Welcome! Log In Create A New Profile

Advanced

Problem on Running SSL and Non-SSL Protocols over the Same Port

Posted by esingress 
Problem on Running SSL and Non-SSL Protocols over the Same Port
October 21, 2021 05:28AM
Hi All,

Follow this guide,
https://www.nginx.com/blog/running-non-ssl-protocols-over-ssl-port-nginx-1-15-2/

here is my setting

Internet
Router (192.168.0.1)
Nginx (192.168.0.2)
Nextcloud Server (192.168.0.3)
SFTP Server (192.168.0.4)
Since I don't want open 443 port to public, I set up a port forward in router. Router (port: 12345) -> Nginx (port: 443)

nginx.conf

---------------
worker_processes 1;

events {
worker_connections 1024;
}

stream {
upstream ssh {
server 192.168.0.4:22;
}

upstream web {
server 192.168.0.2:443;
}

map $ssl_preread_protocol $upstream {
default ssh;
"TLSv1.2" web;
}

# SSH and SSL on the same port
server {
listen 443;
proxy_pass $upstream;
ssl_preread on;
}
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

# Redirect all HTTP traffic to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;

return 301 https://$host$request_uri;
}


server {
listen 443 ssl http2;

server_name 'nextcloud.test.com';
access_log /var/log/nginx/cloud.access.log;
error_log /var/log/nginx/cloud.error.log;

include snippets/nextcloud.test.com.cert.conf;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name:12345;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;

location / {
include snippets/proxy-params.conf;
proxy_pass http://192.168.0.3;
}

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}

location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

client_max_body_size 1999M;

}

}
---------------
if I set "listen 443" under stream, it cannot connect the SFTP, other web is ok.

if I set other listen port in stream, for example "listen 12345" and set a port forward in router. Router (port: 12345) -> Nginx (port: 12345)

All become OK.

Any idea?

Thanks!



Edited 1 time(s). Last edit at 10/21/2021 05:29AM by esingress.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 73
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready