Hi All,
Follow this guide,
https://www.nginx.com/blog/running-non-ssl-protocols-over-ssl-port-nginx-1-15-2/
here is my setting
Internet
Router (192.168.0.1)
Nginx (192.168.0.2)
Nextcloud Server (192.168.0.3)
SFTP Server (192.168.0.4)
Since I don't want open 443 port to public, I set up a port forward in router. Router (port: 12345) -> Nginx (port: 443)
nginx.conf
---------------
worker_processes 1;
events {
worker_connections 1024;
}
stream {
upstream ssh {
server 192.168.0.4:22;
}
upstream web {
server 192.168.0.2:443;
}
map $ssl_preread_protocol $upstream {
default ssh;
"TLSv1.2" web;
}
# SSH and SSL on the same port
server {
listen 443;
proxy_pass $upstream;
ssl_preread on;
}
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# Redirect all HTTP traffic to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name 'nextcloud.test.com';
access_log /var/log/nginx/cloud.access.log;
error_log /var/log/nginx/cloud.error.log;
include snippets/nextcloud.test.com.cert.conf;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name:12345;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
location / {
include snippets/proxy-params.conf;
proxy_pass http://192.168.0.3;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 1999M;
}
}
---------------
if I set "listen 443" under stream, it cannot connect the SFTP, other web is ok.
if I set other listen port in stream, for example "listen 12345" and set a port forward in router. Router (port: 12345) -> Nginx (port: 12345)
All become OK.
Any idea?
Thanks!
Edited 1 time(s). Last edit at 10/21/2021 05:29AM by esingress.