
server_name _;
ssl_certificate blank.crt;
ssl_certificate_key blank.key;
return 403;
}
As I said, it will simply drop any connection attempt that doesn't contain a valid HTTP Host in the submitted headers or if the submitted HTTP Host in the header is not valid.
Having the following will listen on 443 (SSL), and because you don't have a SSL certificate for this domain, nginx will use the first or default SSL certificate, which will throw invalid domain error. Simply remove it, so that it doesn't listen on 443 (SSL).
server {
listen 443 ssl;
server_name example2.com www.example2.com;
rewrite ^ http://$server_name$request_uri? permanent;
}