Setting up Nginx on CentOS 7 as a reverse proxy
- 
 Now for a site on a non standard back end port that is still coming in on port 80 like my nodeBB example above, it is very similar. #save as file: /etc/nginx/conf.d/forum.domain.conf server { client_max_body_size 40M; listen 80; server_name forum.domain.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.0.0.3:4567; proxy_redirect off; } }Now restart nginx 
 systemctl reload nginx
- 
 The non standard port redirect also works with SSL. Again you need your proper certificate information in here. This example is used for my helpdesk. #save as file: /etc/nginx/conf.d/helpdesk.domain.conf server { client_max_body_size 40M; listen 443 ssl; server_name helpdesk.domain.com; ssl on; ssl_certificate /etc/ssl/cacert.pem; ssl_certificate_key /etc/ssl/privkey.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.0.0.4:8090; proxy_redirect off; } }Now restart nginx 
 systemctl reload nginx
- 
 @JaredBusch Thanks, with your tutorial it's very easy to set up. 
- 
 This post is deleted!
- 
 @anonymous said: So I have ScreenConnect setup using the reverse proxy, but the clients can't connect the to relay port. How do I fix this? What ports are you using? What is the proxy config? 
- 
 This post is deleted!
- 
 @anonymous said: I think I will have to port forward the relay port to the ScreenConnect server? From the reading I have done, yes. That connection is not SSL, but pre encrypted by ScreenConnect itself. 
- 
 This post is deleted!
- 
 Considering the new found love of Fedora, should this be done on Fedora instead? 
- 
 @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy: Considering the new found love of Fedora, should this be done on Fedora instead? Yeah, I need to make a new guide for Fedora. Process is basically the same. Substitute dnfin place ofyum, generally.No need for the epel
- 
 If I have multiple web servers, how does nginx know which host is which when they are both using the same port? It it just the subdomain and internal IP ( proxy_pass)?Example: server { client_max_body_size 40M; listen 443 ssl; server_name nc.skynetli.com; #change to your domain name ssl on; ssl_certificate /etc/ssl/cacert1.pem; #this needs to be the path to your certificate information ssl_certificate_key /etc/ssl/privkey1.pem; #this needs to be the path to your certificate information location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://192.168.1.205:443; #change to your internal server IP proxy_redirect off; } } server { client_max_body_size 40M; listen 443; server_name xo.skynetli.com; #change to your domain name location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://192.168.1.206:443; #change to your internal server IP proxy_redirect off; } }
- 
 You use multiple server config areas in your example code, and then server_name and proxy_pass for each site using different ports. 
- 
 @tim_g So essentially what I did above, correct? 
- 
 I'll find a good link to reference, I can't do this on my phone... gimme a few mins. 
- 
 @tim_g Np. Thanks 
- 
 I prefer to have each server block for each domain/subdomain in it's own config file.  
- 
 @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy: I prefer to have each server block for each domain/subdomain in it's own config file.  wow, you are hosting a lot there. 
- 
 [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name www.daerma.com daerma.com; ssl on; ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.101:443; proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name www.daerma.com daerma.com; rewrite ^ https://daerma.com$request_uri? permanent; }
- 
 Like this, this is a good example of what I meant... https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites 
- 
 [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name unms.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.39:443; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name unms.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }




