Setting up Nginx on CentOS 7 as a reverse proxy
-
Now for a site on a non standard back end port that is still coming in on port 80 like my nodeBB example above, it is very similar.
#save as file: /etc/nginx/conf.d/forum.domain.conf server { client_max_body_size 40M; listen 80; server_name forum.domain.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.0.0.3:4567; proxy_redirect off; } }
Now restart nginx
systemctl reload nginx
-
The non standard port redirect also works with SSL. Again you need your proper certificate information in here. This example is used for my helpdesk.
#save as file: /etc/nginx/conf.d/helpdesk.domain.conf server { client_max_body_size 40M; listen 443 ssl; server_name helpdesk.domain.com; ssl on; ssl_certificate /etc/ssl/cacert.pem; ssl_certificate_key /etc/ssl/privkey.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.0.0.4:8090; proxy_redirect off; } }
Now restart nginx
systemctl reload nginx
-
@JaredBusch Thanks, with your tutorial it's very easy to set up.
-
This post is deleted! -
@anonymous said:
So I have ScreenConnect setup using the reverse proxy, but the clients can't connect the to relay port. How do I fix this?
What ports are you using? What is the proxy config?
-
This post is deleted! -
@anonymous said:
I think I will have to port forward the relay port to the ScreenConnect server?
From the reading I have done, yes. That connection is not SSL, but pre encrypted by ScreenConnect itself.
-
This post is deleted! -
Considering the new found love of Fedora, should this be done on Fedora instead?
-
@dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:
Considering the new found love of Fedora, should this be done on Fedora instead?
Yeah, I need to make a new guide for Fedora.
Process is basically the same. Substitute
dnf
in place ofyum
, generally.No need for the
epel
-
If I have multiple web servers, how does nginx know which host is which when they are both using the same port? It it just the subdomain and internal IP (
proxy_pass
)?Example:
server { client_max_body_size 40M; listen 443 ssl; server_name nc.skynetli.com; #change to your domain name ssl on; ssl_certificate /etc/ssl/cacert1.pem; #this needs to be the path to your certificate information ssl_certificate_key /etc/ssl/privkey1.pem; #this needs to be the path to your certificate information location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://192.168.1.205:443; #change to your internal server IP proxy_redirect off; } } server { client_max_body_size 40M; listen 443; server_name xo.skynetli.com; #change to your domain name location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://192.168.1.206:443; #change to your internal server IP proxy_redirect off; } }
-
You use multiple server config areas in your example code, and then server_name and proxy_pass for each site using different ports.
-
@tim_g So essentially what I did above, correct?
-
I'll find a good link to reference, I can't do this on my phone... gimme a few mins.
-
@tim_g Np. Thanks
-
I prefer to have each server block for each domain/subdomain in it's own config file.
-
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I prefer to have each server block for each domain/subdomain in it's own config file.
wow, you are hosting a lot there.
-
[jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name www.daerma.com daerma.com; ssl on; ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.101:443; proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name www.daerma.com daerma.com; rewrite ^ https://daerma.com$request_uri? permanent; }
-
Like this, this is a good example of what I meant...
https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites
-
[jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name unms.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.39:443; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name unms.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }