Join Log in
Score:1
Bouarfa Mahi avatar Server

nginx with subdomains and two servers

vi flag
Bouarfa Mahi

I have two servers: the first one has the IP address 192.168.1.216 and is configured with the hostname hub.domain.tld (jupyterhub). The DNS record is pointing to the public IP address, and all requests on ports 80 and 443 are forwarded to 192.168.1.216.

The initial Nginx configuration on the first server was simple to set up and is functioning properly.

However, the issue arises with the second server, which is also configured with Nginx as described below. The problem is, that all requests made to vscode.domain.tld are being redirected to hub.domain.tld instead of 192.168.1.234:8080 (code-server)

However, when I move and add this configuration to the first server, everything works perfectly.

I want to split the configuration file. Because I want to containerize Nginx in the docker compose:

  • code-server,
  • questdb,
  • grafana.
# /etc/nginx/sites-available/default




# top-level http config for websocket headers
# If Upgrade is defined, Connection = upgrade
# If Upgrade is empty, Connection = close
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# HTTP server to redirect all 80 traffic to SSL/HTTPS
server {
    listen 80;
    server_name vscode.domain.tld;

    # Tell all requests to port 80 to be 302 redirected to HTTPS
    return 302 https://$host$request_uri;
}

# HTTPS server to handle VS Code
server {
    listen 443 ssl;
    server_name vscode.domain.tld;

    ssl_certificate /etc/letsencrypt/live/vscode.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vscode.domain.tld/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;

    # Managing literal requests to the VS Code front end
    location / {
        proxy_pass http://192.168.1.234:8080;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # websocket headers
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Scheme $scheme;

        proxy_buffering off;
    }

    # Managing requests to verify letsencrypt host
    location ~ /.well-known {
        allow all;
    }
}
101
1 + 3
ws flag
symcbean
It might be helpful to see the config from the external proxy since you've established that the config you've shown us works if run there. Also WHAT (of front proxy, back proxy, vscode service) is returning the redirect?
0
Reply
Bouarfa Mahi avatar
vi flag
Bouarfa Mahi
On the first server i am using the same configuration file template with: # Managing literal requests to the JupyterHub front end location / { proxy_pass http://127.0.0.1:8000;
0
Reply
Bouarfa Mahi avatar
vi flag
Bouarfa Mahi
telnet connection from the first server to the second one is established. telnet 192.168.1.234 8080
0
Reply
Score:0
Saxtheowl avatar Server
by flag
Saxtheowl

Nginx is not correctly configured to proxy_pass, there is no proxy configuration to direct traffic to the code-server at 192.168.1.234:8080.

In your HTTPS server block lets add this block to proxy requests:

server {
    listen 443 ssl;
    server_name vscode.domain.tld;

    ssl_certificate /etc/letsencrypt/live/vscode.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vscode.domain.tld/privkey.pem;

    # ...

    location / {
        proxy_pass http://192.168.1.234:8080;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Accept-Encoding gzip;
    }
}
+ 1
Bouarfa Mahi avatar
vi flag
Bouarfa Mahi
yes there is a proxy configuration.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.