ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Solved Nginx reverse proxy problem with subdomains

    IT Discussion
    nginx reverse proxy subdomain
    3
    23
    5457
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBusch
      JaredBusch @stacksofplates last edited by

      @johnhooks said:

      @JaredBusch said:

      10.254.0.106

      I did an nmap on community.daerma.com and this is all I got:

      PORT STATE SERVICE
      80/tcp open http
      443/tcp open https

      These ports are routed to other services on other domain names the are behind the same public IP.

      8080/tcp open http-proxy
      8081/tcp closed blackice-icecap
      8090/tcp open unknown
      8443/tcp open https-alt

      Port 8040-8041 are also port forwarded to a server that answers not sure why nmap did not see them.

      1 Reply Last reply Reply Quote 0
      • JaredBusch
        JaredBusch @stacksofplates last edited by

        @johnhooks said:

        I couldn't ping 10.254.0.106 either.

        Of course not. it is the internal IP.

        stacksofplates 1 Reply Last reply Reply Quote 0
        • stacksofplates
          stacksofplates @JaredBusch last edited by

          @JaredBusch said:

          @johnhooks said:

          I couldn't ping 10.254.0.106 either.

          Of course not. it is the internal IP.

          Oh I thought these were all public facing and you were just forwarding to them. Nevermind.

          1 Reply Last reply Reply Quote 0
          • stacksofplates
            stacksofplates last edited by

            What happens if you disable SELinux and firewalld?

            JaredBusch 2 Replies Last reply Reply Quote 1
            • JaredBusch
              JaredBusch @stacksofplates last edited by

              @johnhooks said:

              What happens if you disable SELinux and firewalld?

              The nginx proxy can reach the internal IP and port as noted above.

              The external ports 80/443 and port forwarded to the nginx proxy.

              6 domains are currently currently on the same server are daerma.com and all work perfectly. All of the working proxied domains are only domain.com and www.domain.com redirecting to 80/443 on a single internal IP

              1 Reply Last reply Reply Quote 0
              • JaredBusch
                JaredBusch last edited by

                7 sites now. I forgot about jaredbusch.com and just added another conf file.

                1 Reply Last reply Reply Quote 0
                • JaredBusch
                  JaredBusch last edited by JaredBusch

                  This post insinuates that I should not need to do anything else to reroute.

                  http://mangolassi.it/topic/5470/reverse-proxy/15

                  As well as my google searching

                  1 Reply Last reply Reply Quote 0
                  • stacksofplates
                    stacksofplates last edited by

                    Ya that's weird. The only time I've ever got a 502 is when either PHP-FPM isn't running or node isn't running.

                    What do your nginx logs say?

                    1 Reply Last reply Reply Quote 0
                    • JaredBusch
                      JaredBusch @stacksofplates last edited by

                      @johnhooks said:

                      What happens if you disable SELinux and firewalld?

                      selinux.....

                      did not think about that.. I was not doing anything special.

                      setenforce 0 and they work.

                      support.bundystl.com
                      community.daerma.com

                      stacksofplates 1 Reply Last reply Reply Quote 2
                      • stacksofplates
                        stacksofplates @JaredBusch last edited by

                        @JaredBusch said:

                        @johnhooks said:

                        What happens if you disable SELinux and firewalld?

                        selinux.....

                        did not think about that.. I was not doing anything special.

                        setenforce 0 and they work.

                        support.bundystl.com
                        community.daerma.com

                        Ya I don't understand how it's determined which ports are allowed through SELinux and which aren't.

                        1 Reply Last reply Reply Quote 0
                        • JaredBusch
                          JaredBusch last edited by

                          @johnhooks said:

                          @JaredBusch said:

                          @johnhooks said:

                          What happens if you disable SELinux and firewalld?

                          selinux.....

                          did not think about that.. I was not doing anything special.

                          setenforce 0 and they work.

                          support.bundystl.com
                          community.daerma.com

                          Ya I don't understand how it's determined which ports are allowed through SELinux and which aren't.

                          right. so now to learn that because i like not setting permissive

                          1 Reply Last reply Reply Quote 0
                          • stacksofplates
                            stacksofplates last edited by stacksofplates

                            You should be able to do

                             semanage port -a -t http_port_t -p tcp 4567
                            

                            Then if you do

                            semanage port -l | egrep '(^http_port_t)' 
                            

                            it should output the list of ports with that context

                            http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
                            
                            1 Reply Last reply Reply Quote 1
                            • stacksofplates
                              stacksofplates last edited by

                              If it says 4567 is already assigned a label you can change it to:

                              semanage port -m -t http_port_t -p tcp 4567 
                              

                              Then if you do the port list it should show up in there.

                              1 Reply Last reply Reply Quote 1
                              • JaredBusch
                                JaredBusch last edited by

                                @johnhooks said:

                                semanage port -m -t http_port_t -p tcp 4567

                                I had to add semanage first but then it worked.

                                1 Reply Last reply Reply Quote 2
                                • First post
                                  Last post