Setting up Nginx on CentOS 7 as a reverse proxy

Obsolesce

You use multiple server config areas in your example code, and then server_name and proxy_pass for each site using different ports.

wirestyle22

@tim_g So essentially what I did above, correct?

Obsolesce

I'll find a good link to reference, I can't do this on my phone... gimme a few mins.

wirestyle22

@tim_g Np. Thanks

JaredBusch

I prefer to have each server block for each domain/subdomain in it's own config file.

Dashrender

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

I prefer to have each server block for each domain/subdomain in it's own config file.

wow, you are hosting a lot there.

JaredBusch

[jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf 
server {
    client_max_body_size 40M;
    listen 443 ssl;
    server_name www.daerma.com daerma.com;
    ssl          on;
    ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass https://10.254.0.101:443;
        proxy_redirect off;
    }
}

server {
    client_max_body_size 40M;
    listen 80;
    server_name www.daerma.com daerma.com;
    rewrite        ^ https://daerma.com$request_uri? permanent;
}

Obsolesce

Like this, this is a good example of what I meant...

https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites

JaredBusch

[jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf 
server {
    client_max_body_size 40M;
    listen 443 ssl;
    server_name unms.bundystl.com;
    ssl          on;
    ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass https://10.254.0.39:443;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }
}
server {
    client_max_body_size 40M;
    listen 80;
    server_name unms.bundystl.com;
    rewrite        ^ https://$server_name$request_uri? permanent;
}

wirestyle22

@jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.

JaredBusch

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.

That is my preference, yes.

JaredBusch

@dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

I prefer to have each server block for each domain/subdomain in it's own config file.

wow, you are hosting a lot there.

Not really. Just everything is broken out.

wirestyle22

So I ran into this

but the nginx documentation here points to this: https://nginx.org/en/docs/http/server_names.html

Is there an error here I'm not seeing? I mean, there must be. Each time I make a change I systemctl reload nginx

wirestyle22

This post is deleted!

wirestyle22

This post is deleted!

wirestyle22

Actually I think I figured it out. made a mistake with the .conf files

zachary715

@wirestyle22 Share your resolution if you will. I was trying to install nginx on a server with wiki.js the other day and was running into the same error.

JaredBusch

I never run certbot with one of the specific switches like --nginx or --apache. Ever.

Fuck letting some 3rd party script edit my configuration files.

I run in standalone mode and edit the conf files myself.

I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

black3dynamite

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

I never run certbot with one of the specific switches like --nginx or --apache. Ever.

Fuck letting some 3rd party script edit my configuration files.

I run in standalone mode and edit the conf files myself.

I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

But doesn’t ‘certonly’ keeps it from editing the files?

Dashrender

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

I never run certbot with one of the specific switches like --nginx or --apache. Ever.

Fuck letting some 3rd party script edit my configuration files.

I run in standalone mode and edit the conf files myself.

I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

LOL - JB doesn't trust scripts from LE or whomever made them, but he for some reason trusts other people's scripts.... LOL