P
P
paralolik2020-10-20 23:31:58
Nginx
paralolik, 2020-10-20 23:31:58

How to redirect ssl port to another one in nginx?

I have a nextcloud server in a docker container with my reverse proxy, I configured it so that it listens on port 91 and 544 (ssl), how do I configure the nginx config so that when accessing https://nextcloud.domain.com on port 433, he redirected this ssl traffic to port 544 and used the port 544 certificate?

With normal http traffic, it’s clear to me that proxy_pass should be used, but I can’t figure out how to do this with ssl traffic, I can’t get certificates from nextcloud’s proxy container

, something like this happened, but it doesn’t work

server {
        listen 80;
        server_name nextcloud.domain;

        return 301 https://$server_name$request_uri;
}
server {
        listen 443 ssl;
        server_name nextcloud.domain;

        location / {
                proxy_pass https://10.10.10.10:544;
        }
}

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Viktor Taran, 2020-10-21
@paralolik

You did everything right, everything you need to issue new or old certificates to the proxy server,
if you issue self-signed certificates and sign it, then everything will work, the
back will work with your front with your own, there will be no conflict
. also trustworthy, regardless of the backing, which can be generally 80, but I would not recommend that.
If you have a trust certificate on the back and you want the external to be on it, then without options you will need to pull up certificates, this is quite easy to do, there are many ways.
BUT how far I see you just have an IP, respectively, the LE certificate will no longer work.
But if you made a nextcloud .site.ru domain, then you could already get a certificate for it (I think you have a site?)
In this case, you get the certificate at the front and proxy wherever you want.

K
ky0, 2020-10-20
@ky0

Same as with HTTP. For the nginx proxy pass, it doesn't matter what certificate and port it is, just specify the https scheme, and that's it.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question