Install Nginx as a Reverse Proxy on Fedora 27



  • @tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:

    @travisdh1 said in Install Nginx as a Reverse Proxy on Fedora 27:

    @tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:

    @travisdh1 said in Install Nginx as a Reverse Proxy on Fedora 27:

    @coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

    @stacksofplates said in Install Nginx as a Reverse Proxy on Fedora 27:

    @jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    @coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

    @jaredbusch 0_1524226298968_a9d48ad2-c13d-440c-94c5-a6951b5f6887-image.png

    Pretty much exactly

    I can't make fun. I prefer Vim. I've tried to use nano and I felt clunky. But to each their own. Just don't use emacs 🙃

    I use vi/vim almost exclusively. I just enjoy poking fun at the people who are evangelical about it.

    Given a choice, nano. I'm good with vi/vim as well tho, IRIX really required competency with it.

    Nano is annoying, inconvenient, and much less efficient than using vim. I have no idea anymore why I used nano before, I strictly use vim now, and my life on Linux has never been better.

    Learn to use the Ctrl key, you know, that new key that was added to keyboards, but vim never got around to using 😜

    It's not needed... but does make use of the Ctrl key for a few things.

    Easy example... In Nano, to save and close a file is a hassle. In Vim, Shift+ZZ, done. Quick and easy!

    Want to find something? Open your file with Vim, hit / and type what you want to find, hit enter... super easy! It's dumb in Nano.

    Shall we not get into yet another useless holy way over text editors? You're faster and more efficient in vi, I'm faster and more efficient in nano. At least your not trying to talk me into using emacs!



  • @tim_g Ctrl+X, Y to save a file. quicker than in vi/vim.
    I can actually edit lines and insert text and cut and paste intuitively in nano, unlike vi which requires you to memorize the insert function to just add a simple word or two. Then you have to escape the insert function, then you have to remember what unnatural keyboard combo is to do something else.
    CtrlW to find. Super simple, unlike vi/vim.



  • @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

    @tim_g Ctrl+X, Y to save a file. quicker than in vi/vim.
    I can actually edit lines and insert text and cut and paste intuitively in nano, unlike vi which requires you to memorize the insert function to just add a simple word or two. Then you have to escape the insert function, then you have to remember what unnatural keyboard combo is to do something else.
    CtrlW to find. Super simple, unlike vi/vim.

    CtrlW to go into another menu and find what you want is weird. I'd rather just type /whatever and hit enter.

    If you want to insert text from clipboard, you go to where you want to insert something, and (rather intuitively), hit the i button, because insert starts with "i", then paste it in like normal. In Fedora terminal windows anyways, it's ctrl+shift+v to paste. To exit insertion mode, it's the esc key... also rather intuitive, because escape.

    Want to remove some lines? Just hit dd, and the line you're on goes away... hold it in to remove lots of lines. Or hit a number first then dd, and it removes that many lines (20dd removes the next 20 lines). It's all so simple, but I can see the complexity of it if you have no idea about it.

    It's the whole oh I never used it before and don't know what to do because i don't have a GUI to show me.

    Remove the GUI from Nano, and you're in the same boat... how the hell is Ctrl+W intuitive to "find" text? Less intuitive than to simply /TextToLookFor and hit enter.

    Copy and paste is easy too... it uses y to copy (for "yank") and p for paste.
    But you can do it by highlighting something (if in a gui terminal for example with your mouse) and ctrl+shift+c / v to copy and paste as well.



  • So about that nginx reverse proxy...

    😛


  • Service Provider

    @tim_g STFU already. No one fucking cares.

    Also get the fuck over yourself already.


  • Service Provider

    @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

    @tim_g Ctrl+X, Y to save a file. quicker than in vi/vim.

    CtrlW to find. Super simple, unlike vi/vim.

    ZZ, no more to save and exit in vi.
    / to find. Also super fast.



  • No love for the awesome ed command? 😁
    https://www.gnu.org/software/ed/manual/ed_manual.html

    Seriously, what's up with the arguments about which editor is better?



  • @jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    @tim_g STFU already. No one fucking cares.

    Also get the fuck over yourself already.

    Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?

    Here's a guide for you:

    0_1524246626520_5e68a19a-f7d4-4d89-a211-fa9c4d9e225b-image.png



  • I've found a far better thread for discussing the merits of text editors. Enjoy 😃


  • Service Provider

    @tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:

    @jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    @tim_g STFU already. No one fucking cares.

    Also get the fuck over yourself already.

    Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?

    Here's a guide for you:

    0_1524246626520_5e68a19a-f7d4-4d89-a211-fa9c4d9e225b-image.png

    No. I honestly don't' give a shit about the editors, that was the entire point of why the guide had the comment it had.
    But if you want to be a supremacist bitch about your editor of choice, feel free, just take it out of this thread.



  • Jared where is your nginx.conf



  • @jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    @tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:

    @jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    @tim_g STFU already. No one fucking cares.

    Also get the fuck over yourself already.

    Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?

    Here's a guide for you:

    0_1524246626520_5e68a19a-f7d4-4d89-a211-fa9c4d9e225b-image.png

    No. I honestly don't' give a shit about the editors, that was the entire point of why the guide had the comment it had.
    But if you want to be a supremacist bitch about your editor of choice, feel free, just take it out of this thread.

    Not supremacist, only correcting misconceptions that were mentioned... as you and Scott do all the time, in any thread they come up. If I do it, then I'm a "supremacist bitch"? Go piss up a rope and slip off.


  • Service Provider

    @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

    Jared where is your nginx.conf

    I do not normally modify the default conf file



  • My experiment last night with Nginx worked. I'm going to see if I can replicate it tonight, and post the config for critique.



  • I am trying to copy this setup but using wildcard cert instead.
    So, i have an http server setup with mediawiki. It has no https.
    I have this nginx proxy setup so that the http site is redirected correctly.
    edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
    However it wont seem to proxy https.
    I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
    What to do in this type of situation?
    I asked about this earlier in thread, seems it can work. Ive just messed something up.
    I have not messed about with nginx.conf.
    Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.

    server.domain.conf file in /etc/nginx/conf.d/ :

    server {
            client_max_body_size 40M;
            listen 443 ssl;
            server_name server.domain.com;
            ssl          on;
            ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK
                    proxy_redirect off;
            }
    }
    server {
            client_max_body_size 40M;
            listen 80;
            server_name server.domain.com;
    
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass http://10.1.0.247:80;
                    proxy_redirect off;
            }
    }
    


  • @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

    I am trying to copy this setup but using wildcard cert instead.
    So, i have an http server setup with mediawiki. It has no https.
    I have this nginx proxy setup so that the http site is redirected correctly.
    edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
    However it wont seem to proxy https.
    I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
    What to do in this type of situation?
    I asked about this earlier in thread, seems it can work. Ive just messed something up.
    I have not messed about with nginx.conf.
    Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.

    server.domain.conf file in /etc/nginx/conf.d/ :

    server {
            client_max_body_size 40M;
            listen 443 ssl;
            server_name server.domain.com;
            ssl          on;
            ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK
                    proxy_redirect off;
            }
    }
    server {
            client_max_body_size 40M;
            listen 80;
            server_name server.domain.com;
    
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass http://10.1.0.247:80;
                    proxy_redirect off;
            }
    }
    

    On your Mediawiki server, take a look at your LocalSettings.php file. What do you have set for $wgServer?



  • It is http://server.domain.com

    Why did LE give me .pem files? edit: dont know

    Why cant i convert these pem files to .crt and .key? edit: somehow all these .pem files now have 0 size which doesnt make sense. Worked fine yesterday.

    openssl x509 -outform der -in cert.pem -out cert.crt
    unable to load certificate
    140515541610688:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE
    
    


  • @momurda

    What's the original cert that you have?


  • Service Provider

    @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

    It is http://server.domain.com

    Why did LE give me .pem files? edit: dont know

    Why cant i convert these pem files to .crt and .key? edit: somehow all these .pem files now have 0 size which doesnt make sense. Worked fine yesterday.

    openssl x509 -outform der -in cert.pem -out cert.crt
    unable to load certificate
    140515541610688:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE
    
    

    You are supposed to have .pem files, always. That tells you the encoding type of the key and certificate. If you did not know pem files mean you have a DER encoded certificate and key file.


  • Service Provider

    @momurda I setup this server the day I made those instructions. Here is one of the conf files.

    [[email protected] ~]$ sudo cat /etc/nginx/conf.d/nextcloud.conf 
    [sudo] password for jbusch: 
    server {
        client_max_body_size 40M;
        server_name nc.jj.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://10.201.1.17;
            proxy_redirect off;
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        ssl_stapling on;
        ssl_stapling_verify on;
    #    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    #    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    #    ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/nc.jj.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/nc.jj.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
    }
    server {
        client_max_body_size 40M;
        listen 80;
        server_name nc.jj.com;
        rewrite        ^ https://$server_name$request_uri? permanent;
    }
    


  • Ok i am on a short vacation starting now. Ill try getting this fixed up on Tuesday when i am back.



  • @jaredbusch take out the real domain


  • Service Provider

    @wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

    @jaredbusch take out the real domain

    missed 1 of 4. /slacker



  • @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

    I am trying to copy this setup but using wildcard cert instead.
    So, i have an http server setup with mediawiki. It has no https.
    I have this nginx proxy setup so that the http site is redirected correctly.
    edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
    However it wont seem to proxy https.
    I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
    What to do in this type of situation?
    I asked about this earlier in thread, seems it can work. Ive just messed something up.
    I have not messed about with nginx.conf.
    Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.

    server.domain.conf file in /etc/nginx/conf.d/ :

    server {
            client_max_body_size 40M;
            listen 443 ssl;
            server_name server.domain.com;
            ssl          on;
            ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK
                    proxy_redirect off;
            }
    }
    server {
            client_max_body_size 40M;
            listen 80;
            server_name server.domain.com;
    
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass http://10.1.0.247:80;
                    proxy_redirect off;
            }
    }
    

    If you have a wildcard cert, could you put all the ssl settings into their own ssl.conf file? I won't have time to answer my own question till the middle of next week 😞