Setting up Nginx on CentOS 7 as a reverse proxy
- 
 @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy: Considering the new found love of Fedora, should this be done on Fedora instead? Yeah, I need to make a new guide for Fedora. Process is basically the same. Substitute dnfin place ofyum, generally.No need for the epel
- 
 If I have multiple web servers, how does nginx know which host is which when they are both using the same port? It it just the subdomain and internal IP ( proxy_pass)?Example: server { client_max_body_size 40M; listen 443 ssl; server_name nc.skynetli.com; #change to your domain name ssl on; ssl_certificate /etc/ssl/cacert1.pem; #this needs to be the path to your certificate information ssl_certificate_key /etc/ssl/privkey1.pem; #this needs to be the path to your certificate information location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://192.168.1.205:443; #change to your internal server IP proxy_redirect off; } } server { client_max_body_size 40M; listen 443; server_name xo.skynetli.com; #change to your domain name location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://192.168.1.206:443; #change to your internal server IP proxy_redirect off; } }
- 
 You use multiple server config areas in your example code, and then server_name and proxy_pass for each site using different ports. 
- 
 @tim_g So essentially what I did above, correct? 
- 
 I'll find a good link to reference, I can't do this on my phone... gimme a few mins. 
- 
 @tim_g Np. Thanks 
- 
 I prefer to have each server block for each domain/subdomain in it's own config file.  
- 
 @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy: I prefer to have each server block for each domain/subdomain in it's own config file.  wow, you are hosting a lot there. 
- 
 [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name www.daerma.com daerma.com; ssl on; ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.101:443; proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name www.daerma.com daerma.com; rewrite ^ https://daerma.com$request_uri? permanent; }
- 
 Like this, this is a good example of what I meant... https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites 
- 
 [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name unms.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.39:443; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name unms.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
- 
 @jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through. 
- 
 @wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy: @jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through. That is my preference, yes. 
- 
 @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy: @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy: I prefer to have each server block for each domain/subdomain in it's own config file.  wow, you are hosting a lot there. Not really. Just everything is broken out. 
- 
 So I ran into this 
  but the nginx documentation here points to this: https://nginx.org/en/docs/http/server_names.html 
  Is there an error here I'm not seeing? I mean, there must be. Each time I make a change I systemctl reload nginx
- 
 This post is deleted!
- 
 This post is deleted!
- 
 Actually I think I figured it out. made a mistake with the .conf files 
- 
 @wirestyle22 Share your resolution if you will. I was trying to install nginx on a server with wiki.js the other day and was running into the same error. 
- 
 I never run certbotwith one of the specific switches like--nginxor--apache. Ever.Fuck letting some 3rd party script edit my configuration files. I run in standalone mode and edit the conf files myself. I also include multiple SAN on my certs, so the same SSL file is in multiple conf files. 





