Welcome! Log In Create A New Profile

Advanced

Reverse-proxy, mix layer 4 & layer 7, use SNI

Posted by jeffshead 
Reverse-proxy, mix layer 4 & layer 7, use SNI
December 29, 2024 10:53AM
I have a couple of VPS's running AlmaLinux 9.x with RPM NGINX as a reverse-proxy, that I use as my personal web proxies. I want to add OpenConnect (ocserv) as a backend service so that I can use these VPS's as personal VPN's or personal web proxies but I can't figure out the correct code to use in the NGINX config file.

The VPS's have one single public IP address. I want to use SNI to determine which backend gets the traffic. I want to use *acme.sh* with DNS challange to obtain LE certs.

Below is my current config file for the web proxies:

```
user nginx;
worker_processes auto;
error_log /var/log/nginx-error.log info;
pid /var/run/nginx.pid;

events {
accept_mutex on;
multi_accept on;
worker_connections 1024;
}

http {
keepalive_timeout 60;
access_log /var/log/nginx-access.log combined;

server {
listen 80;
listen [::]:80;
server_name www.example.com;
return 301 https://$http_host$request_uri;
}

server{
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com;
ssl_certificate /root/.acme.sh/www.example.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/www.example.com_ecc/www.example.com.key;
ssl_protocols TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";

location /hGtmb {
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://localhost:14722;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location / {
sub_filter $proxy_host $host;
sub_filter_once off;
#proxy_pass https://www.bing.com;
proxy_pass http://localhost:81;
#proxy_set_header Host $proxy_host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Port $server_port;
#proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
```
I have the Apache web server currently listening on localhost:81 for regular https traffic.

The *location /hGtmb* entry is for the Shadowsocks/v2ray proxy server. Everything works as it should but when I try to add ocserv to the mix, I kill everything. I'm not sure what I'm doing wrong or if RPM NGINX is capable of doing what I'm attempting to do.

I am basically trying to recreate what they've done with HAProxy:

h**ps://docs.openconnect-vpn.net/recipes/ocserv-multihost/
h**ps://www.linuxbabe.com/linux-server/ocserv-vpn-server-apache-nginx-haproxy

I've been working on this for about a month now. I just can't seem to find a working example/tutorial using NGINX. First I started with Nginx Proxy Manager but no one on the Github discussion board has responded to my request for advice.

So I guess I first should ask, can RPM NGINX do what I want? If so, can someone point me to a tutorial, a working config or tweak my current config by adding code that should get me going in the right direction?

Thanks in advance!
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 123
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready