Score:0

nginx reverse proxy success in local network but failure in public network

gi flag

I'm learning how to use reverse proxy based on server names with nginx. I got everything to work 100% perfectly in home office network. But when I open up my home's firewall and port-forward external traffic to my reverse proxy server in my house, it's like nginx doesn't recognize the server name rules, and keeps using the default rule. So my question is, how do I get reverse proxy with server names to work with external traffic?

To describe what I mean, I will show a Success Scenario and the Failed Scenario.

SUCCESS SCENARIO - Reverse Proxy Of Home Network Traffic

This scenario works perfectly. I have a computer in my house. The computer has IP address of 192.168.0.30. THe computer has nginx installed. Then I added these two records to my /etc/hosts

192.168.0.31 home1.john.com
192.168.0.32 home2.john.com

Then I added this to my /etc/nginx/nginx.conf

stream {
    include stream_conf.d/*.conf;
}

Then I made this file /etc/nginx/stream_conf.d/*.conf:

log_format mqtt '$remote_addr [$time_local] $protocol $status $bytes_received '
                '$bytes_sent $upstream_addr';

map $ssl_preread_server_name $name {
    home1.john.com      hive_mq;
    home2.john.com      hive_mq2;
    default             hive_mq;
}

upstream hive_mq {
    server 192.168.0.31:1883;
    zone tcp_mem 64k;
}

upstream hive_mq2 {
    server 192.168.0.32:1883;
    zone tcp_mem 64k;
}

server {
    listen 1883;
    proxy_pass $name;
    proxy_connect_timeout 1s;

    ssl_preread on;
    access_log /var/log/nginx/mqtt_access.log mqtt;
    error_log  /var/log/nginx/mqtt_error.log;
}

Then I run these commands:

nginx # starts up nginx
nginx -s reload # make sure I am using the latest conf files

mosquitto_pub -h home1.john.com -t hello/world -m 'test to home1.john.com server' # The 192.168.0.31 successfully receives the message, and 192.168.0.32 successfully ignores this message
mosquitto_pub -h home2.john.com -t hello/world -m 'test to home2.john.com server' # The 192.168.0.32 successfully receives the message, and 192.168.0.31 successfully ignores

Everything is absolutely perfect.

FAIL SCENARIO - Reverse Proxy Of External Traffic

I went to my WiFi router and enabled port forwarding. I will take any external traffic from port 1883 and forward it to the IP address 192.168.0.30 (my reverse proxy computer with nginx on it) on port 1883.

Then I drove my car to my friend's house and took his laptop. I added these two records to his laptop's /etc/hosts file:

# assume 72.142.34.203 is my home public ipv4 address
72.142.34.203 home1.john.com
72.142.34.203 home2.john.com

Then I ran these commands on his laptop:

mosquitto_pub -h home1.john.com -t hello/world -m 'test to home1.john.com server' # The 192.168.0.31 successfully receives the message, and 192.168.0.32 successfully ignores this message

mosquitto_pub -h home2.john.com -t hello/world -m 'test to home2.john.com server' # INCORRECT OUTCOME - The 192.168.0.31 received this message, and 192.168.0.32 did not get this message

Why did 192.168.0.32 fail to get the test to home2.john.com server from the second command? It's as if the nginx reverse proxy doesn't recognize the server_name...is that information lost when I did port forwarding on my router? Or have I mis-understood something? How do I get reverse proxy with server name to work with external traffic into my home netowrk

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.