Join Log in
Score:0
user3882511 avatar Server

Multi service with different ports how configure nginx proxy

in flag
user3882511

I have the following structure:

public ip <-> vm host <-> vms

There are two vms: vm1_proxy_nginx vm2_service_docker_vm (using ports 9000-9005)

Service_VM is a dashboard server working on exposed ports 9001,9002 and 9005 for authentification, login, and data logging communication between the users and the vm.

Now I redirected in nginx reverse proxy http and https to /9001 for login.

Then I found out that this configuration leads to problems because the communication back is not given (after successfull login, server redirect to 9002 dashboard service)

https://ip.ip.ip.io:9002/?token=

Does someone have an idea how to handles this problem without losting security and ssl problems?

I know the reimplement the service not to use exposed ports like this, but I need meanwhile a solution....

154
0 + 0
Score:0
avatar Server
br flag
MoWo

The easiest way to solve this is to preserve all the standard ports and just create 2 server blocks in your configuration, one for every port, acting as reverse proxies forwarding all traffic to the target port. For example:

server {
        listen 9001 ssl http2;
        ssl_certificate         *path-to-certificate*;
        ssl_certificate_key     *patch-to-private-key;
        server_name xyz.yourdomain.com;

              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_pass      http://*ipofupstreamserver*:9001;
}

server {
        listen 9002 ssl http2;
        ssl_certificate         *path-to-certificate*;
        ssl_certificate_key     *patch-to-private-key;
        server_name xyz.yourdomain.com;

              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_pass      http://*ipofupstreamserver*:9002;
}

server {
        listen 9005 ssl http2;
        ssl_certificate         *path-to-certificate*;
        ssl_certificate_key     *patch-to-private-key;
        server_name xyz.yourdomain.com;

              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_pass      http://*ipofupstreamserver*:9005;
}

You may have to adjust to whether you want to use http or https for upstream communication of course or you could put the frontend that will present the login interface onto a standard port 443 if it should be public facing and there are tons of other options to tweak but this should get you started.

0 + 0
user3882511 avatar
in flag
user3882511
thx for help. listen 9001 means that i have to open also this port or? what if i only want to use the default incomming ports of 80 and 443. And use the rproxy to connect to internal service ports 9001, 9002, 9005 Is this possible?
0
Reply
br flag
MoWo
@user3882511 well if your application works without those ports then yes. If it requires those ports, then no. the problem is that if your application assumes that it can use those ports and instructs the browser to make a connection to those ports but they are blocked, then no connection can be established... thus things will likely not work :)
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.