reverse proxy with ssl redirecting to wrong server
Posted by utnuc
|
reverse proxy with ssl redirecting to wrong server August 24, 2016 10:39AM |
Registered: 7 years ago Posts: 2 |
Here's my problem. I have 3 physical servers behind the same IP address, using a reverse nginx proxy (running on a fast pfsense box) to direct the http/https traffic (2 of the servers host > 1 site). I have set up all my encryption keys on nginx, with simple unencrypted traffic on the LAN. All incoming port 80 traffic has been redirected with a NAT rule to port 9999, while all incoming port 443 traffic has been redirected to port 444. All of my sites work well, including both http and https connections... except site3. My DNS has been set to redirect all 'site3.com' traffic to 'www.site3.com', and to redirect all http to https bound for site3. The proxy is supposed to redirect to 10.0.0.98:80, but it keeps redirecting to 10.0.0.99:80. Even typing in https://www.site3.com redirects me on http://site4.com. There are no .htaccess rules on site3, which is the only site on 10.0.0.98. SSL has been disabled on 10.0.0.98, as it has on all my upstream servers. Here is my config file:
pid /var/nginx/nginx.pid;
events {
worker_connections 4096; ## Default: 1024
}
http {
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_lowat 12000;
keepalive_timeout 75 20;
# lingering_time 30;
# lingering_timeout 10;
# reset_timedout_connection on;
# START SSL TEST SERVER
server {
listen 444;
server_name www.site1.com;
ssl on;
ssl_certificate /etc/nginx/ssl/site1.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site1.com/nophrase.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://10.0.0.100:80;
}
}
server {
listen 444;
server_name www.site2.com;
ssl on;
ssl_certificate /etc/nginx/ssl/site2.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site2.com/nophrase.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
client_max_body_size 100M;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
location ^~ /testssl/ {
#rewrite ^ https://www.site2.com$request_uri? permanent;
}
}
server {
listen 444;
server_name www.site3.com;
ssl on;
ssl_certificate /etc/nginx/ssl/site3.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site3.com/nophrase.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
client_max_body_size 100M;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.98:80;
}
}
## START ALL 10.0.0.99 VMs ##
server {
listen 9999;
server_name www.site2.com;
client_max_body_size 100M;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name site4.com;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name blog.site4.com;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
## START ALL 10.0.0.100 VMs ##
server {
listen 9999;
server_name www.site5.com;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.100:80;
}
}
server {
listen 9999;
server_name www.site6.com;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.100:80;
}
}
}
pid /var/nginx/nginx.pid;
events {
worker_connections 4096; ## Default: 1024
}
http {
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_lowat 12000;
keepalive_timeout 75 20;
# lingering_time 30;
# lingering_timeout 10;
# reset_timedout_connection on;
# START SSL TEST SERVER
server {
listen 444;
server_name www.site1.com;
ssl on;
ssl_certificate /etc/nginx/ssl/site1.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site1.com/nophrase.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://10.0.0.100:80;
}
}
server {
listen 444;
server_name www.site2.com;
ssl on;
ssl_certificate /etc/nginx/ssl/site2.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site2.com/nophrase.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
client_max_body_size 100M;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
location ^~ /testssl/ {
#rewrite ^ https://www.site2.com$request_uri? permanent;
}
}
server {
listen 444;
server_name www.site3.com;
ssl on;
ssl_certificate /etc/nginx/ssl/site3.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site3.com/nophrase.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
client_max_body_size 100M;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.98:80;
}
}
## START ALL 10.0.0.99 VMs ##
server {
listen 9999;
server_name www.site2.com;
client_max_body_size 100M;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name site4.com;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name blog.site4.com;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
## START ALL 10.0.0.100 VMs ##
server {
listen 9999;
server_name www.site5.com;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.100:80;
}
}
server {
listen 9999;
server_name www.site6.com;
client_body_temp_path /var/nginx/client_body_temp;
fastcgi_temp_path /var/nginx/fastcgi_temp;
scgi_temp_path /var/nginx/scgi_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.100:80;
}
}
}
|
Re: reverse proxy with ssl redirecting to wrong server August 24, 2016 02:29PM |
Registered: 7 years ago Posts: 2 |
Here's a simplified config file:
server {
listen 9999;
listen 444 ssl;
server_name www.site3.com;
ssl_certificate /etc/nginx/ssl/site3.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site3.com/nophrase.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.98:80;
}
}
server {
listen 9999;
server_name www.site2.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name site4.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name blog.site4.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 444 ssl;
listen 9999;
server_name www.ultrasoundoftheweek.com;
ssl_certificate /etc/nginx/ssl/ultrasoundoftheweek.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/ultrasoundoftheweek.com/nophrase.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
listen 444 ssl;
server_name www.site3.com;
ssl_certificate /etc/nginx/ssl/site3.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site3.com/nophrase.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.98:80;
}
}
server {
listen 9999;
server_name www.site2.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name site4.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name blog.site4.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 444 ssl;
listen 9999;
server_name www.ultrasoundoftheweek.com;
ssl_certificate /etc/nginx/ssl/ultrasoundoftheweek.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/ultrasoundoftheweek.com/nophrase.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
|
Re: reverse proxy with ssl redirecting to wrong server August 24, 2016 05:57PM |
Admin Registered: 11 years ago Posts: 1,297 |
>> Even typing in https://www.site3.com redirects me on http://site4.com
The application running at http://site4.com might be rewriting this because it is configured to do so, you may need to tell this backend about its new proxy frontend.
---
nginx for Windows http://nginx-win.ecsds.eu/
The application running at http://site4.com might be rewriting this because it is configured to do so, you may need to tell this backend about its new proxy frontend.
---
nginx for Windows http://nginx-win.ecsds.eu/
Sorry, only registered users may post in this forum.
Online Users
Guests:
300
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|