reverse proxy using nginx as frontend server.

Sat Jul 10 05:59:15 MSD 2010

Retheesh Kumar R wrote:
> Hello All,
> 
> 
> 
> I am trying to configure reverse proxy on my nginx server. This server
> need to sit in the DMZ zone. Receive the web request and forward it to a
> backend web server.
> 
> I have tried the configuration mentioned here.
> http://wiki.nginx.org/NginxLikeApache
> 
> 
> 
> Note: - Currently No firewall in place so no port restriction.
> 
> 
> 
> Scenario -
> 
> The frontend server URL is  https://mail.example.com
> 
> Backend Web Server URL is https://mail.webserver.com
> 
> 
> 
> Challenges -
> 
> *         When the redirect happens the frontend URL should not change.
> It should remain the same appending the new page details to the frontend
> server URL.
> 
> *         Need https configured from Client to frontend
> 
> *         https/http from frontend to backend web server.
> 
> 
> 
> Can you please guide me with the configuration. Or let me know if you
> need any further information
> 
> 
> 
> Regards,
> 
> Retheesh
> 
> The information transmitted is intended only for the person or entity to 
> which it is addressed and may contain confidential and/or privileged 
> material.
> Any review, re-transmission, dissemination or other use of or taking of 
> any action in reliance upon,this information by persons or entities 
> other than the intended recipient is prohibited.
> If you received this in error, please contact the sender and delete the 
> material from your computer.
> Microland takes all reasonable steps to ensure that its electronic 
> communications are free from viruses.
> However, given Internet accessibility, the Company cannot accept 
> liability for any virus introduced by this e-mail or any attachment and 
> you are advised to use up-to-date virus checking software.

This is about what your looking for, although it only does plain-text 
conversations from front-end to origin machines.

#Start of nginx config for SSL offloading
.......
......
upstream app_pool {
         server 192.168.1.100:80;  # change these ports to connect to 
SSL backend(s) instead?
         server 192.168.1.101:80;
        }

server {
        ssl         on;
        ssl_certificate         /etc/ssl/nginx/secure_combined.crt;
        ssl_certificate_key 
/etc/ssl/nginx/secure.some-domain-name-ssl-cert.com.key;

        listen                  443;
        location / {
        proxy_pass              http://app_pool; # possible to use ports 
here..ie http://app_pool:443;
        port_in_redirect        off; # toggle on/off if you use a port 
in the above line
        proxy_set_header        Host             $host;
        proxy_set_header        X-Real-IP        $remote_addr;
        proxy_set_header        X-Forwarded-For 
$proxy_add_x_forwarded_for;
     }
        }
     }
# End of Nginx config

Essentially, this config would listen on 443 of a machine, and pass all 
requests to the two backends that are mentioned in the upstream block 
above server. In this config, a user makes a connection via SSL to 
https://thismachine.com, and the request is sent to the back-end as 
plain-text(no ssl)

I would say you can use the "proxy_pass" statement in the server area to 
try and connect to the origin machine(s) via SSL, as you can specify 
ports in proxy_pass like this...

proxy_pass http://localhost:8080

Not exactly what you were looking for, but a few minutes of 
experimenting with the proxy pass ports and upstream nodes, and you 
should have what you want running.

Thanks!
-- 
Posted via http://www.ruby-forum.com/.