Solved Nginx reverse proxy problem with subdomains
-
Have you made sure that port 4567 is open on 10.254.0.106?
-
It is not jsut node BB that I am trying to proxy. but yes. all sites are open from the proxy host.
from the host I can "curl 10.254.0.106:4567" and see the output
I am also setting up my screen connect. same result.
-
@scottalanmiller said:
You are putting the NGinx proxy on a different node than the NodeBB process?
Yes different box.
-
NodeBB from proxy
http://i.imgur.com/hiHJMbf.jpgScreenConnect from proxy
Screenconnect has long been a port forward on http://support.bundystl.com:8040
I want that port gone, because users.....
http://i.imgur.com/GYBMZUY.jpg -
Here is the screenconnect proxy info for reference
#/etc/nginx/conf.d/support.bundystl.com.conf server { client_max_body_size 40M; listen 80; server_name support.bundystl.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.254.0.22:8040; proxy_redirect off; } }
-
@JaredBusch said:
10.254.0.106
I did an nmap on community.daerma.com and this is all I got:
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8081/tcp closed blackice-icecap
8090/tcp open unknown
8443/tcp open https-alt -
I couldn't ping 10.254.0.106 either.
-
@johnhooks said:
@JaredBusch said:
10.254.0.106
I did an nmap on community.daerma.com and this is all I got:
PORT STATE SERVICE
80/tcp open http
443/tcp open httpsThese ports are routed to other services on other domain names the are behind the same public IP.
8080/tcp open http-proxy
8081/tcp closed blackice-icecap
8090/tcp open unknown
8443/tcp open https-altPort 8040-8041 are also port forwarded to a server that answers not sure why nmap did not see them.
-
@johnhooks said:
I couldn't ping 10.254.0.106 either.
Of course not. it is the internal IP.
-
@JaredBusch said:
@johnhooks said:
I couldn't ping 10.254.0.106 either.
Of course not. it is the internal IP.
Oh I thought these were all public facing and you were just forwarding to them. Nevermind.
-
What happens if you disable SELinux and firewalld?
-
@johnhooks said:
What happens if you disable SELinux and firewalld?
The nginx proxy can reach the internal IP and port as noted above.
The external ports 80/443 and port forwarded to the nginx proxy.
6 domains are currently currently on the same server are daerma.com and all work perfectly. All of the working proxied domains are only domain.com and www.domain.com redirecting to 80/443 on a single internal IP
-
7 sites now. I forgot about jaredbusch.com and just added another conf file.
-
This post insinuates that I should not need to do anything else to reroute.
http://mangolassi.it/topic/5470/reverse-proxy/15
As well as my google searching
-
Ya that's weird. The only time I've ever got a 502 is when either PHP-FPM isn't running or node isn't running.
What do your nginx logs say?
-
@johnhooks said:
What happens if you disable SELinux and firewalld?
selinux.....
did not think about that.. I was not doing anything special.
setenforce 0
and they work. -
@JaredBusch said:
@johnhooks said:
What happens if you disable SELinux and firewalld?
selinux.....
did not think about that.. I was not doing anything special.
setenforce 0
and they work.Ya I don't understand how it's determined which ports are allowed through SELinux and which aren't.
-
@johnhooks said:
@JaredBusch said:
@johnhooks said:
What happens if you disable SELinux and firewalld?
selinux.....
did not think about that.. I was not doing anything special.
setenforce 0
and they work.Ya I don't understand how it's determined which ports are allowed through SELinux and which aren't.
right. so now to learn that because i like not setting permissive
-
You should be able to do
semanage port -a -t http_port_t -p tcp 4567
Then if you do
semanage port -l | egrep '(^http_port_t)'
it should output the list of ports with that context
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
-
If it says 4567 is already assigned a label you can change it to:
semanage port -m -t http_port_t -p tcp 4567
Then if you do the port list it should show up in there.