proxy_pass Not Working on Port 80

Francis Daly francis at daoine.org
Wed Sep 9 20:46:46 UTC 2020


On Wed, Sep 09, 2020 at 10:40:35AM -0400, figshta wrote:

Hi there,

> I really appreciate your help, unfortunately it isn't working yet...
> 
> Are there any another ways to trouble shoot this port problem?

What request do you make of nginx-frontend?

What request do you want nginx to make of the backend/upstream?

What request does nginx actually make of the backend?

The logs, or tcpdump, should show you exactly what is happening.


> I don't want to use port 8080 or 8081 because Certbot requires port 80 and
> it should work. 

Certbot requires port 80 on the frontend.

You get to decide for yourself what happens on the backend - certbot
should not know or care.

> I plan to have everything on port 443 once it's all set up. 

Certbot will still require port 80, unless you have an alternative plan.

> I am however, now concerned about running into trouble with multiple sites
> using 443.
> It it difficult?

http://nginx.org/en/docs/http/configuring_https_servers.html has some
useful notes.

> Here both server configurations on Server2 in case it helps.
> 
> #Proxied Server (Server2)
> #houseofavi.com
> server {
>         if ($host = houseofavi.com) {
>                         return 301 https://$host$request_uri;
>         } # managed by Certbot
>         server_name houseofavi.com;
>         return 404; # managed by Certbot

That is the 404 return that you get, because your frontend nginx did
not send the Host: header that you want. (Instead, it sent the Host:
header that you configured it to send.)

There is, in this case, an implicit "listen 80 default;" in this
server{}. So...

> server {
>         listen 80;
>         server_name threedaystubble.com www.threedaystubble.com;

...this server{} will only be used if you include a Host: header of one
of those two strings.

Add some logging; or (temporarily)

    return 200 "this is the backend you want: $request_uri\n";

to see that it is (or is not) being used.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list