Join Log in
Score:1
MoRK avatar Server

Nginx Reverse-Proxy Only Works On Internal Network

ma flag
MoRK

I wanted to accomplish the following goal and get it working on an internal network, however, this doesn't work externally.

Goal: Deploying nginx to reverse proxy n servers with different private ip addresses, and only open ports 80/443 on the router and forward it to the Nginx server in the backend.

Ngix version 1.18.0 on Ubuntu 22.04 LTS (Jammy Jellyfish)

I have a domain name which points to my router's public ip, and I have a nginx reverse proxy config which only works good when I'm connected to home wifi (internal network), but backend servers won't be accessible if I try my LTE on my phone, for example.

Here is my reverse-proxy.conf:

    server {
        server_name my.domainname.com;
        access_log /var/log/nginx/reverse-access.log;
        error_log /var/log/nginx/reverse-error.log;
        
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate /etc/ssl/certs/localhost.crt;
        ssl_certificate_key /etc/ssl/private/localhost.key;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;


        location /guac/ {
        proxy_pass http://privateip1:port/guacamole/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_cookie_path /guacamole/ /guac/;
        access_log off;
        }

        location / {
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_pass http://privateip2:port;
        
        }
        

        location /api {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://privateip:port;
        }


    }

    server {
        listen 80;
        listen [::]:80;
        server_name my.domainname.com;
        return 301 https://$server_name$request_uri;
    }

For more information, I saw it on the phone that browser was trying to access private ip address 192.x.x.x, then I tried to make another port forwarding rule on the router and point it to that server, but still got the same unreachable error on my phone after replacing the private ip with the public ip of the router with that newly opened port. I also allowed the firewall rule on that server to accept tcp/udp on its port and make sure nothing is on the way, but still no luck.

So, my question is, is it possible to accomplish this goal with nginx reverse proxy?

Please let me know if you need more info.

Thanks,

945
1 + 3
Vadim avatar
ar flag
Vadim
Are there any records in the reverse-access.log when you try your LTE on your phone?
0
Reply
MoRK avatar
ma flag
MoRK
good point, so my phone wasn't able to resolve the domain name for some reason, but when I did the hotspot and connected with my comupter, got 502 bad gateway on the browser screen and the following in reverse-error.log. seems like upstream fails and it's unable to get the site logo. error 3312 connect() failed (113: Unknown error) while connecting to upstream. "GET /favicon.ico HTTP/1.1" could it be because https is going to http? If so, why is it not happening on the other network? browser console error GET http://my.domainname.com/favicon.ico 502 (Connection refused)
0
Reply
Orphans avatar
cn flag
Orphans
Try to change the "location" to "guacamole" instead of "guac".
0
Reply
Score:0
MoRK avatar Server
ma flag
MoRK

Ok, I figured it out, it was my router. I turned on DMZ and added Nginx server as DMZ host and it's now accessible from the internet.

Two posts helped me figure this out:

Superuser post

Stackoverflow post

Thanks,

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.