ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Setting up Nginx on CentOS 7 as a reverse proxy

    Scheduled Pinned Locked Moved IT Discussion
    centos 7nginxreverse proxysetuphow to
    57 Posts 13 Posters 25.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @Dashrender
      last edited by JaredBusch

      @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:

      Considering the new found love of Fedora, should this be done on Fedora instead?

      Yeah, I need to make a new guide for Fedora.

      Process is basically the same. Substitute dnf in place of yum, generally.

      No need for the epel

      1 Reply Last reply Reply Quote 1
      • wirestyle22W
        wirestyle22
        last edited by wirestyle22

        If I have multiple web servers, how does nginx know which host is which when they are both using the same port? It it just the subdomain and internal IP (proxy_pass)?

        Example:

        server {
        	client_max_body_size 40M;
        	listen 443 ssl;
        	server_name nc.skynetli.com;	#change to your domain name
        	ssl          on;
        	ssl_certificate /etc/ssl/cacert1.pem;	#this needs to be the path to your certificate information
        	ssl_certificate_key /etc/ssl/privkey1.pem;	#this needs to be the path to your certificate information
        
        	location / {
        		proxy_set_header X-Real-IP $remote_addr;
        		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        		proxy_set_header Host $http_host;
        		proxy_set_header X-NginX-Proxy true;
        		proxy_pass https://192.168.1.205:443;	#change to your internal server IP
        		proxy_redirect off;
        	}
        }
        server {
        	client_max_body_size 40M;
        	listen 443;
        	server_name xo.skynetli.com;	#change to your domain name
        
        	location / {
        		proxy_set_header X-Real-IP $remote_addr;
        		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        		proxy_set_header Host $http_host;
        		proxy_set_header X-NginX-Proxy true;
        		proxy_pass http://192.168.1.206:443;	#change to your internal server IP
        		proxy_redirect off;
        	}
        }
        
        1 Reply Last reply Reply Quote 0
        • ObsolesceO
          Obsolesce
          last edited by

          You use multiple server config areas in your example code, and then server_name and proxy_pass for each site using different ports.

          wirestyle22W 1 Reply Last reply Reply Quote 0
          • wirestyle22W
            wirestyle22 @Obsolesce
            last edited by

            @tim_g So essentially what I did above, correct?

            1 Reply Last reply Reply Quote 0
            • ObsolesceO
              Obsolesce
              last edited by

              I'll find a good link to reference, I can't do this on my phone... gimme a few mins.

              wirestyle22W 1 Reply Last reply Reply Quote 0
              • wirestyle22W
                wirestyle22 @Obsolesce
                last edited by

                @tim_g Np. Thanks

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch
                  last edited by

                  I prefer to have each server block for each domain/subdomain in it's own config file.

                  0_1514323567627_24a83769-9483-4b32-af2c-3a190ad8f60d-image.png

                  DashrenderD 1 Reply Last reply Reply Quote 3
                  • DashrenderD
                    Dashrender @JaredBusch
                    last edited by

                    @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                    I prefer to have each server block for each domain/subdomain in it's own config file.

                    0_1514323567627_24a83769-9483-4b32-af2c-3a190ad8f60d-image.png

                    wow, you are hosting a lot there.

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch
                      last edited by

                      [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf 
                      server {
                          client_max_body_size 40M;
                          listen 443 ssl;
                          server_name www.daerma.com daerma.com;
                          ssl          on;
                          ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem;
                          ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem;
                          ssl_stapling on;
                          ssl_stapling_verify on;
                          ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
                          ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
                          ssl_prefer_server_ciphers on;
                          ssl_session_cache shared:SSL:10m;
                          ssl_dhparam /etc/ssl/certs/dhparam.pem;
                          add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
                      
                          location / {
                              proxy_set_header X-Real-IP $remote_addr;
                              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                              proxy_set_header Host $http_host;
                              proxy_set_header X-NginX-Proxy true;
                              proxy_pass https://10.254.0.101:443;
                              proxy_redirect off;
                          }
                      }
                      
                      server {
                          client_max_body_size 40M;
                          listen 80;
                          server_name www.daerma.com daerma.com;
                          rewrite        ^ https://daerma.com$request_uri? permanent;
                      }
                      
                      1 Reply Last reply Reply Quote 1
                      • ObsolesceO
                        Obsolesce
                        last edited by

                        Like this, this is a good example of what I meant...

                        https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites

                        1 Reply Last reply Reply Quote 1
                        • JaredBuschJ
                          JaredBusch
                          last edited by

                          [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf 
                          server {
                              client_max_body_size 40M;
                              listen 443 ssl;
                              server_name unms.bundystl.com;
                              ssl          on;
                              ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem;
                              ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem;
                              ssl_stapling on;
                              ssl_stapling_verify on;
                              ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
                              ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
                              ssl_prefer_server_ciphers on;
                              ssl_session_cache shared:SSL:10m;
                              ssl_dhparam /etc/ssl/certs/dhparam.pem;
                              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
                          
                              location / {
                                  proxy_set_header X-Real-IP $remote_addr;
                                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                  proxy_set_header X-Forwarded-Proto $scheme;
                                  proxy_set_header Host $http_host;
                                  proxy_set_header X-NginX-Proxy true;
                                  proxy_pass https://10.254.0.39:443;
                                  proxy_redirect off;
                          
                                  # Socket.IO Support
                                  proxy_http_version 1.1;
                                  proxy_set_header Upgrade $http_upgrade;
                                  proxy_set_header Connection "upgrade";
                          
                              }
                          }
                          server {
                              client_max_body_size 40M;
                              listen 80;
                              server_name unms.bundystl.com;
                              rewrite        ^ https://$server_name$request_uri? permanent;
                          }
                          
                          wirestyle22W 1 Reply Last reply Reply Quote 1
                          • wirestyle22W
                            wirestyle22 @JaredBusch
                            last edited by

                            @jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.

                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @wirestyle22
                              last edited by

                              @wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

                              @jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.

                              That is my preference, yes.

                              1 Reply Last reply Reply Quote 1
                              • JaredBuschJ
                                JaredBusch @Dashrender
                                last edited by

                                @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                I prefer to have each server block for each domain/subdomain in it's own config file.

                                0_1514323567627_24a83769-9483-4b32-af2c-3a190ad8f60d-image.png

                                wow, you are hosting a lot there.

                                Not really. Just everything is broken out.

                                1 Reply Last reply Reply Quote 1
                                • wirestyle22W
                                  wirestyle22
                                  last edited by wirestyle22

                                  So I ran into this
                                  0_1514509710111_1.PNG

                                  but the nginx documentation here points to this: https://nginx.org/en/docs/http/server_names.html
                                  0_1514509728545_2.PNG

                                  Is there an error here I'm not seeing? I mean, there must be. Each time I make a change I systemctl reload nginx

                                  1 Reply Last reply Reply Quote 0
                                  • wirestyle22W
                                    wirestyle22
                                    last edited by

                                    This post is deleted!
                                    1 Reply Last reply Reply Quote 0
                                    • wirestyle22W
                                      wirestyle22
                                      last edited by

                                      This post is deleted!
                                      1 Reply Last reply Reply Quote 0
                                      • wirestyle22W
                                        wirestyle22
                                        last edited by

                                        Actually I think I figured it out. made a mistake with the .conf files

                                        zachary715Z 1 Reply Last reply Reply Quote 0
                                        • zachary715Z
                                          zachary715 @wirestyle22
                                          last edited by

                                          @wirestyle22 Share your resolution if you will. I was trying to install nginx on a server with wiki.js the other day and was running into the same error.

                                          wirestyle22W 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch
                                            last edited by JaredBusch

                                            I never run certbot with one of the specific switches like --nginx or --apache. Ever.

                                            Fuck letting some 3rd party script edit my configuration files.

                                            I run in standalone mode and edit the conf files myself.

                                            I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

                                            black3dynamiteB DashrenderD wirestyle22W 3 Replies Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post