ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Setting up Nginx on CentOS 7 as a reverse proxy

    Scheduled Pinned Locked Moved IT Discussion
    centos 7nginxreverse proxysetuphow to
    57 Posts 13 Posters 24.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by JaredBusch

      The non standard port redirect also works with SSL. Again you need your proper certificate information in here. This example is used for my helpdesk.

      #save as file: /etc/nginx/conf.d/helpdesk.domain.conf
      server {
      	client_max_body_size 40M;
      	listen 443 ssl;
      	server_name helpdesk.domain.com;
      	ssl          on;
      	ssl_certificate /etc/ssl/cacert.pem;
      	ssl_certificate_key /etc/ssl/privkey.pem;
      
      	location / {
      		proxy_set_header X-Real-IP $remote_addr;
      		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      		proxy_set_header Host $http_host;
      		proxy_set_header X-NginX-Proxy true;
      		proxy_pass https://10.0.0.4:8090;
      		proxy_redirect off;
      	}
      }
      

      Now restart nginx
      systemctl reload nginx

      iroalI 1 Reply Last reply Reply Quote 0
      • iroalI
        iroal @JaredBusch
        last edited by

        @JaredBusch Thanks, with your tutorial it's very easy to set up.

        1 Reply Last reply Reply Quote 0
        • A
          Alex Sage
          last edited by Alex Sage

          This post is deleted!
          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @Alex Sage
            last edited by

            @anonymous said:

            So I have ScreenConnect setup using the reverse proxy, but the clients can't connect the to relay port. How do I fix this?

            What ports are you using? What is the proxy config?

            Z 1 Reply Last reply Reply Quote 0
            • A
              Alex Sage
              last edited by

              This post is deleted!
              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @Alex Sage
                last edited by

                @anonymous said:

                I think I will have to port forward the relay port to the ScreenConnect server?

                From the reading I have done, yes. That connection is not SSL, but pre encrypted by ScreenConnect itself.

                1 Reply Last reply Reply Quote 0
                • A
                  Alex Sage
                  last edited by

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender
                    last edited by

                    Considering the new found love of Fedora, should this be done on Fedora instead?

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @Dashrender
                      last edited by JaredBusch

                      @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:

                      Considering the new found love of Fedora, should this be done on Fedora instead?

                      Yeah, I need to make a new guide for Fedora.

                      Process is basically the same. Substitute dnf in place of yum, generally.

                      No need for the epel

                      1 Reply Last reply Reply Quote 1
                      • wirestyle22W
                        wirestyle22
                        last edited by wirestyle22

                        If I have multiple web servers, how does nginx know which host is which when they are both using the same port? It it just the subdomain and internal IP (proxy_pass)?

                        Example:

                        server {
                        	client_max_body_size 40M;
                        	listen 443 ssl;
                        	server_name nc.skynetli.com;	#change to your domain name
                        	ssl          on;
                        	ssl_certificate /etc/ssl/cacert1.pem;	#this needs to be the path to your certificate information
                        	ssl_certificate_key /etc/ssl/privkey1.pem;	#this needs to be the path to your certificate information
                        
                        	location / {
                        		proxy_set_header X-Real-IP $remote_addr;
                        		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        		proxy_set_header Host $http_host;
                        		proxy_set_header X-NginX-Proxy true;
                        		proxy_pass https://192.168.1.205:443;	#change to your internal server IP
                        		proxy_redirect off;
                        	}
                        }
                        server {
                        	client_max_body_size 40M;
                        	listen 443;
                        	server_name xo.skynetli.com;	#change to your domain name
                        
                        	location / {
                        		proxy_set_header X-Real-IP $remote_addr;
                        		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        		proxy_set_header Host $http_host;
                        		proxy_set_header X-NginX-Proxy true;
                        		proxy_pass http://192.168.1.206:443;	#change to your internal server IP
                        		proxy_redirect off;
                        	}
                        }
                        
                        1 Reply Last reply Reply Quote 0
                        • ObsolesceO
                          Obsolesce
                          last edited by

                          You use multiple server config areas in your example code, and then server_name and proxy_pass for each site using different ports.

                          wirestyle22W 1 Reply Last reply Reply Quote 0
                          • wirestyle22W
                            wirestyle22 @Obsolesce
                            last edited by

                            @tim_g So essentially what I did above, correct?

                            1 Reply Last reply Reply Quote 0
                            • ObsolesceO
                              Obsolesce
                              last edited by

                              I'll find a good link to reference, I can't do this on my phone... gimme a few mins.

                              wirestyle22W 1 Reply Last reply Reply Quote 0
                              • wirestyle22W
                                wirestyle22 @Obsolesce
                                last edited by

                                @tim_g Np. Thanks

                                1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch
                                  last edited by

                                  I prefer to have each server block for each domain/subdomain in it's own config file.

                                  0_1514323567627_24a83769-9483-4b32-af2c-3a190ad8f60d-image.png

                                  DashrenderD 1 Reply Last reply Reply Quote 3
                                  • DashrenderD
                                    Dashrender @JaredBusch
                                    last edited by

                                    @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                    I prefer to have each server block for each domain/subdomain in it's own config file.

                                    0_1514323567627_24a83769-9483-4b32-af2c-3a190ad8f60d-image.png

                                    wow, you are hosting a lot there.

                                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch
                                      last edited by

                                      [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf 
                                      server {
                                          client_max_body_size 40M;
                                          listen 443 ssl;
                                          server_name www.daerma.com daerma.com;
                                          ssl          on;
                                          ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem;
                                          ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem;
                                          ssl_stapling on;
                                          ssl_stapling_verify on;
                                          ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
                                          ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
                                          ssl_prefer_server_ciphers on;
                                          ssl_session_cache shared:SSL:10m;
                                          ssl_dhparam /etc/ssl/certs/dhparam.pem;
                                          add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
                                      
                                          location / {
                                              proxy_set_header X-Real-IP $remote_addr;
                                              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                              proxy_set_header Host $http_host;
                                              proxy_set_header X-NginX-Proxy true;
                                              proxy_pass https://10.254.0.101:443;
                                              proxy_redirect off;
                                          }
                                      }
                                      
                                      server {
                                          client_max_body_size 40M;
                                          listen 80;
                                          server_name www.daerma.com daerma.com;
                                          rewrite        ^ https://daerma.com$request_uri? permanent;
                                      }
                                      
                                      1 Reply Last reply Reply Quote 1
                                      • ObsolesceO
                                        Obsolesce
                                        last edited by

                                        Like this, this is a good example of what I meant...

                                        https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites

                                        1 Reply Last reply Reply Quote 1
                                        • JaredBuschJ
                                          JaredBusch
                                          last edited by

                                          [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf 
                                          server {
                                              client_max_body_size 40M;
                                              listen 443 ssl;
                                              server_name unms.bundystl.com;
                                              ssl          on;
                                              ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem;
                                              ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem;
                                              ssl_stapling on;
                                              ssl_stapling_verify on;
                                              ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
                                              ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
                                              ssl_prefer_server_ciphers on;
                                              ssl_session_cache shared:SSL:10m;
                                              ssl_dhparam /etc/ssl/certs/dhparam.pem;
                                              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
                                          
                                              location / {
                                                  proxy_set_header X-Real-IP $remote_addr;
                                                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                                  proxy_set_header X-Forwarded-Proto $scheme;
                                                  proxy_set_header Host $http_host;
                                                  proxy_set_header X-NginX-Proxy true;
                                                  proxy_pass https://10.254.0.39:443;
                                                  proxy_redirect off;
                                          
                                                  # Socket.IO Support
                                                  proxy_http_version 1.1;
                                                  proxy_set_header Upgrade $http_upgrade;
                                                  proxy_set_header Connection "upgrade";
                                          
                                              }
                                          }
                                          server {
                                              client_max_body_size 40M;
                                              listen 80;
                                              server_name unms.bundystl.com;
                                              rewrite        ^ https://$server_name$request_uri? permanent;
                                          }
                                          
                                          wirestyle22W 1 Reply Last reply Reply Quote 1
                                          • wirestyle22W
                                            wirestyle22 @JaredBusch
                                            last edited by

                                            @jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.

                                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post