Welcome! Log In Create A New Profile

Re: reverse proxy breaks the backend site

Forum List Message List New Topic Print View

GMan the PC Man

January 19, 2024 06:08PM

Registered: 3 months ago
Posts: 2

Hi there

Really interested in this topic as i have the same issue, but dont know how to fix it.

Here's my config, if you'd have the time to take a look at it.
I'm really interested to see if you have any ideas

I dont think I've left anything out - the devil is in the detail in NGINX.

Here goes:

I've now got a VM runing a working NGINX Reverse Proxy directing HTTP traffic to 5 different VMs, all running WordPress installs. 5 separate domains.

I'm running Ubuntu 22.04.3 LTS for my server and all my QEMU VMs. UFW firewall is allowing ports 80 and 443 on the NGINX Reverse Proxy VM and is inactive on all my working WordPress VMs.

Here's my NGINX config:

/etc/nginx/nginx.conf (unedited by me)

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

-------------------------------------------------

Here's /etc/nginx/proxy params (unedited by me)

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

--------------------------------------------------

Here's an example of a working .conf file that directs HTTP traffic to one of my WordPress VMs with example.site subbed in for the actual domain name. It lives in /etc/nginx/sites-enabled. I have 5 separate files in there. One each for the sites I'm running.

/etc/nginx/site-enabled/example-site.conf

server {
listen 80;
listen [::]:80;

server_name example.site www.example.site;

location / {
proxy_pass http://192.168.0.130:80;
include proxy_params;
}
}

----------------------------------------------------------

I've got Cerbot correctly installed and when I get a certificate for my site for SSL it also modifies the above .conf file as follows:

/etc/nginx/sites-enabled/example-site.conf (after Certbot has run)

server {

server_name example.site www.example.site;

location / {
proxy_pass http://192.168.0.130:80;
include proxy_params;
}

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.site/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.site/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = www.example.site) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = example.site) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
listen [::]:80;

server_name example.site www.example.site;
return 404; # managed by Certbot

}

--------------------------------------------------------

After this change this is when my site can be accessed by HTTPS, but my content is broken, as previously described.

I know I'm reasonably close, but I dont know what edits i need to do and to which file to unbreak this Reverse Proxy with HTTPS.

IF you have anything to add I'll be very VERY grateful.

Thanks so much for reading, if you've got this far.

Cheers,

GMan the PC Man

Reply Quote

RSS

Subject	Author	Posted
reverse proxy breaks the backend site	Mr. Toad	November 20, 2023 01:53PM
Re: reverse proxy breaks the backend site	Mr. Toad	November 21, 2023 04:21AM
Re: reverse proxy breaks the backend site	Mr. Toad	November 21, 2023 09:10AM
Re: reverse proxy breaks the backend site	GMan the PC Man	January 19, 2024 06:08PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 168

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018