ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Solved Nginx reverse proxy problem with subdomains

    IT Discussion
    nginx reverse proxy subdomain
    3
    23
    5457
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBusch
      JaredBusch @scottalanmiller last edited by

      @scottalanmiller said:

      You are putting the NGinx proxy on a different node than the NodeBB process?

      Yes different box.

      1 Reply Last reply Reply Quote 0
      • JaredBusch
        JaredBusch last edited by

        NodeBB from proxy
        hiHJMbf.jpg

        ScreenConnect from proxy
        Screenconnect has long been a port forward on http://support.bundystl.com:8040
        I want that port gone, because users.....
        GYBMZUY.jpg

        1 Reply Last reply Reply Quote 0
        • JaredBusch
          JaredBusch last edited by

          Here is the screenconnect proxy info for reference

          #/etc/nginx/conf.d/support.bundystl.com.conf
          server {
          	client_max_body_size 40M;
          	listen 80;
          	server_name support.bundystl.com;
          
          	location / {
          		proxy_set_header X-Real-IP $remote_addr;
          		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          		proxy_set_header Host $http_host;
          		proxy_set_header X-NginX-Proxy true;
          		proxy_pass http://10.254.0.22:8040;
          		proxy_redirect off;
          
          	}
          }
          
          1 Reply Last reply Reply Quote 0
          • stacksofplates
            stacksofplates last edited by

            @JaredBusch said:

            10.254.0.106

            I did an nmap on community.daerma.com and this is all I got:

            PORT STATE SERVICE
            80/tcp open http
            443/tcp open https
            8080/tcp open http-proxy
            8081/tcp closed blackice-icecap
            8090/tcp open unknown
            8443/tcp open https-alt

            JaredBusch 1 Reply Last reply Reply Quote 0
            • stacksofplates
              stacksofplates last edited by

              I couldn't ping 10.254.0.106 either.

              JaredBusch 1 Reply Last reply Reply Quote 0
              • JaredBusch
                JaredBusch @stacksofplates last edited by

                @johnhooks said:

                @JaredBusch said:

                10.254.0.106

                I did an nmap on community.daerma.com and this is all I got:

                PORT STATE SERVICE
                80/tcp open http
                443/tcp open https

                These ports are routed to other services on other domain names the are behind the same public IP.

                8080/tcp open http-proxy
                8081/tcp closed blackice-icecap
                8090/tcp open unknown
                8443/tcp open https-alt

                Port 8040-8041 are also port forwarded to a server that answers not sure why nmap did not see them.

                1 Reply Last reply Reply Quote 0
                • JaredBusch
                  JaredBusch @stacksofplates last edited by

                  @johnhooks said:

                  I couldn't ping 10.254.0.106 either.

                  Of course not. it is the internal IP.

                  stacksofplates 1 Reply Last reply Reply Quote 0
                  • stacksofplates
                    stacksofplates @JaredBusch last edited by

                    @JaredBusch said:

                    @johnhooks said:

                    I couldn't ping 10.254.0.106 either.

                    Of course not. it is the internal IP.

                    Oh I thought these were all public facing and you were just forwarding to them. Nevermind.

                    1 Reply Last reply Reply Quote 0
                    • stacksofplates
                      stacksofplates last edited by

                      What happens if you disable SELinux and firewalld?

                      JaredBusch 2 Replies Last reply Reply Quote 1
                      • JaredBusch
                        JaredBusch @stacksofplates last edited by

                        @johnhooks said:

                        What happens if you disable SELinux and firewalld?

                        The nginx proxy can reach the internal IP and port as noted above.

                        The external ports 80/443 and port forwarded to the nginx proxy.

                        6 domains are currently currently on the same server are daerma.com and all work perfectly. All of the working proxied domains are only domain.com and www.domain.com redirecting to 80/443 on a single internal IP

                        1 Reply Last reply Reply Quote 0
                        • JaredBusch
                          JaredBusch last edited by

                          7 sites now. I forgot about jaredbusch.com and just added another conf file.

                          1 Reply Last reply Reply Quote 0
                          • JaredBusch
                            JaredBusch last edited by JaredBusch

                            This post insinuates that I should not need to do anything else to reroute.

                            http://mangolassi.it/topic/5470/reverse-proxy/15

                            As well as my google searching

                            1 Reply Last reply Reply Quote 0
                            • stacksofplates
                              stacksofplates last edited by

                              Ya that's weird. The only time I've ever got a 502 is when either PHP-FPM isn't running or node isn't running.

                              What do your nginx logs say?

                              1 Reply Last reply Reply Quote 0
                              • JaredBusch
                                JaredBusch @stacksofplates last edited by

                                @johnhooks said:

                                What happens if you disable SELinux and firewalld?

                                selinux.....

                                did not think about that.. I was not doing anything special.

                                setenforce 0 and they work.

                                support.bundystl.com
                                community.daerma.com

                                stacksofplates 1 Reply Last reply Reply Quote 2
                                • stacksofplates
                                  stacksofplates @JaredBusch last edited by

                                  @JaredBusch said:

                                  @johnhooks said:

                                  What happens if you disable SELinux and firewalld?

                                  selinux.....

                                  did not think about that.. I was not doing anything special.

                                  setenforce 0 and they work.

                                  support.bundystl.com
                                  community.daerma.com

                                  Ya I don't understand how it's determined which ports are allowed through SELinux and which aren't.

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBusch
                                    JaredBusch last edited by

                                    @johnhooks said:

                                    @JaredBusch said:

                                    @johnhooks said:

                                    What happens if you disable SELinux and firewalld?

                                    selinux.....

                                    did not think about that.. I was not doing anything special.

                                    setenforce 0 and they work.

                                    support.bundystl.com
                                    community.daerma.com

                                    Ya I don't understand how it's determined which ports are allowed through SELinux and which aren't.

                                    right. so now to learn that because i like not setting permissive

                                    1 Reply Last reply Reply Quote 0
                                    • stacksofplates
                                      stacksofplates last edited by stacksofplates

                                      You should be able to do

                                       semanage port -a -t http_port_t -p tcp 4567
                                      

                                      Then if you do

                                      semanage port -l | egrep '(^http_port_t)' 
                                      

                                      it should output the list of ports with that context

                                      http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
                                      
                                      1 Reply Last reply Reply Quote 1
                                      • stacksofplates
                                        stacksofplates last edited by

                                        If it says 4567 is already assigned a label you can change it to:

                                        semanage port -m -t http_port_t -p tcp 4567 
                                        

                                        Then if you do the port list it should show up in there.

                                        1 Reply Last reply Reply Quote 1
                                        • JaredBusch
                                          JaredBusch last edited by

                                          @johnhooks said:

                                          semanage port -m -t http_port_t -p tcp 4567

                                          I had to add semanage first but then it worked.

                                          1 Reply Last reply Reply Quote 2
                                          • First post
                                            Last post