Welcome! Log In Create A New Profile

Advanced

Set up Nginx revese proxy

Posted by pardub 
Set up Nginx revese proxy
February 02, 2020 02:02PM
I have some troubles to configure Nginx as a reverse proxy in order to have my vm's with private ip addresses being reachable from the internet.

I drew a diagram with my current configuration in the attached file.

My dedicated server runs on Proxmox hypervisor and has only 1 public ip address. A bridge has been installed on the hypervisor to get the vm’s access to the internet through their local ip address.

I made some research and found this is possible with a Nginx reverse proxy to reach the vm's with a private ip address (who are running websites) from internet but I have some troubles to set it up properly.

My config /etc/network/interfaces on the hypervisor

#################################################################################
root@ns568745:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback


# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address 40.53.XX.XX/24
gateway 40.53.XX.254
bridge_ports eno1
bridge_stp off
bridge_fd 0





auto vmbr1
iface vmbr1 inet static
address 192.168.4.254/24
broadcast 192.168.4.255
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.4.254/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.4.254/24' -o vmbr0 -j MASQUERADE


post-up iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 80 -j DNAT --to 192.168.4.2:80
post-down iptables -t nat -D PREROUTING -i vmbr1 -p tcp --dport 80 -j DNAT --to 192.168.4.2:80
post-up iptables -t nat -A PREROUTING -i vmbr1 -p tcp --dport 443 -j DNAT --to 192.168.4.2:443
post-down iptables -t nat -D PREROUTING -i vmbr1 -p tcp --dport 443 -j DNAT --to 192.168.4.2:443

#################################################################################

Vm1 has the ip address 192.168.4.4 and run a website (with Apache ) that has the domain name "london.austria.com"

Vm2 has the ip address 192.168.4.5 and run a website (with Apache ) that has the domain name "manchester.austria.com"

I purchased a domain name ,let’s call it, “austria.com”.

In my registrar, I set up the A records for 2 subdomains :

london.austria.com with an A record pointing to 40.53.XX.XX

manchester.austria.com with an A record pointing to 40.53.XX.XX

VM1 config: 192.168.4.4 with subdomain "london.austria.com" running wwebiste with Apache.The firewall is disabled

VM2 config: 192.168.4.5 with subdomain "manchester.austria.com" running wwebiste with Apache.The firewall is disabled

Nginx has been installed in a LXC ubuntu container with the following steps:

systemctl start nginx

systemctl enable nginx

unlink /etc/nginx/sites-enabled/default

cd /etc/nginx/sites-available

#################################################################################

vim reverse-proxy.conf

server {
listen 80;
listen [::]:80;

access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;

location / {
proxy_pass http://192.168.4.4:80;
}
}
#################################################################################

ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

Tests I performed:

Inside the vm1:

I have access to the website by entering the ip address 192.168.4.4

I don't have access to the website by entering the domain name "london.austia.com" in a browser.

From home:

I can't access to the websites in the vm's.

I didn't even go further to test the vm2.
Attachments:
open | download - network architecture.PNG (15.3 KB)
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 83
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready