Reverse Proxy

Michael Cooper mcooper at coopfire.com
Sat Jul 20 11:22:54 UTC 2019 

Hello Guys, First time poster to nginx list. I have successfully created an
nginx proxy but i am only using http at the moment:
The following works perfectly
# Coopfire.com Website #

server {
    server_name www.coopfire.com;

    location / {
        # www.coopfire.com reverse proxy follow
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://xxx.xxx.xxx.xxx:80;
    }
}

 am trying to add https: to this because I have a need for it for my blog
app it is as follows:
server {
    server_name blog.coopfire.com;

    location / {
        # coopfire.com reverse proxy follow
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://xxx.xxx.xxx.xxx:2368; *<- This works fine*
#        proxy_pass https://xxx.xxx.xxx.xxx:444;  *<- This does not work in
browser with ip it does*
    }
}

So I have seen a few different configurations where the ssl cert has a path
that appears to be local to the proxy server, Does this mean I put the
certs on the proxy instead of the backend server?

server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    server_name jenkins.domain.com;

    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/jenkins.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the “It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:8080;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:8080 https://jenkins.domain.com;
    }
  }

Also I see on the top it is redirecting all http requests to https, Do
certs need to be added to all the sites?

Thanks,
-- 
Michael A Cooper
Linux Certified
Zerto Certified
http://www.coopfire.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190720/5bb9343c/attachment-0001.html>

More information about the nginx mailing list