<div dir="ltr">I have similar setups with freebsd jails... usually one the jails is a 'frontend proxy server' which I'm guessing is what you're aiming at but with linux containers....<br><br>Make sure the firewall allow traffic from the frontend to backends which could be other nginx servers or just php-fpm it self depending on the setup, but all you really need is to use proxy_pass.<br><br>Since you want HTTPS you need to have the certificates config in the frontend, regardless if the connection to the backends is also encrypted or not.<br><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">A simple example assuming one VM(LXC) as php-fpm running you could just setup the frontend as you would normally do just use:<br><br>fastcgi_pass CONTAINER_IP:FPM_PORT<br><br><br>Another scenario is ofc you have nginx running in the LXC container which is already "fastcgi_passing" to php, in this case you would use proxy_pass to the backend niginx, IE:<br><br><div class="gmail_extra">server {</div><div class="gmail_extra"> listen IP:443;</div><div class="gmail_extra"> server_name <a href="http://expemple.org">expemple.org</a>;</div><div class="gmail_extra"><br></div><div class="gmail_extra"> ssl on;</div><div class="gmail_extra"> ssl_certificate /usr/local/etc/nginx/ssl/site.crt;</div><div class="gmail_extra"> ssl_certificate_key /usr/local/etc/nginx/ssl/site.key;</div><div class="gmail_extra"><br></div><div class="gmail_extra"> location / {</div><div class="gmail_extra"> proxy_pass <a href="http://lxc_nginx">http://lxc_nginx</a>;</div><div class="gmail_extra"> }</div><div class="gmail_extra">}</div><div class="gmail_extra"><br></div><div class="gmail_extra">upstream lxc_nginx {</div><div class="gmail_extra"> server <a href="http://10.221.186.23:80">10.221.186.23:80</a>; <<<< --- Note that in this case the connection from frontend to the nginx container is not encrypted, but you can use 443 here as long as the backup as the proper ssl config (ssl_certificate and key)</div><div class="gmail_extra">}</div><div><br></div><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><span><font color="#888888">
<font size="1"><br>
<font face="Calibri Light">Melhores Cumprimentos // Best
Regards<br>
</font><font face="Calibri Light">-----------------------------------------------<br>
<b><font color="#000066">Miguel Clara</font></b><br>
</font><b><font color="#ff6600" face="Calibri Light">IT
- Sys Admin & Developer</font></b><font face="Calibri Light"></font></font></font></span></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Feb 16, 2016 at 6:47 AM, Kevin "Ingwie Phoenix" Ingwersen <span dir="ltr"><<a href="mailto:ingwie2000@googlemail.com" target="_blank">ingwie2000@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word">Hey guys!<br><br>StackOverflow didn’t do anything this time, so I decided to visit here and try asking my question here! :)<br><br>A bit of backstory:<br>I have had a fatal server crash. 464 days of uptime with unapplied updates from an OS upgrade, kernel patches and more. When I did do a reboot…it all exploded right into my face :( So I reinstalled.<br><br>Now that I have learned this lesson, I decided to begin deploying things in containers - just raw Virtual Box VMs now, as I haven’t gotten used to Docker or Vagrant. But using a VM with NAT allows me to forward ports.<br><br>One of the VMs is your typical web-server setup; MySQL, PHP5 (FPM) and Nginx (1.8.x). So I have my main server - the VM host - listening on 80 and 443 and forwarded the VM’s ports as 11080 and 11443. Forwarding regular HTTP works flawlessly by just proxy_pass’ing to the other port. No problem here.<br><br>But how do I work out a reverse-proxy for HTTPS traffic? Mainly, I have another VM that runs OwnCloud. I want to forward my host’s 443 port to the VM’s exposed 12443 port so that OwnCloud stops complaining about being opened via raw HTTP.<br><br>Since I am re-using configuration a lot, I have created a basic_proxy file, and a regular sites-enabled/ file. You can see them here: <a href="https://gist.github.com/IngwiePhoenix/19631bd07af62d23b8f3" target="_blank">https://gist.github.com/IngwiePhoenix/19631bd07af62d23b8f3</a> <<a href="https://gist.github.com/IngwiePhoenix/19631bd07af62d23b8f3" target="_blank">https://gist.github.com/IngwiePhoenix/19631bd07af62d23b8f3</a>><br><br>Would be cool if I could keep with this approach to simply forward traffic to my various VMs, but keeping my config reusable!<br><br>Kind regards,<br>Ingwie.</div><br>_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br></blockquote></div><br></div></div>