Proxmox, nginx reverse proxy and multiple websites on different containers - https

I have trouble configuring SSL with reverse proxy.
What I have: Proxmox installed with 3 containers - 2 containers are with websites and 3rd is a reverse proxy.
Container 1
domain1.com
domain2.com
Container 2
domain3.com
domain4.com
Public IP points to Container 3 (which is a reverse proxy).
How and "where" (on containers, on the reverse proxy, or on both) should I issue an SSL certificate? I want all of the domains to work only via HTTPS.
Reverse proxy has the following configuration:
server {
listen 80;
server_name domain1.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.100:80;# Container 1
}
}
server {
listen 80;
server_name domain2.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.100:80;# Container 1
}
}
server {
listen 80;
server_name domain3.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.200:80;# Container 2
}
}
server {
listen 80;
server_name domain4.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.200:80;# Container 2
}
}
Update: I am able to issue a domain certificate but to make everything work I have to put these certificates on BOTH containers: for reverse proxy and container with domain/website itself. I believe it's kind of dirty and hard to maintain. Please advise

I would just add the SSL certificates to the reverse Proxy and use http to the internal web servers (containers)

Related

Strapi on server with subdomain - problem with admin panel

I have default Digital Ocean installation of strapi. I've changed api based hostname for my domain and I have this error:
this:main.f910bea6.chunk.js:13 Mixed Content: The page at 'https://api.myhostname.app/admin' was loaded over HTTPS, but requested an insecure resource 'http://999.999.999.999/admin/init'. This request has been blocked; the content must be served over HTTPS.
Main site is displaying correctly. Problem is in admin panel.
This is my nginx config:
server {
# Listen HTTP
listen 443 ssl http2;
listen [::]:443 ssl http2;
#listen 80;
server_name api.myhostname.app;
ssl_certificate /etc/ssl/hostname.pem;
ssl_certificate_key /etc/ssl/hostname.key;
# Proxy Config
location / {
proxy_pass http://strapi;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
}
}
and .env file:
NGINX_URL=https://api.myhostname.app
ADMIN_JWT_SECRET="best"
and config:
module.exports = ({ env }) => ({
host: env('HOST', '0.0.0.0'),
port: env.int('PORT', 1337),
url: env('NGINX_URL', ''),
admin: {
auth: {
secret: env('ADMIN_JWT_SECRET'),
},
},
});
What's wrong?
I resolved the problem. This required rebuilding admin panel, like that:
npm run build
Weird but works.

Subdomain login.xyz.com not changing even after logging in

I have used subdomain for my website eg login.xyz.comand it should be pointing toward xyz.com/login. This thing works fine but the issue is this login.xyz.com works me for every page. Even if i am logged in inside the webste the login.xyz.com becomes login.xyz.com/abc. How can i resolve this issue.
This is the below code which I have used :
server {
listen 80 default_server;
server_name login.xyz.com.com;
location / {
proxy_pass http://localhost.com/login;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}

Maintaining structure with Nginx and multiple NodeJS applications

I'm trying to host multiple Node JS servers proxied through Nginx, which is working correctly. One server is hosted at '/', with another hosted at, for example, '/one'. The relevant Nginx config for this setup is below.
upstream host_com {
server 127.0.0.1:3000;
keepalive 8;
}
upstream one_host_com {
server 127.0.0.1:3010;
keepalive 8;
}
server {
listen 80;
access_log /var/log/nginx/host.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://host_com/;
proxy_redirect off;
}
location /one {
rewrite ^(/one)+/(.*)$ /$2 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $proxy_host; #$http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://one_host_com/;
proxy_redirect off;
}
}
However, when I do an AJAX call from the '/one' testbed, like below:
$.getJSON( '/get_stuff', function(data) { .. });
The post goes to '/get_stuff' when I want it to go to '/one/get_stuff'. How can I get Nginx to direct to NodeJS but still maintain the location? Is there a better way to implement this?
Try removing the leading slash in your JavaScript, e.g. $.getJSON( 'get_stuff', function(data) { .. });. By including the leading slash you are asking for a path at the root of the domain but I think you want the path relative to the url you are presently at.

nginx conditional proxy pass

i am trying to configure nginx to proxy pass the request to another server,
only if the $request_body variable matches on a specific regular expression.
My problem now is, that I don't how to configure this behaviour exactly.
I am currently down to this one:
server {
listen 80 default;
server_name test.local;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
if ($request_body ~* ^(.*)\.test) {
proxy_pass http://www.google.de;
}
root /srv/http;
}
}
but the problem here is, that root has always the upperhand.
the proxy won't be passed either way.
any idea on how I could accomplish this?
thanks in advance
try this:
server {
listen 80 default;
server_name test.local;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
if ($request_body ~* ^(.*)\.test) {
proxy_pass http://www.google.de;
break;
}
root /srv/http;
}
}
Nginx routing is based on the location directive which matches on the Request URI. The solution is to temporarily modify this in order to forward the request to different endpoints.
server {
listen 80 default;
server_name test.local;
if ($request_body ~* ^(.*)\.test) {
rewrite ^(.*)$ /istest/$1;
}
location / {
root /srv/http;
}
location /istest/ {
rewrite ^/istest/(.*)$ $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://www.google.de;
}
}
The if condition can only safely be used in Nginx with the rewrite module which it is part of. In this example. The rewrite prefixes the Request URI with istest.
The location blocks give precedence to the closest match. Anything matching /istest/ will go to the second block which uses another rewrite to remove /istest/ from the Request URI before forwarding to the upstream proxy.

nginx proxy all traffic to remote nginx

I have 2 servers,
with IP xx.xx.xx.xx, situated in Germany ... (running frontend: nginx(static content), backend: Apache2)
with IP yy.yy.yy.yy, situated in Italy...
All requests at the moment is sending to server with IP xx.xx.xx.xx,
How can I proxy all traffic from xx.xx.xx.xx to yy.yy.yy.yy using nginx ...
request proxy, request
Internet -> xx.xx.xx.xx(nginx) -> yy.yy.yy.yy(nginx, Apache)
<- <-
response proxy, response
For others. Answer for subject is configure Nginx like:
server {
listen 80;
server_name mydomain.example;
location / {
access_log off;
proxy_pass http://mydomain.example:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
You can use upsteream like:
upstream xx.xx.xx.xx:8080{
#ip_hash;
server xx.xx.xx.xx:8080 max_fails=2 fail_timeout=2s;
server yy.yy.yy.yy:8181 max_fails=2 fail_timeout=2s;
}
then you can use the cookie or header to set the request like:
location /app {
if ($cookie_proxy_override = "proxy-target-A") {
rewrite . http://xx.xx.xx.xx:8080/app;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
break;
}
if ($cookie_proxy_override = "proxy-target-B") {
rewrite . http://yy.yy.yy.yy:8181/webreg;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
break;
}
proxy_pass http://xx.xx.xx.xx:8080/webreg;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Resources