ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Install Nginx as a Reverse Proxy on Fedora 27

    Scheduled Pinned Locked Moved IT Discussion
    nginxfedoracertbotfedora 27reverse proxyguidesreal instructionshow to
    107 Posts 16 Posters 23.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @NashBrydges
      last edited by

      @nashbrydges said in Install Nginx as a Reverse Proxy on Fedora 27:

      I'm assuming you would recommend using the .well-known addition to the conf files in the server block to avoid shutting down Nginx?

         location /.well-known/acme-challenge {
                  root /var/www/letsencrypt;
               }
      

      Not in this example as I am using the certbot --nginx switch. It knows how to handle things because of that.

      But if you were doing something else? yes.

      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @wirestyle22
        last edited by

        @wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

        Received following error:

        nginx: [warn] could not build optimal types_hash, you should increase either nginx: [warn] could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size

        I went into /etc/nginx/nginx.conf and changed types_hash_max_size to a higher value as instructed. Removed the error.

        1. This is only a warning.
        2. Unless you are hosting hundred of domains behind Nginx, this really doesn't matter.
        3. If you increase it to not have a warning, keep it as small as possible.

        I just went through jumping down in halves from 3000 until I found what made it stop complaining on my system.

            types_hash_max_size 2249;
        

        2248 threw the warning still.

        Reference to what this is: http://nginx.org/en/docs/hash.html

        1 Reply Last reply Reply Quote 2
        • hobbit666H
          hobbit666 @JaredBusch
          last edited by

          @jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

          @hobbit666 said in Install Nginx as a Reverse Proxy on Fedora 27:

          Guess if I have my own SSL I don't need to run the certbot stuff and just add the SSL file locations in.

          Also if I have a wild card cert *.domain.co.uk do I still add the SSL to each .conf file or just the default.conf for nginx?

          100% correct.

          Last question.

          What's the answer for this part of the question 🙂
          "Also if I have a wild card cert *.domain.co.uk do I still add the SSL to each .conf file or just the default.conf for nginx"

          😁

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @hobbit666
            last edited by

            @hobbit666 said in Install Nginx as a Reverse Proxy on Fedora 27:

            @jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

            @hobbit666 said in Install Nginx as a Reverse Proxy on Fedora 27:

            Guess if I have my own SSL I don't need to run the certbot stuff and just add the SSL file locations in.

            Also if I have a wild card cert *.domain.co.uk do I still add the SSL to each .conf file or just the default.conf for nginx?

            100% correct.

            Last question.

            What's the answer for this part of the question 🙂
            "Also if I have a wild card cert *.domain.co.uk do I still add the SSL to each .conf file or just the default.conf for nginx"

            😁

            Each server block needs it. Or you can use an include I guess like this.

            include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
            

            Just make your own file with all the ssl settings you want and drop the include in the various conf files.

            hobbit666H 1 Reply Last reply Reply Quote 3
            • hobbit666H
              hobbit666 @JaredBusch
              last edited by

              @jaredbusch Thanks

              1 Reply Last reply Reply Quote 0
              • momurdaM
                momurda
                last edited by

                @JaredBusch This is transparent to the www application server? I mean, Nextcloud server itself has no https configuration, it all handled through this proxy?
                If so, this same process could be done using IIS sites in addition to apache correct?

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @momurda
                  last edited by

                  @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

                  @JaredBusch This is transparent to the www application server? I mean, Nextcloud server itself has no https configuration, it all handled through this proxy?
                  If so, this same process could be done using IIS sites in addition to apache correct?

                  Can be, and is, used with anything that has a web interface. Apache, Nginx, IIS, NodeJS, it doesn't care. A Reverse proxy is just a proxy in front of whatever HTTP traffic is behind it. So the platform behind it doesn't matter. Mix and match anything and everything.

                  momurdaM 1 Reply Last reply Reply Quote 0
                  • momurdaM
                    momurda @scottalanmiller
                    last edited by

                    @scottalanmiller So if i set this up to work with an IIS site, this IIS site has an existing cert, i would first uninstall that ssl cert, and not install another? This is what I picture.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @momurda
                      last edited by

                      @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

                      @scottalanmiller So if i set this up to work with an IIS site, this IIS site has an existing cert, i would first uninstall that ssl cert, and not install another? This is what I picture.

                      You can do either, with small adjustments. Your servers behind your reverse proxy can use HTTP or HTTPS as you desire. but there is rarely much point to the overhead of HTTPS, so many of us skip it unless there is a specific reason to have it (like you are using it without the reverse proxy for LAN based access.)

                      JaredBuschJ 1 Reply Last reply Reply Quote 3
                      • JaredBuschJ
                        JaredBusch @scottalanmiller
                        last edited by

                        @scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

                        @momurda said in Install Nginx as a Reverse Proxy on Fedora 27:

                        @scottalanmiller So if i set this up to work with an IIS site, this IIS site has an existing cert, i would first uninstall that ssl cert, and not install another? This is what I picture.

                        You can do either, with small adjustments. Your servers behind your reverse proxy can use HTTP or HTTPS as you desire. but there is rarely much point to the overhead of HTTPS, so many of us skip it unless there is a specific reason to have it (like you are using it without the reverse proxy for LAN based access.)

                        If the existing server is designed for HTTP, I usually do not remove it. I just point the Nginx server block at it.

                        Even if it is expired or self signed, it is sitll encyrpted between the proxy and the backend server.

                        Now if the backend server has no encryption, I will not add it for no reason.

                        Finally, if the backend server is across a public IP space, I will always use at least a self signed SSL cert for the connection.

                        1 Reply Last reply Reply Quote 3
                        • A
                          Alex Sage
                          last edited by

                          Here is the command if you want a wildcard cert:

                          sudo certbot  -i nginx -d "*.aaronstuder.com" -d aaronstuder.com --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns
                          
                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @Alex Sage
                            last edited by

                            @aaronstuder said in Install Nginx as a Reverse Proxy on Fedora 27:

                            Here is the command if you want a wildcard cert:

                            sudo certbot  -i nginx -d "*.aaronstuder.com" -d aaronstuder.com --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns
                            

                            Wildcard form LE is useless until you automate the DNS challenge.

                            A 1 Reply Last reply Reply Quote 0
                            • A
                              Alex Sage @JaredBusch
                              last edited by Alex Sage

                              @jaredbusch It's coming. Right now it just pauses and you update DNS manually, or you can use acme.sh

                              1 Reply Last reply Reply Quote 0
                              • EddieJenningsE
                                EddieJennings
                                last edited by

                                If you're using one reverse proxy to serve traffic to more than one server, do you typically put all of the configurations in one file, or have a main configuration file, and use include to reference other files? Methinks the way to go is just have one file with server blocks for however many servers you need.

                                black3dynamiteB 1 Reply Last reply Reply Quote 0
                                • black3dynamiteB
                                  black3dynamite @EddieJennings
                                  last edited by

                                  @eddiejennings said in Install Nginx as a Reverse Proxy on Fedora 27:

                                  If you're using one reverse proxy to serve traffic to more than one server, do you typically put all of the configurations in one file, or have a main configuration file, and use include to reference other files? Methinks the way to go is just have one file with server blocks for however many servers you need.

                                  Using separate config is more easier to manage.

                                  1 Reply Last reply Reply Quote 1
                                  • bbigfordB
                                    bbigford
                                    last edited by bbigford

                                    "Install nano because I prefer it over vi"

                                    Nano really should just be the standard at this point, IMO.

                                    JaredBuschJ 1 Reply Last reply Reply Quote 2
                                    • JaredBuschJ
                                      JaredBusch @bbigford
                                      last edited by

                                      @bbigford said in Install Nginx as a Reverse Proxy on Fedora 27:

                                      "Install nano because I prefer it over vi"

                                      Nano really should just be the standard at this point, IMO.

                                      I worded it like that to appease people like @scottalanmiller to prevent some stupid commentary about unneeded packages

                                      coliverC 1 Reply Last reply Reply Quote 6
                                      • coliverC
                                        coliver @JaredBusch
                                        last edited by

                                        @jaredbusch 0_1524226298968_a9d48ad2-c13d-440c-94c5-a6951b5f6887-image.png

                                        JaredBuschJ 1 Reply Last reply Reply Quote 6
                                        • JaredBuschJ
                                          JaredBusch @coliver
                                          last edited by

                                          @coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

                                          @jaredbusch 0_1524226298968_a9d48ad2-c13d-440c-94c5-a6951b5f6887-image.png

                                          Pretty much exactly

                                          stacksofplatesS 1 Reply Last reply Reply Quote 0
                                          • stacksofplatesS
                                            stacksofplates @JaredBusch
                                            last edited by

                                            @jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:

                                            @coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

                                            @jaredbusch 0_1524226298968_a9d48ad2-c13d-440c-94c5-a6951b5f6887-image.png

                                            Pretty much exactly

                                            I can't make fun. I prefer Vim. I've tried to use nano and I felt clunky. But to each their own. Just don't use emacs :upside-down_face:

                                            coliverC 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 1 / 6
                                            • First post
                                              Last post