I created an iocage jail following this guide. I'm using a dynamic DNS for now and have my pfsense router pointing port 80 and 443 to the IP address of my reverse proxy jail. I want to have 2 nextcloud jails so I can experiment with the nextcloudMan jail and not worry about messing up the main nextcloud jail. Not sure why the reverse proxy isn't working as expected.
When I goto https://mydomain.ddns.net/nextcloud I get the server on 192.168.5.91
When I goto https://mydomain.ddns.net/nextcloudMan I get :
Internal Server Error
The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.
When I goto https://mydomain.ddns.net/sab I get 404 not found
my proxy_setup.conf
my nginx.conf server block has:
my ssl_common.conf
When I goto https://mydomain.ddns.net/nextcloud I get the server on 192.168.5.91
When I goto https://mydomain.ddns.net/nextcloudMan I get :
Internal Server Error
The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.
When I goto https://mydomain.ddns.net/sab I get 404 not found
my proxy_setup.conf
Code:
location /nextcloud { proxy_pass http://192.168.5.91; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /nextcloudMan { proxy_pass http://192.168.5.96; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /sab { proxy_pass http://192.168.5.75:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
my nginx.conf server block has:
Code:
server { listen 80; listen 443 ssl; server_name mydomain.ddns.net; include ssl_common.conf; include proxy_setup.conf;
my ssl_common.conf
Code:
# Thanks to https://cipherli.st/ for providing a great reference! Please check out their site # to make sure your SSL Configuration is up to date with current standards! Be aware that in this # example we use a slightly liberal cipherlist to allow for older browsers on older devices, Eg. # IE8, android 2.4, etc # Enable Perfect Forward Secrecy (PFS) ssl_prefer_server_ciphers on; ssl_certificate /usr/local/etc/letsencrypt/live/mydomain.ddns.net/fullchain.pem; ssl_certificate_key /usr/local/etc/letsencrypt/live/mydomain.ddns.net/privkey.pem; # Disable SSLv2 and SSLv3 (BEAST and POODLE attacks) ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Enable our strong DH Key ssl_dhparam /usr/local/etc/ssl/dhparams.pem; # Cipher-list for PFS. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AE$ ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 4.4.4.4 valid=300s; resolver_timeout 5s; # HSTS Support add_header Strict-Transport-Security "max-age=63072000;includeSubdomains; preload"; # These headers can break applications, be careful! add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;