NGINX as HTTP / HTTPS Proxy
sudo yum install epel-release
sudo yum install nginx
sudo systemctl start nginx
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
sudo systemctl enable nginx
discover interfaces:
ip addr
Find public IP for interface ens160
ip addr show ens160 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
Notes:
Default server root is /usr/share/nginx/html
Default server blocks file is /etc/nginx/init.d/ /etc/nginx/conf.d/default.conf
Default global configuration: /etc/nginx/nginx.conf
To add new server block, create a file with .conf extension inside: /etc/nginx/conf.d/
To redirect, insert a statement using one of these techniques:
--------------------------- rewrite commands in HTTP server blocks --------------------
rewrite ^/support /(.*) break;
rewrite ^/(.*)$ redirect;
---------------------------
server {
listen 80;
server_name support.kimconnect.com;
return 301 $scheme://192.168.100.20$request_uri;
}
---------------------------
server {
listen 443;
server_name help.kimconnect.com;
ssl on;
ssl_certificate /etc/nginx/tls/help.crt;
ssl_certificate_key /etc/nginx/tls/help.key;
keepalive_timeout 70;
location / {
rewrite ^ relay://help.kimconnect.com:443/ permanent;
proxy_set_header Host $host;
}
}
To save a read-only file in VIM: :w !sudo tee % > /dev/null
How to setup reverse proxy for other servers
Source: https://stackoverflow.com/questions/13240840/nginx-reverse-proxy-multiple-backends
server {
server_name support.kimconnect.com;
# app1 reverse proxy follow
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $scheme://192.168.100.20$request_uri;
}
server {
server_name kim.kimconnect.com;
# app2 reverse proxy settings follow
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $scheme://192.168.100.20$request_uri;
}
server {
listen 80;
server_name <FQDN>;
rewrite ^ https://<FQDN> permanent;
}
server {
listen 443;
server_name <FQDN>;
ssl on;
ssl_certificate <CERTIFICATE FILE>;
ssl_certificate_key <CERTIFICATE KEY FILE>;
keepalive_timeout 70;
root <EMPTY DIRECTORY>
location / {
proxy_pass http://localhost:8040/;
proxy_redirect default;
}
}
-----------------------------------
server {
listen 443;
server_name help.kimconnect.com;
ssl on;
ssl_certificate /etc/nginx/tls/help.crt;
ssl_certificate_key /etc/nginx/tls/help.key;
location / {
proxy_pass $scheme://192.168.100.20$request_uri;
proxy_set_header Host $host;
}
}
April 1, 2019April 1, 2019
0 Comments