Answer the question
In order to leave comments, you need to log in
How to make NGINX virtual host + ssl to remote server?
Good afternoon, please help,
there are 2 servers:
1 server is located at one point with IP xxx.xxx.xxx.xxx there is nginx + apache (there are many virtual hosts)
2 server is located at another point with IP yyy.yyy.yyy.yyy - nginx (proxy)
So I need it to proxy to the first server when accessing the second server, naturally to a certain domain, so I can configure it to be proxied, but if I fasten the certificate on the second server, it is not transmitted, that is, when I enter site certificate not found:
Here is my virtual host config on the second server with nginx
Help please
server {
server_name domain www.domain;
listen yyy.yyy.yyy.yyy:80;
listen yyy.yyy.yyy.yyy:443 ssl;
#ssl on;
ssl_certificate "/etc/nginx/cert/domain.crt";
ssl_certificate_key "/etc/nginx/cert/domain.key";
ssl_session_cache builtin:1000shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://node;
proxy_redirect off;
proxy_bind yyy.yyy.yyy.yyy;
port_in_redirect off;
set_real_ip_from eeee.eee.eee.eee/26;
real_ip_header X-Forwarded-For;
}
}
upstream node {
server xxx.xxx.xxx.xxx;
}
The essence of this setting is that I want to hide the real IP of the first machine, so proxying is needed
. Thank you.
Answer the question
In order to leave comments, you need to log in
Terminate SSL on the second machine. If there is no certificate on hand - proxy at the TCP level. (For example, via haproxy)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question