Forwarding HTTPS to VM's HTTPS...

Miguel C miguelmclara at gmail.com
Tue Feb 16 13:14:06 UTC 2016


I have similar setups with freebsd jails... usually one the jails is a
'frontend proxy server' which I'm guessing is what you're aiming at but
with linux containers....

Make sure the firewall allow traffic from the frontend to backends which
could be other nginx servers or just php-fpm it self depending on the
setup, but all you really need is to use proxy_pass.

Since you want HTTPS you need to have the certificates config in the
frontend, regardless if the connection to the backends is also encrypted or
not.


A simple example assuming one VM(LXC) as php-fpm running you could just
setup the frontend as you would normally do just use:

fastcgi_pass CONTAINER_IP:FPM_PORT


Another scenario is ofc you have nginx running in the LXC container which
is already "fastcgi_passing" to php, in this case you would use proxy_pass
to the backend niginx, IE:

server {
        listen          IP:443;
        server_name    expemple.org;

        ssl on;
        ssl_certificate /usr/local/etc/nginx/ssl/site.crt;
        ssl_certificate_key /usr/local/etc/nginx/ssl/site.key;

        location / {
                proxy_pass http://lxc_nginx;
        }
}

upstream lxc_nginx {
        server 10.221.186.23:80; <<<< --- Note that in this case the
connection from frontend to the nginx container is not encrypted, but you
can use 443 here as long as the backup as the proper ssl config
(ssl_certificate and key)
}


Melhores Cumprimentos // Best Regards
-----------------------------------------------
*Miguel Clara*
*IT - Sys Admin & Developer*

On Tue, Feb 16, 2016 at 6:47 AM, Kevin "Ingwie Phoenix" Ingwersen <
ingwie2000 at googlemail.com> wrote:

> Hey guys!
>
> StackOverflow didn’t do anything this time, so I decided to visit here and
> try asking my question here! :)
>
> A bit of backstory:
> I have had a fatal server crash. 464 days of uptime with unapplied updates
> from an OS upgrade, kernel patches and more. When I did do a reboot…it all
> exploded right into my face :( So I reinstalled.
>
> Now that I have learned this lesson, I decided to begin deploying things
> in containers - just raw Virtual Box VMs now, as I haven’t gotten used to
> Docker or Vagrant. But using a VM with NAT allows me to forward ports.
>
> One of the VMs is your typical web-server setup; MySQL, PHP5 (FPM) and
> Nginx (1.8.x). So I have my main server - the VM host - listening on 80 and
> 443 and forwarded the VM’s ports as 11080 and 11443. Forwarding regular
> HTTP works flawlessly by just proxy_pass’ing to the other port. No problem
> here.
>
> But how do I work out a reverse-proxy for HTTPS traffic? Mainly, I have
> another VM that runs OwnCloud. I want to forward my host’s 443 port to the
> VM’s exposed 12443 port so that OwnCloud stops complaining about being
> opened via raw HTTP.
>
> Since I am re-using configuration a lot, I have created a basic_proxy
> file, and a regular sites-enabled/ file. You can see them here:
> https://gist.github.com/IngwiePhoenix/19631bd07af62d23b8f3 <
> https://gist.github.com/IngwiePhoenix/19631bd07af62d23b8f3>
>
> Would be cool if I could keep with this approach to simply forward traffic
> to my various VMs, but keeping my config reusable!
>
> Kind regards,
> Ingwie.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160216/55c7622a/attachment.html>


More information about the nginx mailing list