How to configure Nginx reverse proxy for all ports?

N

Nazar Mokrinsky2014-07-28 00:26:40

Nginx

Nazar Mokrinsky, 2014-07-28 00:26:40

The situation is as follows:
* one physical server with a dedicated IP
* several virtual machines
It is necessary:
* depending on the domain, proxy all ports to a specific virtual machine (that is, example1.com:22 will go to the first virtual machine, and example2.com:22 to the second one)
* proxying must be invisible to the virtual machine (remote addr and the like) so that it seems to it that it is looking into the world directly.
Search basically gives a solution for other kinds of problems.
If I'm wrong about something - please correct me, the main thing is to solve the problem.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

N

Nazar Mokrinsky, 2014-08-03
@nazarpc

With such statement of the problem it is not solved.
Since in fact, not virtual machines are used, but Docker containers - I decided using reverse proxy for http / https, binding to other ssh ports of containers where it is, and dedicated IP for more complex situations.

S

shurph, 2014-07-28
@shurph

It seems that it will not be possible to automatically proxy all ports. For each port, you will need to write lines in the config separately. For your example, you'll need something like this:

server {
    listen 22;
    server_name example1.com;
    location / {
        proxy_pass http://192.168.1.1:22;
    }
}
server {
    listen 22;
    server_name example2.com;
    location / {
        proxy_pass http://192.168.1.2:22;
    }
}

read this about remote_addr:
habrahabr.ru/post/177113
As far as I understand, putting the user's address in remote_addr will not work on the nginx side.
UPD (based on the discussion in the comments) :
I have doubts that this can be configured using nginx (and indeed, configured).
Firstly, nginx is an http server and, accordingly, an http proxy (except that it also supports mail protocols). If other protocols are needed, then other solutions should be used.
Secondly, I'm very unsure that when connecting using other protocols, you will be able to determine that the user is connecting to the example1.com domain, and not to example2.com.
After all, how is the domain determined in the case of http? The browser sends this request to the server by connecting to example1.com:

GET / HTTP/1.0
Host: example1.com

L

Lynn "Coffee Man", 2014-07-28
@Lynn

In this formulation, the problem is not solved in principle.
Firstly, nginx is an http/mail server and cannot proxy any protocol. (Perhaps someone wrote a module for balancing MySQL, but it's still another special case of the protocol, and not any protocol).
Secondly, the concept of a domain exists only in http, and in the same ssh the client connects via an IP:port pair and does not transmit any additional data.
Thirdly, why all this? Usually it is enough to proxy http (definition by domains works fine here) and forwarding ssh with separation by ports.

P

Puma Thailand, 2014-07-28
@opium

nginx is not able to proxy your ssx
, and in general, no one can proxy ssx by domain, since the domain is most likely not transferred in it.
buy IPs and give them to each virtual machine, it costs every penny.

G

Gasoid, 2014-07-29
@Gasoid

iptables decides in this case