W
W
winmasta2017-04-07 13:28:26
Nginx
winmasta, 2017-04-07 13:28:26

How to properly configure nginx proxypass?

Good afternoon everyone. There is a web server on the local network that was accessible from the outside, through port forwarding (pfsense) TCP 80, 443, 4055. When you entered the web interface and entered your login and password, the "web phone" was opened. There was a need on the external address to have access to different machines by dns names on ports 80 and 443. For this, it was decided to use nginx as a reverse proxy (maybe there are easier solutions) with a reserve for possible future load balancing for some sites. Address nginx 192.168.1.2 Changed port forwarding 80 and 443 to 192.168.1.2 In the nginx configuration I registered (here only the part relating to this particular server, the rest are configured by analogy)
server {
listen 443 ssl;
server_name DOMAIN.SERVER.NAME;
ssl_certificate /etc/ssl/certs/fullchain.pem;
ssl_certificate_key /etc/ssl/private/0000_key-certbot.pem;
ssl_protocols TLSv1 TLSv1.1 TLSV1.2;
access_log /var/log/nginx/proxy.log;
location / {
proxy_pass https://192.168.1.1:443;
}
}
server {
listen 80;
server_name DOMAIN.SERVER.NAME;
access_log /var/log/nginx/oktell_proxy.log;
location / {
proxy_pass http://192.168.1.1;
}
}
Now the web interface of the server is accessible from the outside by dns name (as well as other servers), but after entering the login and password, an error occurs. I do not understand what the problem is and where it is in general. I would be glad to hear any comments and tips from experienced people on the existing setup (may need to be changed), as well as to see links to articles on setting up such configurations. Thank you all in advance.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
W
winmasta, 2017-04-13
@winmasta

here is the error when entering
VM197:37 WebSocket connection to 'ws://oktell.ooossa.ru/' failed: Error during WebSocket handshake: Unexpected response code: 200
As you can see, the site uses a web socket, so you need to add a couple of directives to the config
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
it works now

A
Andrey Zubkov, 2017-04-07
@zubkov_work

Add to location/
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
And look at the error in the nginx logs
. And yet, remove the https port. He's redundant.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question