I have a server that's using nginx and httpd (vestaCP). I'm trying to get panel.domain.com to go to domain.com:8083. I can't use proxy pass as changing the URL screws up vestacp. So i'm just needing nginx to forward people to domain.com:8083 when they go to panel.domain.com.
I currently have:
server {
listen 443;
server_name panel.domain.com.au;
return 301 https://domain.com.au:8083;
}
Related
I'm new with nginx, but i'm trying to build a reverse proxy that could do something like this:
Whenever a request arrives to a domain name like this in my nginx reverse proxy server:
http://dn.55-32.mydomain.name/path/file.cfg
Parse the 55-32 and forward the request to an internal ip.
http://10.10.55.32/path/file.cfg
The 55-32 represent that las octects XX.XX.55.32 to the forwarded server.
Is there a way to build such a behavior?
Finally i made it wokr with this configuration:
server {
listen 443 ssl http2 default_server;
server_name ~^dn\.(?<octet1>.+)-(?<octet2>.+)\.mydomain\.com$;
location / {
set $var http://10.10.$octet1.$octet2;
proxy_pass $var;
}
}
Maybe this could be helpful for someone...
Ricardo
I have a winstone server (Jenkins) listening on 8443.
Jenkins has a valid cert, and Jenkins is doing the cert termination successfully:
JENKINS_ARGS="--httpPort=-1 --httpsKeyStore=/secure/jenkins.keystore --httpsKeyStorePassword=MY_PASSWORD --httpsPort=8443"
The only problem is that users now have to go:
https://example.com:8443
I don't want that port number in the URL.
I want:
https://example.com:8443 -> https://example.com
https://example.com -> https://example.com
http://example.com -> https://example.com
So I figure I'll run nginx on the same instance that is running Jenkins.
So my question is:
Do I have to reconfigure jenkins to NOT do cert termination so that nginx does it only?
Can nginx redirect 80 and 443 to localhost:8443 without a cert (Since Jenkins is doing cert termination)?
Do BOTH nginx AND Jenkins need to do cert termination?
Sorry for those similar questions.
I'm pretty sure an AWS ELB cannot replace what nginx is doing here, but I thought I'd throw it out there, in case an ELB can solve this for me too.
1) No, you can have Nginx Stream the connection directly to the Jenkins using the Stream Module.
Do note this was added in 1.9.0 but is not part of the default build so you might have to build it yourself.
It works a lot like an http server block but you have to set it up outside of the http block.
stream {
upstream jenkins_server {
server jenkins:443;
}
server {
listen 443;
proxy_pass jenkins_server;
}
}
2) You do not need a cert on nginx but you should have a http server block for port 80 that does a 301 to the 443 stream talked about in answer part 1.
server {
listen 80;
server_name your_server_name_here;
return 301 https://$host$request_uri;
}
3) No, you don't as you can use the nginx stream to passthru the ssl from the client to the Jenkins server.
I have several websites hosted on the same sever. To simplify I have just 2 (http-only.com and https.com) and using nginx to handle requests.
One has SSL enabled. And another doesn't. I noticed links like this in Google Search Console http-only.com/https_server_path and when accessing an http-only.com server with https protocol I get requests served by an https.com server instead.
https.com:
server {
listen 443 ssl;
server_name https.com;
ssl on;
}
only-http.com:
server {
listen 80;
server_name only-http.com;
}
I think I should define something like a default ssl server to handle ssl for http.com, but don't know how to do it properly. I guess nginx should redirect https request to an http url if corresponding server doesn't handle https. Or maybe there is a better solution?
I have a web service hosted on local ip 192.168.1.21:8080 (Apache Tomcat) which is up and running (ie I can surf to that IP and get the tomcat front page as expected).
I'm now trying to set up a proxy rule in my nginx saying that the url "jft.pdf.home.se" should redirect to that ip (using below nginx proxy rule:)
# GeneratePDF
server{
listen 80;
server_name jft.pdf.home.se;
#GeneratePDF
location / {
proxy_pass http://192.168.1.21:8080/;
include /etc/nginx/proxy_params;
}
}
When I try to surf to jft.pdf.home.se I get page cannot be found error. Again, if I use 192.168.1.21:8080, it works fine.
I also tried changing server_name to pdf.home.se but with the same result.
Can anyone see what I might be missing?
I soon realized that I hadn't posted this DNS yet which was what caused the page not found!
So I've got this port 80 redirect working fine
server {
listen 80;
server_name "~^(?<subdomain>.+)\.site-box\.it$";
rewrite ^(.*)$ https://$subdomain.sitebox.co permanent;
}
But I want https to work too, because some old links are left around that have https://guy.site-box.it
But this doesn't work
server {
listen 443;
server_name "~^(?<subdomain>.+)\.site-box\.it$";
rewrite ^(.*)$ https://$subdomain.sitebox.co permanent;
}
It seems to cause nothing in the Nginx conf file to work. I just get cloudflare errors on the main site, and on the testing guy.site-box.it it just says page is not available.
Any idea how to get the SSL subdomain to work?
First of all you need 2 certificates: for subdomain.site-box.it and for subdomain.sitebox.co. If you have wildcard certificate - good, can use one server block. If you have separate certificate - need to create one server for each subdomain (because certificate paths are different).
Also, you need openssl with SNI support (well, almost all modern version has) and check browser/os support. SNI - it's for https name-based hosting.
Also, better use return 301 instead of rewrite. return 301 https://$subdomain.sitebox.co much better.
And finally you server block not configured well. You forgot ssl keyword and certificate paths.
server {
listen 443 ssl;
ssl_certificate ... ;
ssl_certificate_key ... ;
}