Install Nginx as a Reverse Proxy on Fedora 27
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g Ctrl+X, Y to save a file. quicker than in vi/vim.
I can actually edit lines and insert text and cut and paste intuitively in nano, unlike vi which requires you to memorize the insert function to just add a simple word or two. Then you have to escape the insert function, then you have to remember what unnatural keyboard combo is to do something else.
CtrlW to find. Super simple, unlike vi/vim.CtrlW to go into another menu and find what you want is weird. I'd rather just type
/whatever
and hit enter.If you want to insert text from clipboard, you go to where you want to insert something, and (rather intuitively), hit the
i
button, because insert starts with "i", then paste it in like normal. In Fedora terminal windows anyways, it's ctrl+shift+v to paste. To exit insertion mode, it's theesc
key... also rather intuitive, because escape.Want to remove some lines? Just hit
dd
, and the line you're on goes away... hold it in to remove lots of lines. Or hit a number first then dd, and it removes that many lines (20dd
removes the next 20 lines). It's all so simple, but I can see the complexity of it if you have no idea about it.It's the whole oh I never used it before and don't know what to do because i don't have a GUI to show me.
Remove the GUI from Nano, and you're in the same boat... how the hell is Ctrl+W intuitive to "find" text? Less intuitive than to simply /TextToLookFor and hit enter.
Copy and paste is easy too... it uses y to copy (for "yank") and p for paste.
But you can do it by highlighting something (if in a gui terminal for example with your mouse) and ctrl+shift+c / v to copy and paste as well. -
So about that nginx reverse proxy...
:face_with_stuck-out_tongue:
-
@tim_g STFU already. No one fucking cares.
Also get the fuck over yourself already.
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g Ctrl+X, Y to save a file. quicker than in vi/vim.
CtrlW to find. Super simple, unlike vi/vim.
ZZ, no more to save and exit in vi.
/ to find. Also super fast. -
No love for the awesome
ed
command? :grinning_face_with_smiling_eyes:
https://www.gnu.org/software/ed/manual/ed_manual.htmlSeriously, what's up with the arguments about which editor is better?
-
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g STFU already. No one fucking cares.
Also get the fuck over yourself already.
Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?
Here's a guide for you:
-
I've found a far better thread for discussing the merits of text editors. Enjoy
-
@tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g STFU already. No one fucking cares.
Also get the fuck over yourself already.
Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?
Here's a guide for you:
No. I honestly don't' give a shit about the editors, that was the entire point of why the guide had the comment it had.
But if you want to be a supremacist bitch about your editor of choice, feel free, just take it out of this thread. -
Jared where is your nginx.conf
-
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g said in Install Nginx as a Reverse Proxy on Fedora 27:
@jaredbusch said in Install Nginx as a Reverse Proxy on Fedora 27:
@tim_g STFU already. No one fucking cares.
Also get the fuck over yourself already.
Aww, is someone pointing out some flaws / difference of opinion / misconceptions in something you like or prefer?
Here's a guide for you:
No. I honestly don't' give a shit about the editors, that was the entire point of why the guide had the comment it had.
But if you want to be a supremacist bitch about your editor of choice, feel free, just take it out of this thread.Not supremacist, only correcting misconceptions that were mentioned... as you and Scott do all the time, in any thread they come up. If I do it, then I'm a "supremacist bitch"? Go piss up a rope and slip off.
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
Jared where is your nginx.conf
I do not normally modify the default conf file
-
My experiment last night with Nginx worked. I'm going to see if I can replicate it tonight, and post the config for critique.
-
I am trying to copy this setup but using wildcard cert instead.
So, i have an http server setup with mediawiki. It has no https.
I have this nginx proxy setup so that the http site is redirected correctly.
edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
However it wont seem to proxy https.
I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
What to do in this type of situation?
I asked about this earlier in thread, seems it can work. Ive just messed something up.
I have not messed about with nginx.conf.
Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.server.domain.conf file in /etc/nginx/conf.d/ :
server { client_max_body_size 40M; listen 443 ssl; server_name server.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name server.domain.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.1.0.247:80; proxy_redirect off; } }
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
I am trying to copy this setup but using wildcard cert instead.
So, i have an http server setup with mediawiki. It has no https.
I have this nginx proxy setup so that the http site is redirected correctly.
edit:well it isnt doing http now either Not sure what i did, was working yesterday just fine.
However it wont seem to proxy https.
I think this is probably because my server.domain.conf in /etc/nginx/conf.d/server.domain.conf proxy_pass parameter is trying to redirect to https of this server which doesnt have https.
What to do in this type of situation?
I asked about this earlier in thread, seems it can work. Ive just messed something up.
I have not messed about with nginx.conf.
Not really sure how it can be used unmodified to proxy https as nothing is defined for https by default.server.domain.conf file in /etc/nginx/conf.d/ :
server { client_max_body_size 40M; listen 443 ssl; server_name server.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.1.0.247:443; # HERE IS ISSUE I THINK proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name server.domain.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.1.0.247:80; proxy_redirect off; } }
On your Mediawiki server, take a look at your LocalSettings.php file. What do you have set for
$wgServer
? -
It is http://server.domain.com
Why did LE give me .pem files? edit: dont know
Why cant i convert these pem files to .crt and .key? edit: somehow all these .pem files now have 0 size which doesnt make sense. Worked fine yesterday.
openssl x509 -outform der -in cert.pem -out cert.crt unable to load certificate 140515541610688:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE
-
What's the original cert that you have?
-
@momurda said in Install Nginx as a Reverse Proxy on Fedora 27:
It is http://server.domain.com
Why did LE give me .pem files? edit: dont know
Why cant i convert these pem files to .crt and .key? edit: somehow all these .pem files now have 0 size which doesnt make sense. Worked fine yesterday.
openssl x509 -outform der -in cert.pem -out cert.crt unable to load certificate 140515541610688:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE
You are supposed to have
.pem
files, always. That tells you the encoding type of the key and certificate. If you did not knowpem
files mean you have aDER
encoded certificate and key file. -
@momurda I setup this server the day I made those instructions. Here is one of the conf files.
[jbusch@proxy ~]$ sudo cat /etc/nginx/conf.d/nextcloud.conf [sudo] password for jbusch: server { client_max_body_size 40M; server_name nc.jj.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.201.1.17; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ssl_stapling on; ssl_stapling_verify on; # ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; # ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/nc.jj.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/nc.jj.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { client_max_body_size 40M; listen 80; server_name nc.jj.com; rewrite ^ https://$server_name$request_uri? permanent; }
-
Ok i am on a short vacation starting now. Ill try getting this fixed up on Tuesday when i am back.
-
@jaredbusch take out the real domain