I have a couple of VPS's running AlmaLinux 9.x with RPM NGINX as a reverse-proxy, that I use as my personal web proxies. I want to add OpenConnect (ocserv) as a backend service so that I can use these VPS's as personal VPN's or personal web proxies but I can't figure out the correct code to use in the NGINX config file.
The VPS's have one single public IP address. I want to use SNI to determine which backend gets the traffic. I want to use *acme.sh* with DNS challange to obtain LE certs.
Below is my current config file for the web proxies:
```
user nginx;
worker_processes auto;
error_log /var/log/nginx-error.log info;
pid /var/run/nginx.pid;
events {
accept_mutex on;
multi_accept on;
worker_connections 1024;
}
http {
keepalive_timeout 60;
access_log /var/log/nginx-access.log combined;
server {
listen 80;
listen [::]:80;
server_name www.example.com;
return 301 https://$http_host$request_uri;
}
server{
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com;
ssl_certificate /root/.acme.sh/www.example.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/www.example.com_ecc/www.example.com.key;
ssl_protocols TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
location /hGtmb {
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://localhost:14722;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
sub_filter $proxy_host $host;
sub_filter_once off;
#proxy_pass https://www.bing.com;
proxy_pass http://localhost:81;
#proxy_set_header Host $proxy_host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Port $server_port;
#proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
```
I have the Apache web server currently listening on localhost:81 for regular https traffic.
The *location /hGtmb* entry is for the Shadowsocks/v2ray proxy server. Everything works as it should but when I try to add ocserv to the mix, I kill everything. I'm not sure what I'm doing wrong or if RPM NGINX is capable of doing what I'm attempting to do.
I am basically trying to recreate what they've done with HAProxy:
h**ps://docs.openconnect-vpn.net/recipes/ocserv-multihost/
h**ps://www.linuxbabe.com/linux-server/ocserv-vpn-server-apache-nginx-haproxy
I've been working on this for about a month now. I just can't seem to find a working example/tutorial using NGINX. First I started with Nginx Proxy Manager but no one on the Github discussion board has responded to my request for advice.
So I guess I first should ask, can RPM NGINX do what I want? If so, can someone point me to a tutorial, a working config or tweak my current config by adding code that should get me going in the right direction?
Thanks in advance!