Setting up Nginx on CentOS 7 as a reverse proxy
-
@dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:
Considering the new found love of Fedora, should this be done on Fedora instead?
Yeah, I need to make a new guide for Fedora.
Process is basically the same. Substitute
dnf
in place ofyum
, generally.No need for the
epel
-
If I have multiple web servers, how does nginx know which host is which when they are both using the same port? It it just the subdomain and internal IP (
proxy_pass
)?Example:
server { client_max_body_size 40M; listen 443 ssl; server_name nc.skynetli.com; #change to your domain name ssl on; ssl_certificate /etc/ssl/cacert1.pem; #this needs to be the path to your certificate information ssl_certificate_key /etc/ssl/privkey1.pem; #this needs to be the path to your certificate information location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://192.168.1.205:443; #change to your internal server IP proxy_redirect off; } } server { client_max_body_size 40M; listen 443; server_name xo.skynetli.com; #change to your domain name location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://192.168.1.206:443; #change to your internal server IP proxy_redirect off; } }
-
You use multiple server config areas in your example code, and then server_name and proxy_pass for each site using different ports.
-
@tim_g So essentially what I did above, correct?
-
I'll find a good link to reference, I can't do this on my phone... gimme a few mins.
-
@tim_g Np. Thanks
-
I prefer to have each server block for each domain/subdomain in it's own config file.
-
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I prefer to have each server block for each domain/subdomain in it's own config file.
wow, you are hosting a lot there.
-
[jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name www.daerma.com daerma.com; ssl on; ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.101:443; proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name www.daerma.com daerma.com; rewrite ^ https://daerma.com$request_uri? permanent; }
-
Like this, this is a good example of what I meant...
https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites
-
[jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name unms.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.39:443; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name unms.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
-
@jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.
-
@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:
@jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.
That is my preference, yes.
-
@dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I prefer to have each server block for each domain/subdomain in it's own config file.
wow, you are hosting a lot there.
Not really. Just everything is broken out.
-
So I ran into this
but the nginx documentation here points to this: https://nginx.org/en/docs/http/server_names.html
Is there an error here I'm not seeing? I mean, there must be. Each time I make a change I
systemctl reload nginx
-
This post is deleted! -
This post is deleted! -
Actually I think I figured it out. made a mistake with the .conf files
-
@wirestyle22 Share your resolution if you will. I was trying to install nginx on a server with wiki.js the other day and was running into the same error.
-
I never run
certbot
with one of the specific switches like--nginx
or--apache
. Ever.Fuck letting some 3rd party script edit my configuration files.
I run in standalone mode and edit the conf files myself.
I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.