Score:0

Nginx serve mutliple services via https on different port

cn flag

Web is not my field but i thought i could handle it.

The purpose is quite simple:

Got 3 services i want to serve from the same Virtual Machine on the same network.

elastic:8881 > ssl > :8881 kibana:5601 > ssl > :8882 webserver:80 > ssl < :443

I managed to serve elastic and kibana without any problems following the documentation with this configuration on nginx :

/etc/nginx/conf.d/servestuff.conf

ssl_certificate /etc/ssl/certs/nginx-autosigne.crt;
ssl_certificate_key /etc/ssl/private/nginx-autosigne.key;

upstream elasticsearch {
    server 127.0.0.1:9200;
    keepalive 15;
  }

upstream kibana {
    server 127.0.0.1:5601;
    keepalive 15;
  }

server {
    listen 8881 ssl;

    location / {
      auth_basic "Restricted Access";
      auth_basic_user_file /etc/nginx/htpasswd.users;


      proxy_pass http://elasticsearch;
      proxy_redirect off;
      proxy_buffering off;

      proxy_http_version 1.1;
      proxy_set_header Connection "Keep-Alive";
      proxy_set_header Proxy-Connection "Keep-Alive";
    }

  }
server {
    listen 8882 ssl;

    location / {
      auth_basic "Restricted Access";
      auth_basic_user_file /etc/nginx/htpasswd.users;

      proxy_pass http://kibana;
      proxy_redirect off;
      proxy_buffering off;

      proxy_http_version 1.1;
      proxy_set_header Connection "Keep-Alive";
      proxy_set_header Proxy-Connection "Keep-Alive";
    }
}

As i feel lazy, naive and lack some skills i thought i could serve the web with this block :

    upstream thewebthing {
        server 127.0.0.1:443;
        keepalive 15;
      }


    server {
    listen 443 ssl;
    server_name thewebthing;
    large_client_header_buffers 4 16k;
    location / {
      error_log /var/log/nginx/thewebthing.log info;
      root /var/www/thewebthing/public;
      index index.html index.htm index.php;
      proxy_pass http://thewebthing;
      proxy_redirect off;
      proxy_buffering off;
      proxy_http_version 1.1;
      proxy_set_header Connection "Keep-Alive";
      proxy_set_header Proxy-Connection "Keep-Alive";
    }
  }

I knew it couldn't be that easy. I tried to troubleshoot ny reading logs giving me :

==> /var/log/nginx/access.log <==
127.0.0.1 - - [25/Mar/2022:16:45:29 +0100] "GET /var/www/thewebthing/public/index.php HTTP/1.1" 400 271 "-" "curl/7.64.0"                                                                     
192.168.2.249 - - [25/Mar/2022:16:45:29 +0100] "GET /var/www/thewebthing/public/index.php HTTP/1.1" 400 271 "-" "curl/7.64.0"                                                                 

==> /var/log/nginx/thewebthing.log <==
2022/03/25 16:45:29 [info] 863#863: *4531 client 192.168.2.249 closed keepalive connection

curl giving me this :

curl -k https://192.168.2.249/var/www/thewebthing/public/index.php

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.14.2</center>
</body>
</html>

I guess it has something to do with nginx considering i'm giving http request to https. 443 is openned but not the 80 :

ss -lapunte | grep -E '443|80'


tcp   LISTEN 0      128                0.0.0.0:443                0.0.0.0:*      ino:66759 sk:1d <->  

I got no firewall, no apparmor or Selinux, permissions are www-data i tried to increase logging.

As you can notice i'm not confortable with the web thing. That is why i'm looking for some hints, clue to drive me on the right track.

Thank you kind stranger.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.