How to proxy in nginx to local ip?

M

Maxim Malikov2018-06-19 14:41:46

Nginx

Maxim Malikov, 2018-06-19 14:41:46

Task : We need to accept requests from WebHook Telegram to the local server.
Problem : telegram is blocked, then no requests go through. It was decided to deploy nginx as a proxy somewhere abroad and redirect requests to the local server through it.
The local server is configured to listen to the Internet, everything is given to the external ip as needed.
Proxy config:

server {
    access_log  /var/log/nginx/income-proxy-access.log;
    error_log	/var/log/nginx/income-proxy-error.log;

    listen	443 ssl;
    listen 	80;
    server_name	<внешний ip proxy сервера>;
    charset		utf-8;
    client_max_body_size 10m;
  
    ssl_ciphers 				RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers 	on;
    ssl_protocols 			TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache   		shared:SSL:10m;
    ssl_session_timeout 		10m;
  
    ssl_certificate     /etc/nginx/ssl/income-proxy.pem;
    ssl_certificate_key	/etc/nginx/ssl/income-proxy.key;
  
    proxy_set_header HOST $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
        proxy_pass http://<внешний ip локального сервера>;
    }
}

When I open https://<external ip proxy server> in a browser, I get a 502 error.
In the proxy server log there is such an error:

2018/06/19 06:32:53 [error] 30496#0: *115159 connect() failed (113: No route to host) while connecting to upstream, client: <local ip>, server: , request: "GET /api/test HTTP/1.1", upstream: " http://ip_local_server:80/api/test ", host: "ip_proxy"

Why is this happening?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

Karim Kyatlottyavi, 2018-06-19
@maxttor

Disposable option
Open a tunnel between your external server, which will send requests from its port 6666 to you on localhost:3000
You will be launched to the server and while your ssh connection is active, the tunnel will work. Then you need to correct the nginx config on the external server.

server {
    listen 443 ssl;
    server_name  server.ru;

    location / {
        proxy_pass http://localhost:6666;

        proxy_set_header  Host $http_host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_set_header  X-Forwarded-Host $http_host;
    }
}

A more thorough approach to create a tunnel.

# https://stackoverflow.com/a/15198031
% ssh -M -S expose.socket -fnNT -R 6666:localhost:3000 [email protected]                                                                                                                                                                       
% ssh -S expose.socket -O check [email protected]                                                                                                                                                                                              
Master running (pid=71660)
% ssh -S expose.socket -O exit [email protected]

V

Vladimir Skibin, 2018-06-19
@megafax

Don't be fooled, raise 6in4 with any tunelbroker on the server. Incoming requests are not blocked, only outgoing ones, and go to api through ipv6.