Hi there
Really interested in this topic as i have the same issue, but dont know how to fix it.
Here's my config, if you'd have the time to take a look at it.
I'm really interested to see if you have any ideas
I dont think I've left anything out - the devil is in the detail in NGINX.
Here goes:
I've now got a VM runing a working NGINX Reverse Proxy directing HTTP traffic to 5 different VMs, all running WordPress installs. 5 separate domains.
I'm running Ubuntu 22.04.3 LTS for my server and all my QEMU VMs. UFW firewall is allowing ports 80 and 443 on the NGINX Reverse Proxy VM and is inactive on all my working WordPress VMs.
Here's my NGINX config:
/etc/nginx/nginx.conf (unedited by me)
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
-------------------------------------------------
Here's /etc/nginx/proxy params (unedited by me)
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
--------------------------------------------------
Here's an example of a working .conf file that directs HTTP traffic to one of my WordPress VMs with example.site subbed in for the actual domain name. It lives in /etc/nginx/sites-enabled. I have 5 separate files in there. One each for the sites I'm running.
/etc/nginx/site-enabled/example-site.conf
server {
listen 80;
listen [::]:80;
server_name example.site www.example.site;
location / {
proxy_pass http://192.168.0.130:80;
include proxy_params;
}
}
----------------------------------------------------------
I've got Cerbot correctly installed and when I get a certificate for my site for SSL it also modifies the above .conf file as follows:
/etc/nginx/sites-enabled/example-site.conf (after Certbot has run)
server {
server_name example.site www.example.site;
location / {
proxy_pass http://192.168.0.130:80;
include proxy_params;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.site/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.site/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.site) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.site) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.site www.example.site;
return 404; # managed by Certbot
}
--------------------------------------------------------
After this change this is when my site can be accessed by HTTPS, but my content is broken, as previously described.
I know I'm reasonably close, but I dont know what edits i need to do and to which file to unbreak this Reverse Proxy with HTTPS.
IF you have anything to add I'll be very VERY grateful.
Thanks so much for reading, if you've got this far.
Cheers,
GMan the PC Man