Install Nginx as a Reverse Proxy on Fedora 27

Obsolesce

@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

@tim_g Ctrl+X, Y to save a file. quicker than in vi/vim.
I can actually edit lines and insert text and cut and paste intuitively in nano, unlike vi which requires you to memorize the insert function to just add a simple word or two. Then you have to escape the insert function, then you have to remember what unnatural keyboard combo is to do something else.
CtrlW to find. Super simple, unlike vi/vim.

CtrlW to go into another menu and find what you want is weird. I'd rather just type /whatever and hit enter.

If you want to insert text from clipboard, you go to where you want to insert something, and (rather intuitively), hit the i button, because insert starts with "i", then paste it in like normal. In Fedora terminal windows anyways, it's ctrl+shift+v to paste. To exit insertion mode, it's the esc key... also rather intuitive, because escape.

Want to remove some lines? Just hit dd, and the line you're on goes away... hold it in to remove lots of lines. Or hit a number first then dd, and it removes that many lines (20dd removes the next 20 lines). It's all so simple, but I can see the complexity of it if you have no idea about it.

It's the whole oh I never used it before and don't know what to do because i don't have a GUI to show me.

Remove the GUI from Nano, and you're in the same boat... how the hell is Ctrl+W intuitive to "find" text? Less intuitive than to simply /TextToLookFor and hit enter.

Copy and paste is easy too... it uses y to copy (for "yank") and p for paste.
But you can do it by highlighting something (if in a gui terminal for example with your mouse) and ctrl+shift+c / v to copy and paste as well.

EddieJennings

So about that nginx reverse proxy...

:face_with_stuck-out_tongue:

JaredBusch

@tim_g STFU already. No one fucking cares.

Also get the fuck over yourself already.

scottalanmiller

@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

@tim_g Ctrl+X, Y to save a file. quicker than in vi/vim.

CtrlW to find. Super simple, unlike vi/vim.

ZZ, no more to save and exit in vi.
/ to find. Also super fast.

black3dynamite

No love for the awesome ed command? :grinning_face_with_smiling_eyes:
https://www.gnu.org/software/ed/manual/ed_manual.html

Seriously, what's up with the arguments about which editor is better?

Obsolesce

@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

@tim_g STFU already. No one fucking cares.

Also get the fuck over yourself already.

Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?

Here's a guide for you:

0_1524246626520_5e68a19a-f7d4-4d89-a211-fa9c4d9e225b-image.png

EddieJennings

I've found a far better thread for discussing the merits of text editors. Enjoy

JaredBusch

@tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:

@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

@tim_g STFU already. No one fucking cares.

Also get the fuck over yourself already.

Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?

Here's a guide for you:

No. I honestly don't' give a shit about the editors, that was the entire point of why the guide had the comment it had.
But if you want to be a supremacist bitch about your editor of choice, feel free, just take it out of this thread.

momurda

Jared where is your nginx.conf

Obsolesce

@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

@tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:

@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

@tim_g STFU already. No one fucking cares.

Also get the fuck over yourself already.

Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?

Here's a guide for you:

No. I honestly don't' give a shit about the editors, that was the entire point of why the guide had the comment it had.
But if you want to be a supremacist bitch about your editor of choice, feel free, just take it out of this thread.

Not supremacist, only correcting misconceptions that were mentioned... as you and Scott do all the time, in any thread they come up. If I do it, then I'm a "supremacist bitch"? Go piss up a rope and slip off.

JaredBusch

@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

Jared where is your nginx.conf

I do not normally modify the default conf file

EddieJennings

My experiment last night with Nginx worked. I'm going to see if I can replicate it tonight, and post the config for critique.

momurda

I am trying to copy this setup but using wildcard cert instead.
So, i have an http server setup with mediawiki. It has no https.
I have this nginx proxy setup so that the http site is redirected correctly.
edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
However it wont seem to proxy https.
I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
What to do in this type of situation?
I asked about this earlier in thread, seems it can work. Ive just messed something up.
I have not messed about with nginx.conf.
Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.

server.domain.conf file in /etc/nginx/conf.d/ :

server {
        client_max_body_size 40M;
        listen 443 ssl;
        server_name server.domain.com;
        ssl          on;
        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK
                proxy_redirect off;
        }
}
server {
        client_max_body_size 40M;
        listen 80;
        server_name server.domain.com;

        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://10.1.0.247:80;
                proxy_redirect off;
        }
}

black3dynamite

@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

I am trying to copy this setup but using wildcard cert instead.
So, i have an http server setup with mediawiki. It has no https.
I have this nginx proxy setup so that the http site is redirected correctly.
edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
However it wont seem to proxy https.
I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
What to do in this type of situation?
I asked about this earlier in thread, seems it can work. Ive just messed something up.
I have not messed about with nginx.conf.
Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.

server.domain.conf file in /etc/nginx/conf.d/ :
server {
        client_max_body_size 40M;
        listen 443 ssl;
        server_name server.domain.com;
        ssl          on;
        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK
                proxy_redirect off;
        }
}
server {
        client_max_body_size 40M;
        listen 80;
        server_name server.domain.com;

        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://10.1.0.247:80;
                proxy_redirect off;
        }
}

On your Mediawiki server, take a look at your LocalSettings.php file. What do you have set for $wgServer?

momurda

It is http://server.domain.com

Why did LE give me .pem files? edit: dont know

Why cant i convert these pem files to .crt and .key? edit: somehow all these .pem files now have 0 size which doesnt make sense. Worked fine yesterday.

openssl x509 -outform der -in cert.pem -out cert.crt
unable to load certificate
140515541610688:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE

Obsolesce

@momurda

What's the original cert that you have?

JaredBusch

@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

It is http://server.domain.com

Why did LE give me .pem files? edit: dont know

Why cant i convert these pem files to .crt and .key? edit: somehow all these .pem files now have 0 size which doesnt make sense. Worked fine yesterday.
openssl x509 -outform der -in cert.pem -out cert.crt
unable to load certificate
140515541610688:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE

You are supposed to have .pem files, always. That tells you the encoding type of the key and certificate. If you did not know pem files mean you have a DER encoded certificate and key file.

JaredBusch

@momurda I setup this server the day I made those instructions. Here is one of the conf files.

[jbusch@proxy ~]$ sudo cat /etc/nginx/conf.d/nextcloud.conf 
[sudo] password for jbusch: 
server {
    client_max_body_size 40M;
    server_name nc.jj.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://10.201.1.17;
        proxy_redirect off;
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    ssl_stapling on;
    ssl_stapling_verify on;
#    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
#    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nc.jj.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nc.jj.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    client_max_body_size 40M;
    listen 80;
    server_name nc.jj.com;
    rewrite        ^ https://$server_name$request_uri? permanent;
}

momurda

Ok i am on a short vacation starting now. Ill try getting this fixed up on Tuesday when i am back.

wirestyle22

@jaredbusch take out the real domain