ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Setting up Nginx on CentOS 7 as a reverse proxy

    Scheduled Pinned Locked Moved IT Discussion
    centos 7nginxreverse proxysetuphow to
    57 Posts 13 Posters 25.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wirestyle22W
      wirestyle22 @Obsolesce
      last edited by

      @tim_g Np. Thanks

      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch
        last edited by

        I prefer to have each server block for each domain/subdomain in it's own config file.

        0_1514323567627_24a83769-9483-4b32-af2c-3a190ad8f60d-image.png

        DashrenderD 1 Reply Last reply Reply Quote 3
        • DashrenderD
          Dashrender @JaredBusch
          last edited by

          @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

          I prefer to have each server block for each domain/subdomain in it's own config file.

          0_1514323567627_24a83769-9483-4b32-af2c-3a190ad8f60d-image.png

          wow, you are hosting a lot there.

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch
            last edited by

            [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/daerma.com.conf 
            server {
                client_max_body_size 40M;
                listen 443 ssl;
                server_name www.daerma.com daerma.com;
                ssl          on;
                ssl_certificate /etc/letsencrypt/live/daerma.com-0001/fullchain.pem;
                ssl_certificate_key /etc/letsencrypt/live/daerma.com-0001/privkey.pem;
                ssl_stapling on;
                ssl_stapling_verify on;
                ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
                ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
                ssl_prefer_server_ciphers on;
                ssl_session_cache shared:SSL:10m;
                ssl_dhparam /etc/ssl/certs/dhparam.pem;
                add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
            
                location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass https://10.254.0.101:443;
                    proxy_redirect off;
                }
            }
            
            server {
                client_max_body_size 40M;
                listen 80;
                server_name www.daerma.com daerma.com;
                rewrite        ^ https://daerma.com$request_uri? permanent;
            }
            
            1 Reply Last reply Reply Quote 1
            • ObsolesceO
              Obsolesce
              last edited by

              Like this, this is a good example of what I meant...

              https://timothy-quinn.com/using-nginx-as-a-reverse-proxy-for-multiple-sites

              1 Reply Last reply Reply Quote 1
              • JaredBuschJ
                JaredBusch
                last edited by

                [jbusch@nginxproxy ~]$ cat /etc/nginx/conf.d/unms.bundystl.com.conf 
                server {
                    client_max_body_size 40M;
                    listen 443 ssl;
                    server_name unms.bundystl.com;
                    ssl          on;
                    ssl_certificate /etc/letsencrypt/live/unms.bundystl.com/fullchain.pem;
                    ssl_certificate_key /etc/letsencrypt/live/unms.bundystl.com/privkey.pem;
                    ssl_stapling on;
                    ssl_stapling_verify on;
                    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
                    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
                    ssl_prefer_server_ciphers on;
                    ssl_session_cache shared:SSL:10m;
                    ssl_dhparam /etc/ssl/certs/dhparam.pem;
                    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
                
                    location / {
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto $scheme;
                        proxy_set_header Host $http_host;
                        proxy_set_header X-NginX-Proxy true;
                        proxy_pass https://10.254.0.39:443;
                        proxy_redirect off;
                
                        # Socket.IO Support
                        proxy_http_version 1.1;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "upgrade";
                
                    }
                }
                server {
                    client_max_body_size 40M;
                    listen 80;
                    server_name unms.bundystl.com;
                    rewrite        ^ https://$server_name$request_uri? permanent;
                }
                
                wirestyle22W 1 Reply Last reply Reply Quote 1
                • wirestyle22W
                  wirestyle22 @JaredBusch
                  last edited by

                  @jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.

                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @wirestyle22
                    last edited by

                    @wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

                    @jaredbusch Understood. Thanks. I bet multiple configs makes it easier organizationally and also when troubleshooting so you have less to go through.

                    That is my preference, yes.

                    1 Reply Last reply Reply Quote 1
                    • JaredBuschJ
                      JaredBusch @Dashrender
                      last edited by

                      @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:

                      @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                      I prefer to have each server block for each domain/subdomain in it's own config file.

                      0_1514323567627_24a83769-9483-4b32-af2c-3a190ad8f60d-image.png

                      wow, you are hosting a lot there.

                      Not really. Just everything is broken out.

                      1 Reply Last reply Reply Quote 1
                      • wirestyle22W
                        wirestyle22
                        last edited by wirestyle22

                        So I ran into this
                        0_1514509710111_1.PNG

                        but the nginx documentation here points to this: https://nginx.org/en/docs/http/server_names.html
                        0_1514509728545_2.PNG

                        Is there an error here I'm not seeing? I mean, there must be. Each time I make a change I systemctl reload nginx

                        1 Reply Last reply Reply Quote 0
                        • wirestyle22W
                          wirestyle22
                          last edited by

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • wirestyle22W
                            wirestyle22
                            last edited by

                            This post is deleted!
                            1 Reply Last reply Reply Quote 0
                            • wirestyle22W
                              wirestyle22
                              last edited by

                              Actually I think I figured it out. made a mistake with the .conf files

                              zachary715Z 1 Reply Last reply Reply Quote 0
                              • zachary715Z
                                zachary715 @wirestyle22
                                last edited by

                                @wirestyle22 Share your resolution if you will. I was trying to install nginx on a server with wiki.js the other day and was running into the same error.

                                wirestyle22W 1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch
                                  last edited by JaredBusch

                                  I never run certbot with one of the specific switches like --nginx or --apache. Ever.

                                  Fuck letting some 3rd party script edit my configuration files.

                                  I run in standalone mode and edit the conf files myself.

                                  I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

                                  black3dynamiteB DashrenderD wirestyle22W 3 Replies Last reply Reply Quote 1
                                  • black3dynamiteB
                                    black3dynamite @JaredBusch
                                    last edited by

                                    @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                    I never run certbot with one of the specific switches like --nginx or --apache. Ever.

                                    Fuck letting some 3rd party script edit my configuration files.

                                    I run in standalone mode and edit the conf files myself.

                                    I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

                                    But doesn’t ‘certonly’ keeps it from editing the files?

                                    1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @JaredBusch
                                      last edited by

                                      @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                      I never run certbot with one of the specific switches like --nginx or --apache. Ever.

                                      Fuck letting some 3rd party script edit my configuration files.

                                      I run in standalone mode and edit the conf files myself.

                                      I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

                                      LOL - JB doesn't trust scripts from LE or whomever made them, but he for some reason trusts other people's scripts.... LOL

                                      black3dynamiteB JaredBuschJ 2 Replies Last reply Reply Quote 0
                                      • black3dynamiteB
                                        black3dynamite @Dashrender
                                        last edited by

                                        @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                        @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                        I never run certbot with one of the specific switches like --nginx or --apache. Ever.

                                        Fuck letting some 3rd party script edit my configuration files.

                                        I run in standalone mode and edit the conf files myself.

                                        I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

                                        LOL - JB doesn't trust scripts from LE or whomever made them, but he for some reason trusts other people's scripts.... LOL

                                        I thought he said something about magic scripts that he doesn’t like?

                                        DashrenderD 1 Reply Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch @Dashrender
                                          last edited by JaredBusch

                                          @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                          @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                          I never run certbot with one of the specific switches like --nginx or --apache. Ever.

                                          Fuck letting some 3rd party script edit my configuration files.

                                          I run in standalone mode and edit the conf files myself.

                                          I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

                                          LOL - JB doesn't trust scripts from LE or whomever made them, but he for some reason trusts other people's scripts.... LOL

                                          Scripts that install software is different than scripts that change your configuration files.

                                          I run the certbot scripts, no problem. Just not in a way that lets them fuck up my configuration.

                                          1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @black3dynamite
                                            last edited by

                                            @black3dynamite said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                            @dashrender said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                            @jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

                                            I never run certbot with one of the specific switches like --nginx or --apache. Ever.

                                            Fuck letting some 3rd party script edit my configuration files.

                                            I run in standalone mode and edit the conf files myself.

                                            I also include multiple SAN on my certs, so the same SSL file is in multiple conf files.

                                            LOL - JB doesn't trust scripts from LE or whomever made them, but he for some reason trusts other people's scripts.... LOL

                                            I thought he said something about magic scripts that he doesn’t like?

                                            What makes them magic?

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post