Welcome! Log In Create A New Profile

Advanced

nginx as reverse proxy to several backends

Previous Message Next Message
Forum List Message List New Topic Print View
Filip Francis
February 22, 2017 12:32AM
Hi all,


I am trying to set-up a reverse proxy with nginx so that based on the
server_name it goes to the correct backend.

I have been looking in to examples but no luck to get it actually working.

So this is want I want to do

when user type xxxx.yyy.be as normal http it redirects to https and then
forwards it to the backend nummer 1

but when user type zzzz.yyy.be also as normal http it redrects it to
https and forwards it to the correct backend (so here it would be
backend nummer 2)

so in sites-enabled i put several files that is being loaded but
nothing is working

so i would like to see an example that works as i can not found a
complete example to work with.

So please advice.


So here is my nginx.conf file

user www;
worker_processes auto;
pid /var/run/nginx.pid;

events {
worker_connections 768;
multi_accept on;
}

http {

##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
more_set_headers "Server: Your_New_Server_Name";
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /opt/local/etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##
#ssl on;
ssl_protocols TLSv1.2;
ssl_ciphers
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128;
ssl_prefer_server_ciphers on;
ssl_certificate /opt/local/etc/nginx/certs/fullchain.pem;
ssl_certificate_key /opt/local/etc/nginx/certs/key.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
## Enable HSTS
add_header Strict-Transport-Security max-age=63072000;

# Do not allow this site to be displayed in iframes
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN" always;
# Do not permit Content-Type sniffing.
add_header X-Content-Type-Options nosniff;
##
# Logging Settings
##
rewrite_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

#gzip_vary on;
#gzip_proxied any;
#gzip_comp_level 6;
#gzip_buffers 16 8k;
#gzip_http_version 1.1;
#gzip_types text/plain text/css application/json
application/javascript text/xml application/xml application/xml+rss
text/javascript;

##
# Virtual Host Configs
##

include /opt/local/etc/nginx/sites-enabled/*;
}

and then in sites-enabled there are following files:

owncloud and mattermost

here is the content:

owncloud:

upstream owncloud {
server 192.168.1.51:80;
}




server {
listen 80;
server_name xxxx.yyy.be;
return 301 https://$server_name$request_uri;
#rewrite ^/.*$ https://$host$request_uri? permanent;
more_set_headers "Server: None of Your Business";
server_tokens off;
}
server {
listen 443 ssl http2;
server_name xxxx.yyy.be;
more_set_headers "Server: None of Your Business";
server_tokens off;

location / {
client_max_body_size 0;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache owncloud_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://192.168.1.51;
}
# Lets Encrypt Override
location '/.well-known/acme-challenge' {
root /var/www/proxy;
auth_basic off;
}

}

and mattermost:

server {
listen 80;
server_name zzzz.yyy.be;

location / {
return 301 https://$server_name$request_uri;

}
}
server {
listen 443;
server_name zzzz.yyy.be;

location / {
client_max_body_size 0;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://192.168.1.95:8065;
}

}


This is working (more or less) but if i start moving the ssl bit into
the owncloud or mattermost its simply is not working any more

getting each time that i type http://zzzz.yyy.be i get 400 bad request
The plain HTTP request was sent to HTTPS port



Thanks

Filip Francis


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

nginx as reverse proxy to several backends

Filip Francis February 22, 2017 12:32AM

Re: nginx as reverse proxy to several backends

Francis Daly February 22, 2017 03:50PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 299
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready