Problem using nginx as reverse proxy server on Windows Server 2016

Jeremy Cocks jeremy at jeremy.cx
Sat Feb 3 22:27:33 UTC 2024


Hello!

> I found that port 80 is being used by both task "System" by user
"SYSTEM" for "NT Kernel and System"
with a PID of 4 and also for task "System Idle Process" by user "SYSTEM"
for
"Percentage of time the processor is idle" with a PID of 0.

This is typically the Web Deployment Agent Service (MsDepSvc) (this often
uses PID4) or Host Network Service - both stoppable from from services.msc

Let us know how you get on!


On Sat, 3 Feb 2024 at 18:51, Victor Oppenheimer <victor at camb.com> wrote:

> I am trying to run nginx as a reverse proxy server on my Microsoft Windows
> Server 2016 Standard computer.
>
> I previously have used Microsoft IIS and Apache Tomcat on this computer to
> serve webpages on port 80 and port 8080 respectively.
>
> However, I want to have some of my websites use SSL and be accessed
> using HTTPS.
>
> So, I decided to install the nginx web server software on
> the computer.  I planned to using it as a reverse proxy server which
> would receive both insecure HTML and secure HTTPS webpage requests and
> then proxy them to the appropriate software webservers on the same
> computer.
>
> I changed all the IIS sites that had been using port 80 to use port 81
> instead.
> I then wrote the nginx.conf configuration file which listens on port 80
> for each of
> my server_names and then proxy the page requests to the appropriate
> software webserver.
>
> Once that works, I plan to install the SSL certificates in nginx and
> process secure
> HTMLS requests as well.
>
> But nginx fails to start on the computer.  It produces the following
> error message.
>       bind() to 0.0.0.0:80 failed (10013: An attempt was made to access
> a socket in a way
>       forbidden by its access permissions)
>
> Because the message appears to indicate that there is a conflict using
> port 80 decided
> to see which tasks were using port 80.  To do so, I opened a command
> window with
> administrative privileges and ran the following command:
>      netstat -ano | findstr :80
>
> I then examined the output for entries with a state of "LISTENING" and a
> local address
> of "0.0.0.0:80" or ":::80" (IPv6). The output's "PID" column provided
> the process ID
> (PID) of the process using port 80.
>
> I then used Task Manager to find the process names associated with that
> PIDs.
>
> I found that port 80 is being used by both task "System" by user
> "SYSTEM" for "NT Kernel and System"
> with a PID of 4 and also for task "System Idle Process" by user "SYSTEM"
> for
> "Percentage of time the processor is idle" with a PID of 0.
>
> I then tried to open nginx on my Windows 11 pro home desktop computer.
> It opened successfully
> and functioned doing reverse proxying as I desired.  For comparison
> sake, I looked at the
> tasks using port 80 as I had on my windows server.  On the desktop, the
> only task using port
> 80 is nginx.
>
> I then changed the nginx listening directives on the Windows Server
> computer to listen on
> port 90 rather than port 80.  After this change on the MS Windows Server
> 2016 nginx
> succeeded in starting and performed reverse proxying successfully.
>
> This seems to indicate that the problem is with a conflict in the use of
> port 80 rather than in my
> nginx configuration.
>
> However, remote website users browse to my website pages using the
> default port of 80 rather than port 90.
>
> How can I make the system work?
>
> For completeness I am copying the nginx.conf file listening on port 80
> below.
>
> # directives in the 'main' context
> worker_processes 1;
> events {    # events context/block
>       # configuration of connection processing
>              }
>
>   http {    # http context specific to HTTP affecting all virtual servers
>    server_names_hash_bucket_size 64;  # avoids error message for
> multiple server_Name entries
>
>    server { # configuration of yogisource HTTP virtual port 80 server
>      listen 80;
>      server_name yogisource.com www.yogisource.com;
>
>      location / {
>        proxy_pass http://yogisource.com:81/;
>        } # end of location block
>    } # end of yogisource server block
>
>    server {    # configuration of clearwaterescapes HTTP virtual port 80
> server
>      listen 80;
>      server_name clearwaterescapes.com www.clearwaterescapes.com;
>
>      location / {
>        # send local host requests of the form
> http://clearwaterescapes.com to
>        #     http://clearwaterescapes.com:8080/vo/Clearwater
>        proxy_pass http://clearwaterescapes.com:8080/vo/Clearwater/;
>        } # end of location block
>
>      location /camp/ {
>        proxy_pass
> http://clearwaterescapes.com:8080/vo/Clearwater/Camp/?Prop=2;
>        } # end of location block
>
> #     // http://clearwaterescapes.com:81/Clearwater/Camp/camprental.pdf
> works ...
>
> #    The following Nginx location directives sends clearwaterescapes.com
> urls
> #    containing case insensitive "camp" or "house" to ClearwaterEscapes on
> #     port 81 where to be served by the Microsoft IIS server
>
>      location ~* ^/camp/ {
>        set $proxy_pass_url http://ClearwaterEscapes.com:81/camp/;
>        proxy_pass $proxy_pass_url;
> #      proxy_pass http://ClearwaterEscapes.com:81/camp/ ;
>        }    # end of location block
>
>     location ~* ^/House/ {
>        set $proxy_pass_url http://ClearwaterEscapes.com:81/house/;
>        proxy_pass $proxy_pass_url;
>        }    # end of location block
>
>      }    # end of ClearwaterEscapes server block
>
>     server {    # configuration of freshpondrentals HTTP virtual port 80
> server
>          listen 80;
>          server_name freshpondrentals.com www.freshpondrentals.com;
>
>       location / {
>          # send local host requests of the form
> http://freshpondrentals.com to
>          #     http://freshpondrentals.com:8080/vo/camb
>
>          proxy_pass http://freshpondrentals.com:8080/vo/camb/;
>       }  # end of location block
>
>        location /StudioApartment/ {
>             # send local host requests of the form
>             #   http://freshpondrentals.com/camb/StudioApartment
>             # to
>             # http://freshpondrentals.com:8080/vo/camb/StudioApartment
>          proxy_pass
> http://freshpondrentals.com:8080/vo/camb/StudioApartment/index.jsp/;
>          } # end of location block
>
>        }    # end of freshpondrentals server block
>
>    server {  # configuration of oppsprops HTTP virtual port 80 server
>     listen 80;
>      server_name oppsprops.com www.oppsprops.com;
>
> #     listen 443 ssl;
> #     ssl_certificate "C:/nginx/conf/ssl/certs/oppsprops.com.crt";
> #     ssl_certificate_key "C:/nginx/conf/ssl/keys/oppsprops.com.key";
> #
> #    location / {
> #        proxy_pass http://oppsprops.com:81/;
> #    }  # end of location block
>
>    location ~ /.jsp$ {
>      set $proxy_pass_url http://oppsprops.com:8080;
>      proxy_pass $proxy_pass_url;
>      } # end of location block
>
>      location / {
>        proxy_pass http://oppsprops.com:8080/;
>        } # end of location block
>    } # end of oppsprops server block
>
>       } # end of http block
>
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240203/37d6beef/attachment-0001.htm>


More information about the nginx mailing list