nginx as reverse proxy to several backends

Filip Francis filip.francis at exitas.be
Wed Feb 22 05:29:56 UTC 2017 

Hi all,


I am trying to set-up a reverse proxy with nginx so that based on the 
server_name it goes to the correct backend.

I have been looking in to examples but no luck to get it actually working.

So this is want I want to do

when user type xxxx.yyy.be as normal http it redirects to https and then 
forwards it to the backend nummer 1

but when user type zzzz.yyy.be also as normal http it redrects it to 
https and forwards it to the correct backend (so here it would be 
backend nummer 2)

so in sites-enabled i put several files that  is being loaded but 
nothing is working

so i would like to see an example that works as i can not found a 
complete example to work with.

So please advice.


So here is my nginx.conf file

user www;
worker_processes auto;
pid /var/run/nginx.pid;

events {
         worker_connections 768;
         multi_accept on;
}

http {

         ##
         # Basic Settings
         ##
         sendfile on;
         tcp_nopush on;
         tcp_nodelay on;
         keepalive_timeout 65;
         types_hash_max_size 2048;
         more_set_headers "Server: Your_New_Server_Name";
         server_tokens off;
         # server_names_hash_bucket_size 64;
         # server_name_in_redirect off;

         include /opt/local/etc/nginx/mime.types;
         default_type application/octet-stream;

         ##
         # SSL Settings
         ##
         #ssl on;
         ssl_protocols TLSv1.2;
         ssl_ciphers 
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128;
         ssl_prefer_server_ciphers on;
         ssl_certificate /opt/local/etc/nginx/certs/fullchain.pem;
         ssl_certificate_key    /opt/local/etc/nginx/certs/key.pem;
         ssl_session_cache    shared:SSL:10m;
         ssl_session_timeout  10m;
         ssl_stapling on;
         ssl_stapling_verify on;
         ## Enable HSTS
         add_header Strict-Transport-Security max-age=63072000;

         # Do not allow this site to be displayed in iframes
         add_header X-Frame-Options DENY;
         add_header X-Content-Type-Options nosniff;
         add_header X-Frame-Options "SAMEORIGIN" always;
         # Do not permit Content-Type sniffing.
         add_header X-Content-Type-Options nosniff;
         ##
         # Logging Settings
         ##
         rewrite_log on;
         access_log /var/log/nginx/access.log;
         error_log /var/log/nginx/error.log;

         ##
         # Gzip Settings
         ##

         gzip on;
         gzip_disable "msie6";

         #gzip_vary on;
         #gzip_proxied any;
         #gzip_comp_level 6;
         #gzip_buffers 16 8k;
         #gzip_http_version 1.1;
         #gzip_types text/plain text/css application/json 
application/javascript text/xml application/xml application/xml+rss 
text/javascript;

         ##
         # Virtual Host Configs
         ##

         include /opt/local/etc/nginx/sites-enabled/*;
}

and then in sites-enabled there are following files:

owncloud and mattermost

here is the content:

owncloud:

upstream  owncloud {
    server 192.168.1.51:80;
}




server {
    listen 80;
    server_name    xxxx.yyy.be;
    return 301 https://$server_name$request_uri;
    #rewrite ^/.*$ https://$host$request_uri? permanent;
         more_set_headers "Server: None of Your Business";
         server_tokens off;
    }
server {
    listen 443 ssl http2;
    server_name    xxxx.yyy.be;
    more_set_headers "Server: None of Your Business";
    server_tokens off;

    location / {
        client_max_body_size 0;
        proxy_set_header Connection "";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        proxy_read_timeout 600s;
        proxy_cache owncloud_cache;
        proxy_cache_revalidate on;
        proxy_cache_min_uses 2;
        proxy_cache_use_stale timeout;
        proxy_cache_lock on;
        proxy_pass http://192.168.1.51;
    }
    # Lets Encrypt Override
    location '/.well-known/acme-challenge' {
         root /var/www/proxy;
         auth_basic off;
    }

}

and mattermost:

server {
    listen 80;
    server_name    zzzz.yyy.be;

         location / {
    return 301 https://$server_name$request_uri;

}
}
server {
    listen 443;
    server_name    zzzz.yyy.be;

    location / {
         client_max_body_size 0;
        proxy_set_header Connection "";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        proxy_read_timeout 600s;
        proxy_cache mattermost_cache;
        proxy_cache_revalidate on;
        proxy_cache_min_uses 2;
        proxy_cache_use_stale timeout;
        proxy_cache_lock on;
        proxy_pass http://192.168.1.95:8065;
    }

}


This is working (more or less) but if i start moving the ssl bit into 
the owncloud or mattermost its simply is not working any more

getting each time that i type http://zzzz.yyy.be i get 400 bad request 
The plain HTTP request was sent to HTTPS port



Thanks

Filip Francis

More information about the nginx mailing list