Nginx Help

Status
Not open for further replies.

dureal99d

Contributor
Joined
Aug 3, 2017
Messages
156
Ok so here i am at another cross words of needing to learn.

I have setup Nginx using the guide found here
https://forums.freenas.org/index.ph...-to-reverse-proxy-your-jails-w-certbot.49876/

Yet there is a problem, or 2 to be exact

Issue#1
I already have certs on my 2 servers id like to proxy as when i expose them to the world wide web (individually as nothing can share port 443) I get the green ok lock (is this an issue?)

I would like to have the proxy serve as the middle man and though it has its own cert redirect to either internal server as i see fit (hope this makes senses)

issues #2
I cannot or rather do not understand how to setup the file to access the individual jails or ips i tell it too.

when i access the nginx from the outside ip i get the nginx page that needs further configuring but other than that all fails when trying to connect with my internal servers

now dont get me wrong the guide works and every part completed but there has to be some steps that are not being explained or otherwise missing.

for example ive seen some people say create a vhost folder and the create a blah.conf. but what do i place in this blah.conf a domain name or ? and just many questions that dont seem to be documented very well or atleast in a way i can understand it.

I have no experience with nginx and its reverse proxy capability (slowly drowning)

any ideas? (I will further explain if needed for the sake of getting help)

Thanks you ladies and gentlemen
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Is the reverse proxy in the same jail as your other apps? The guide above will tell you how to proxy those if they are. If not you'll have to redirect to the backend server via the jails IP.
Code:
location / {
					proxy_pass  http://your_jail_IP;
					proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
					proxy_set_header		Host $host;
					proxy_set_header		X-Real-IP $remote_addr;
					proxy_set_header		X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header		X-Forwarded-Proto $scheme;
					}
 

dureal99d

Contributor
Joined
Aug 3, 2017
Messages
156
Is the reverse proxy in the same jail as your other apps? The guide above will tell you how to proxy those if they are. If not you'll have to redirect to the backend server via the jails IP.
Code:
location / {
					proxy_pass  http://your_jail_IP;
					proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
					proxy_set_header		Host $host;
					proxy_set_header		X-Real-IP $remote_addr;
					proxy_set_header		X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header		X-Forwarded-Proto $scheme;
					}
the reverse proxy is in a jail all its own (independent)
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
So add that location block to your server declaration and it should redirect the traffic for your server name to the back end jail. Something like this

Code:
	server {
		listen	   80;
		server_name  your_domain;
		return		 301 https://your_domain$request_uri;
	}
		
	server	{		
		listen	   443 ssl;
		server_name  your_domain;

		your SSL config here
		
		location / {
			proxy_pass			  http://your_backendjail_IP;
			proxy_redirect			 http:// https://;
			proxy_set_header		Host $host;
			proxy_set_header		X-Real-IP $remote_addr;
			proxy_set_header		X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header		X-Forwarded-Proto $scheme;	
		}
	}
 

dureal99d

Contributor
Joined
Aug 3, 2017
Messages
156
So add that location block to your server declaration and it should redirect the traffic for your server name to the back end jail. Something like this

Code:
	server {
		listen	   80;
		server_name  your_domain;
		return		 301 https://your_domain$request_uri;
	}
		
	server	{		
		listen	   443 ssl;
		server_name  your_domain;

		your SSL config here
		
		location / {
			proxy_pass			  http://your_backendjail_IP;
			proxy_redirect			 http:// https://;
			proxy_set_header		Host $host;
			proxy_set_header		X-Real-IP $remote_addr;
			proxy_set_header		X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header		X-Forwarded-Proto $scheme;	
		}
	}
what file is the server block exactly? nginx.conf? and if nginx.conf do i add this entry for each server?
 

dureal99d

Contributor
Joined
Aug 3, 2017
Messages
156
So add that location block to your server declaration and it should redirect the traffic for your server name to the back end jail. Something like this

Code:
	server {
		listen	   80;
		server_name  your_domain;
		return		 301 https://your_domain$request_uri;
	}
		
	server	{		
		listen	   443 ssl;
		server_name  your_domain;

		your SSL config here
		
		location / {
			proxy_pass			  http://your_backendjail_IP;
			proxy_redirect			 http:// https://;
			proxy_set_header		Host $host;
			proxy_set_header		X-Real-IP $remote_addr;
			proxy_set_header		X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header		X-Forwarded-Proto $scheme;	
		}
	}
I know it sounds stupid but care to post an example?
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975

dureal99d

Contributor
Joined
Aug 3, 2017
Messages
156
That was an example.
LOL, bad wording, what i meant is based upon a setup could you show or rather explain from begin to end.

obviously you dont have too but as i did in my rewrite of the next cloud tutorial i am very detail oriented.

thats is what i mean by example

its not enough to say to me add to server block if i dont know what server block is (respectfully speaking)
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
The previous thread you linked to shows you how to set it up from start to finish. As far as specific configuration you'll have to figure that out on your own as it will be specific to your installation and setup.
 

luckyal

Dabbler
Joined
Aug 4, 2017
Messages
32
So add that location block to your server declaration and it should redirect the traffic for your server name to the back end jail. Something like this

Code:
	server {
		listen	   80;
		server_name  your_domain;
		return		 301 https://your_domain$request_uri;
	}
		
	server	{		
		listen	   443 ssl;
		server_name  your_domain;

		your SSL config here
		
		location / {
			proxy_pass			  http://your_backendjail_IP;
			proxy_redirect			 http:// https://;
			proxy_set_header		Host $host;
			proxy_set_header		X-Real-IP $remote_addr;
			proxy_set_header		X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header		X-Forwarded-Proto $scheme;	
		}
	}
After adding the above block and replacing generic references to my domain I was unable to go back to login page of the nextcloud via HTTPS or HTTP. Even after reverting the changes back to original NGINX config, I am no longer able to access it using HTTP, something that I had no trouble doing before making the changes. I did run a command "service nginx reload" each time after making the changes to NGINX, but it still doesn't work. Do I need to restart another service to be able to access it like I was able to prior to making the changes?
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Comment out the redirect to https and and list your document root in the http block and you should be able to access it again to figure out what you did wrong.
 
Status
Not open for further replies.
Top