Join Log in
Score:0
avatar Server

Networking with nginx reverse proxy

va flag
Cyanmodex9

I have configured a nginx reverse proxy on a debian 11 which I can reach the application server with the subdomain from the internet. But on the internal network it does not work.

The reserve proxy is in the same subnet as the application server 172.3.0.1/24. The domain controllers are entered as DNS. The clients are in a different subnet and cannot reach the subdomain via the browser. The clients can ping the reserve proxy but when I access the subdomain with HTTPS I get a connection refused.

So the main goal is that everyone can access the subdomain and from the Internet to the subdomain, the subdomain with the special port and that via HTTPS. The access should be redirected from HTTP to HTTPS, because the application supports only port 80.

I don't understand what the problem is or if I have configured something wrong.

First Block of my configuration

 server {
  listen 80;
  return 301 https://$host$request_uri;
 }

and the second

 server {

  listen 443 ssl;
  server_name somesubdomain.www.com;

  ssl_certificate           /etc/nginx/ssl/somesubdomain.pem;
  ssl_certificate_key       /etc/nginx/ssl/somesubdomain.key;

  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  access_log            /var/log/nginx/somesubdomainweb.www.com.access.log;

  location / {

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;

  proxy_pass          http://172.3.0.x;
  proxy_read_timeout  90;

 }
}

and the last block of my configuration for access via a special port

 server {

  listen 443 ssl;
  server_name somesubdomain.www.com:27000;

  ssl_certificate           /etc/nginx/ssl/somesubdomain.pem;
  ssl_certificate_key       /etc/nginx/ssl/somesubdomain.key;

  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  access_log            /var/log/nginx/somesubdomainpath.www.com.access.log;

  location / {

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;

  proxy_pass          http://172.3.0.13:27000;
  proxy_read_timeout  90;

 }
}

Thank you for the help

97
0 + 0
Score:0
avatar Server
va flag
Cyanmodex9

I have managed to solve my problem. A new network adapter was added and configured and the routing was controlled and adjusted.

I then allowed the allowed subnets in the server block and controlled the configuration and performed a reload. Then everything worked!

I hope this way helps someone with same head banging.

  • Control DNS
  • Allow the subnets and also the reachability
  • Routing control
  • In our case a second network adapter which was configured
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.