Most likely what you want to do is configure Nginx to listen on the HTTPS port, and configure it to proxy through to your ocserv process running on a different local port. Nginx would need to decide which site to serve, and to differentiate it could key off either:
- the host (e.g., vpn.yourdomain.com versus web.yourdomain.com).
- the prefix path (e.g., web.yourdomain.com/vpn/).
The host would be the best approach. In that configuration, you would configure the two DNS entries to point to the same IP address. Nginx config would look something like this:
server {
# SSL configuration
#
listen 443 ssl default_server;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
server_name web.yourdomain.com;
location ~ / {
root /var/www/html/blank/;
try_files $uri $uri/ =404;
allow all;
}
}
server {
# SSL configuration
#
listen 443;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name vpn.yourdomain.com;
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 120s;
proxy_read_timeout 600s;
proxy_pass http://127.0.0.1:1234/;
}
}
In that configuration, from the outside, both services would be available via the same IP/port (HTTPS/443). They'd use different DNS hostnames (web.yourdomain.com and vpn.yourdomain.com) both pointing to the same IP. Your ocserv process would be listening on local port 1234 in this example
