My Problem is:
I have a server with an internal domain name service.internal.example.com which redirects all clients asking for another domain to its FQDN https://service.internal.example.com. This server is not under my control and must continue to be reachable as service.internal.example.com.
My job is to setup a proxy that makes this service reachable from the completely separated external.example.com DNS domain. (This means the DNS zones does not know about each other and external DNS queries will be answered with NXDOMAIN for *.internal.example.com)
I have also no control over the DNS domains.
I tried proxy pass, setting the Host header and rewriting but nothing worked so far.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name service.external.example.com;
location / {
rewrite ^(.*) https://service.internal.example.com$1 break;
proxy_pass https://10.1.2.3/; # ip of service.internal.example.com
proxy_redirect off;
proxy_set_header Host "service.internal.example.com";
proxy_cookie_domain service.internal.example.com service.external.example.com;
sub_filter "service.internal.example.com" "service.external.example.com";
sub_filter_once off;
}
ssl_certificate "/etc/pki/nginx/example.crt";
ssl_certificate_key "/etc/pki/nginx/example.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
}
I would be grateful for some advice.
