Setting up Nginx on CentOS 7 as a reverse proxy
-
I'll find a good link to reference, I can't do this on my phone... gimme a few mins.
-
@tim_g Np. Thanks
-
I prefer to have each server block for each domain/subdomain in it's own config file.
-
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I prefer to have each server block for each domain/subdomain in it's own config file.
wow, you are hosting a lot there.
-
[jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name www.daerma.com daerma.com; ssl on; ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.101:443; proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name www.daerma.com daerma.com; rewrite ^ https://daerma.com$request_uri? permanent; }
-
Like this, this is a good example of what I meant...
https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites
-
[jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name unms.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.39:443; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name unms.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
-
@jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.
-
@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:
@jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.
That is my preference, yes.
-
@dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I prefer to have each server block for each domain/subdomain in it's own config file.
wow, you are hosting a lot there.
Not really. Just everything is broken out.
-
So I ran into this
but the nginx documentation here points to this: https://nginx.org/en/docs/http/server_names.html
Is there an error here I'm not seeing? I mean, there must be. Each time I make a change I
systemctl reload nginx
-
This post is deleted! -
This post is deleted! -
Actually I think I figured it out. made a mistake with the .conf files
-
@wirestyle22 Share your resolution if you will. I was trying to install nginx on a server with wiki.js the other day and was running into the same error.
-
I never run
certbot
with one of the specific switches like--nginx
or--apache
. Ever.Fuck letting some 3rd party script edit my configuration files.
I run in standalone mode and edit the conf files myself.
I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.
-
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I never run
certbot
with one of the specific switches like--nginx
or--apache
. Ever.Fuck letting some 3rd party script edit my configuration files.
I run in standalone mode and edit the conf files myself.
I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.
But doesn’t ‘certonly’ keeps it from editing the files?
-
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I never run
certbot
with one of the specific switches like--nginx
or--apache
. Ever.Fuck letting some 3rd party script edit my configuration files.
I run in standalone mode and edit the conf files myself.
I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.
LOL - JB doesn't trust scripts from LE or whomever made them, but he for some reason trusts other people's scripts.... LOL
-
@dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I never run
certbot
with one of the specific switches like--nginx
or--apache
. Ever.Fuck letting some 3rd party script edit my configuration files.
I run in standalone mode and edit the conf files myself.
I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.
LOL - JB doesn't trust scripts from LE or whomever made them, but he for some reason trusts other people's scripts.... LOL
I thought he said something about magic scripts that he doesn’t like?
-
@dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:
@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:
I never run
certbot
with one of the specific switches like--nginx
or--apache
. Ever.Fuck letting some 3rd party script edit my configuration files.
I run in standalone mode and edit the conf files myself.
I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.
LOL - JB doesn't trust scripts from LE or whomever made them, but he for some reason trusts other people's scripts.... LOL
Scripts that install software is different than scripts that change your configuration files.
I run the
certbot
scripts, no problem. Just not in a way that lets them fuck up my configuration.