Install Nginx as a Reverse Proxy on Fedora 27
-
@tim_g STFU already. No one fucking cares.
Also get the fuck over yourself already.
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g Ctrl+X, Y to save a file. quicker than in vi/vim.
CtrlW to find. Super simple, unlike vi/vim.
ZZ, no more to save and exit in vi.
/ to find. Also super fast. -
No love for the awesome
ed
command? :grinning_face_with_smiling_eyes:
https://www.gnu.org/software/ed/manual/ed_manual.htmlSeriously, what's up with the arguments about which editor is better?
-
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g STFU already. No one fucking cares.
Also get the fuck over yourself already.
Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?
Here's a guide for you:
-
I've found a far better thread for discussing the merits of text editors. Enjoy
-
@tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g STFU already. No one fucking cares.
Also get the fuck over yourself already.
Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?
Here's a guide for you:
No. I honestly don't' give a shit about the editors, that was the entire point of why the guide had the comment it had.
But if you want to be a supremacist bitch about your editor of choice, feel free, just take it out of this thread. -
Jared where is your nginx.conf
-
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g STFU already. No one fucking cares.
Also get the fuck over yourself already.
Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?
Here's a guide for you:
No. I honestly don't' give a shit about the editors, that was the entire point of why the guide had the comment it had.
But if you want to be a supremacist bitch about your editor of choice, feel free, just take it out of this thread.Not supremacist, only correcting misconceptions that were mentioned... as you and Scott do all the time, in any thread they come up. If I do it, then I'm a "supremacist bitch"? Go piss up a rope and slip off.
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
Jared where is your nginx.conf
I do not normally modify the default conf file
-
My experiment last night with Nginx worked. I'm going to see if I can replicate it tonight, and post the config for critique.
-
I am trying to copy this setup but using wildcard cert instead.
So, i have an http server setup with mediawiki. It has no https.
I have this nginx proxy setup so that the http site is redirected correctly.
edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
However it wont seem to proxy https.
I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
What to do in this type of situation?
I asked about this earlier in thread, seems it can work. Ive just messed something up.
I have not messed about with nginx.conf.
Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.server.domain.conf file in /etc/nginx/conf.d/ :
server { client_max_body_size 40M; listen 443 ssl; server_name server.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name server.domain.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.1.0.247:80; proxy_redirect off; } }
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
I am trying to copy this setup but using wildcard cert instead.
So, i have an http server setup with mediawiki. It has no https.
I have this nginx proxy setup so that the http site is redirected correctly.
edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
However it wont seem to proxy https.
I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
What to do in this type of situation?
I asked about this earlier in thread, seems it can work. Ive just messed something up.
I have not messed about with nginx.conf.
Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.server.domain.conf file in /etc/nginx/conf.d/ :
server { client_max_body_size 40M; listen 443 ssl; server_name server.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name server.domain.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.1.0.247:80; proxy_redirect off; } }
On your Mediawiki server, take a look at your LocalSettings.php file. What do you have set for
$wgServer
? -
It is http://server.domain.com
Why did LE give me .pem files? edit: dont know
Why cant i convert these pem files to .crt and .key? edit: somehow all these .pem files now have 0 size which doesnt make sense. Worked fine yesterday.
openssl x509 -outform der -in cert.pem -out cert.crt unable to load certificate 140515541610688:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE
-
What's the original cert that you have?
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
It is http://server.domain.com
Why did LE give me .pem files? edit: dont know
Why cant i convert these pem files to .crt and .key? edit: somehow all these .pem files now have 0 size which doesnt make sense. Worked fine yesterday.
openssl x509 -outform der -in cert.pem -out cert.crt unable to load certificate 140515541610688:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE
You are supposed to have
.pem
files, always. That tells you the encoding type of the key and certificate. If you did not knowpem
files mean you have aDER
encoded certificate and key file. -
@momurda I setup this server the day I made those instructions. Here is one of the conf files.
[jbusch@proxy ~]$ sudo cat /etc/nginx/conf.d/nextcloud.conf [sudo] password for jbusch: server { client_max_body_size 40M; server_name nc.jj.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.201.1.17; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ssl_stapling on; ssl_stapling_verify on; # ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; # ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/nc.jj.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/nc.jj.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { client_max_body_size 40M; listen 80; server_name nc.jj.com; rewrite ^ https://$server_name$request_uri? permanent; }
-
Ok i am on a short vacation starting now. Ill try getting this fixed up on Tuesday when i am back.
-
@jaredbusch take out the real domain
-
@wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch take out the real domain
missed 1 of 4. /slacker
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
I am trying to copy this setup but using wildcard cert instead.
So, i have an http server setup with mediawiki. It has no https.
I have this nginx proxy setup so that the http site is redirected correctly.
edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
However it wont seem to proxy https.
I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
What to do in this type of situation?
I asked about this earlier in thread, seems it can work. Ive just messed something up.
I have not messed about with nginx.conf.
Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.server.domain.conf file in /etc/nginx/conf.d/ :
server { client_max_body_size 40M; listen 443 ssl; server_name server.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name server.domain.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.1.0.247:80; proxy_redirect off; } }
If you have a wildcard cert, could you put all the ssl settings into their own ssl.conf file? I won't have time to answer my own question till the middle of next week