Install Nginx as a Reverse Proxy on Fedora 27
-
@hobbit666 said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@hobbit666 said in Install Nginx as a Reverse Proxy on Fedora 27:
Guess if I have my own SSL I don't need to run the certbot stuff and just add the SSL file locations in.
Also if I have a wild card cert *.domain.co.uk do I still add the SSL to each .conf file or just the default.conf for nginx?
100% correct.
Last question.
What's the answer for this part of the question
"Also if I have a wild card cert *.domain.co.uk do I still add the SSL to each .conf file or just the default.conf for nginx"
Each server block needs it. Or you can use an include I guess like this.
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by CertbotJust make your own file with all the ssl settings you want and drop the include in the various conf files.
-
@jaredbusch Thanks
-
@JaredBusch This is transparent to the www application server? I mean, Nextcloud server itself has no https configuration, it all handled through this proxy?
If so, this same process could be done using IIS sites in addition to apache correct? -
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
@JaredBusch This is transparent to the www application server? I mean, Nextcloud server itself has no https configuration, it all handled through this proxy?
If so, this same process could be done using IIS sites in addition to apache correct?Can be, and is, used with anything that has a web interface. Apache, Nginx, IIS, NodeJS, it doesn't care. A Reverse proxy is just a proxy in front of whatever HTTP traffic is behind it. So the platform behind it doesn't matter. Mix and match anything and everything.
-
@scottalanmiller So if i set this up to work with an IIS site, this IIS site has an existing cert, i would first uninstall that ssl cert, and not install another? This is what I picture.
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
@scottalanmiller So if i set this up to work with an IIS site, this IIS site has an existing cert, i would first uninstall that ssl cert, and not install another? This is what I picture.
You can do either, with small adjustments. Your servers behind your reverse proxy can use HTTP or HTTPS as you desire. but there is rarely much point to the overhead of HTTPS, so many of us skip it unless there is a specific reason to have it (like you are using it without the reverse proxy for LAN based access.)
-
@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
@scottalanmiller So if i set this up to work with an IIS site, this IIS site has an existing cert, i would first uninstall that ssl cert, and not install another? This is what I picture.
You can do either, with small adjustments. Your servers behind your reverse proxy can use HTTP or HTTPS as you desire. but there is rarely much point to the overhead of HTTPS, so many of us skip it unless there is a specific reason to have it (like you are using it without the reverse proxy for LAN based access.)
If the existing server is designed for HTTP, I usually do not remove it. I just point the Nginx server block at it.
Even if it is expired or self signed, it is sitll encyrpted between the proxy and the backend server.
Now if the backend server has no encryption, I will not add it for no reason.
Finally, if the backend server is across a public IP space, I will always use at least a self signed SSL cert for the connection.
-
Here is the command if you want a wildcard cert:
sudo certbot -i nginx -d "*.aaronstuder.com" -d aaronstuder.com --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -
@aaronstuder said in Install Nginx as a Reverse Proxy on Fedora 27:
Here is the command if you want a wildcard cert:
sudo certbot -i nginx -d "*.aaronstuder.com" -d aaronstuder.com --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dnsWildcard form LE is useless until you automate the DNS challenge.
-
@jaredbusch It's coming. Right now it just pauses and you update DNS manually, or you can use acme.sh
-
If you're using one reverse proxy to serve traffic to more than one server, do you typically put all of the configurations in one file, or have a main configuration file, and use
includeto reference other files? Methinks the way to go is just have one file with server blocks for however many servers you need. -
@eddiejennings said in Install Nginx as a Reverse Proxy on Fedora 27:
If you're using one reverse proxy to serve traffic to more than one server, do you typically put all of the configurations in one file, or have a main configuration file, and use
includeto reference other files? Methinks the way to go is just have one file with server blocks for however many servers you need.Using separate config is more easier to manage.
-
"Install nano because I prefer it over vi"
Nano really should just be the standard at this point, IMO.
-
@bbigford said in Install Nginx as a Reverse Proxy on Fedora 27:
"Install nano because I prefer it over vi"
Nano really should just be the standard at this point, IMO.
I worded it like that to appease people like @scottalanmiller to prevent some stupid commentary about unneeded packages
-
-
-
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:
Pretty much exactly
I can't make fun. I prefer Vim. I've tried to use nano and I felt clunky. But to each their own. Just don't use emacs :upside-down_face:
-
@stacksofplates said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:
Pretty much exactly
I can't make fun. I prefer Vim. I've tried to use nano and I felt clunky. But to each their own. Just don't use emacs :upside-down_face:
I use vi/vim almost exclusively. I just enjoy poking fun at the people who are evangelical about it.
-
@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:
@stacksofplates said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:
Pretty much exactly
I can't make fun. I prefer Vim. I've tried to use nano and I felt clunky. But to each their own. Just don't use emacs :upside-down_face:
I use vi/vim almost exclusively. I just enjoy poking fun at the people who are evangelical about it.
Given a choice, nano. I'm good with vi/vim as well tho, IRIX really required competency with it.
-
@travisdh1 said in Install Nginx as a Reverse Proxy on Fedora 27:
@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:
@stacksofplates said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:
Pretty much exactly
I can't make fun. I prefer Vim. I've tried to use nano and I felt clunky. But to each their own. Just don't use emacs :upside-down_face:
I use vi/vim almost exclusively. I just enjoy poking fun at the people who are evangelical about it.
Given a choice, nano. I'm good with vi/vim as well tho, IRIX really required competency with it.
Nano is annoying, inconvenient, and much less efficient than using vim. I have no idea anymore why I used nano before, I strictly use vim now, and my life on Linux has never been better.
