how to access from outside my application protected by nginx reverse proxy?

Question

my application works and is accessible normally in the local network and the internet network. but when I put it behind nginx (reverse proxy), it is no longer accessible from the internet. anyone know why?

Answer 1

bobbyiliev March 13, 2020

Hi there @mmuhammadeuss,

I think that it might be due to your firewall, make sure that port 80 and 443 are open.

Another thing that could be causing the issue is the Nginx reverse proxy configuration.
Could you share your exact Nginx configuration?

Also, is your application running on a DigitalOcean Droplet or on your local PC?

Regards,
Bobby

Reply Report

mmuhammadeuss March 13, 2020
thank you for your interest in my concern. I use centos and I have authorized ports 8081 and 443 (firewalld). my application runs on my local pc.
here is my config file:

user nginnnx; worker_processes 1; events { worker_connections 1024; } http { include /opt/nginx/conf/mime.types; include /opt/nginx/conf/naxsi_core.rules; default_type application/octet-stream; access_log /var/log/access.log; error_log /var/log/error.log; sendfile on; keepalive_timeout 65; tcp_nodelay on; gzip on; gzip_disable "MSIE [1-6].(?!.*SV1)"; server { listen 8081; server_name my.spacze.org; access_log off ; error_log off ; location /RequestDenied { return 403; } error_page 403 /403_error.html; location = /403_error.html { root /usr/share/nginx/html; internal; } } server { listen 443 ssl; server_name my.spacze.org; access_log off ; error_log off ; ssl_certificate /etc/certs/spa.crt; ssl_certificate_key /etc/private/keyy.key; error_page 403 /403_error.html; location = /403_error.html { root /usr/share/nginx/html; internal; } error_page 404 /404_error.html; location = /404_error.html { root /usr/share/nginx/html; internal; } location ~/home/(.*)$ { resolver 4.4.4.4; include /opt/nginx/conf/naxsi.rules; proxy_pass https://inter.apopzs.org/$1; } } }

so in the local network and from the internet the link https://inter.apopzs.org/ works properly. but once behind the reverse proxy, the link https://my.spacze.org/home/ which must show the content of the link https://inter.apopzs.org/ does not work from the internet but only in the local network .
I use the resolver command because I am behind a firewall
Reply Report
- bobbyiliev March 26, 2020
  
  Hi there @mmuhammadeuss,
  
  Are there any errors in your Nginx error log? You can check that with the following command:
  
  tail -100 /var/log/error.log
  
  Feel free to share the output here.
  Regards,
  Bobby
  
  Reply Report
  
  mmuhammadeuss March 26, 2020
  
  Thank you for your interest.
  by analyzing the results of the command:
  
  at first sight nothing special; the 100 errors generated are in fact the failed intrusion attempts of my vulnerability scanner. Example link
  
  even in my network architecture doing portforwarding it doesn’t work … I always have the error Object not found! The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again . Error 404.
  
  I don’t know if it’s my network architecture that poses the problem; I am confused and stuck;
  
  Reply Report
  
  mmuhammadeuss March 27, 2020
  
  my network topology is as follows:
  -the local network application runs on different servers and some are accessible from the internet;
  -a nginx/naxsi server is in place to protect these applications. this nginx/naxsi server must be accessible from the internet. a reverse proxy was set up by also protecting my applications behind the naxsi firewall.
  what remains for me to do is make this nginx/naxsi server accessible from the internet; I would like my protected applications behind naxsi to be accessible from the internet.
  
  Reply Report
  
  bobbyiliev June 14, 2020
  
  Hi there @mmuhammadeuss,
  
  I could suggest pining the inter.apopzs.org domain name from your Droplet to see if you get a response. If you do not get a response, I could suggest adding an entry to your /etc/hosts file so that your Droplet could resolve the domain.
  
  Also if you get a response, I would suggest trying to run curl -IL inter.apopzs.org from your Droplet and see if you get the correct response.
  
  Another thing that you could try doing is to run a traceroute from your Droplet to your inter.apopzs.org domain:
  
  traceroute inter.apopzs.org
  
  Let me know how it goes.
  Regards,
  Bobby
  
  Reply Report
mmuhammadeuss March 25, 2020

Hi there,

no solution?
Reply Report

Answer 2

mmuhammadeuss March 13, 2020
thank you for your interest in my concern. I use centos and I have authorized ports 8081 and 443 (firewalld). my application runs on my local pc.
here is my config file:

user nginnnx; worker_processes 1; events { worker_connections 1024; } http { include /opt/nginx/conf/mime.types; include /opt/nginx/conf/naxsi_core.rules; default_type application/octet-stream; access_log /var/log/access.log; error_log /var/log/error.log; sendfile on; keepalive_timeout 65; tcp_nodelay on; gzip on; gzip_disable "MSIE [1-6].(?!.*SV1)"; server { listen 8081; server_name my.spacze.org; access_log off ; error_log off ; location /RequestDenied { return 403; } error_page 403 /403_error.html; location = /403_error.html { root /usr/share/nginx/html; internal; } } server { listen 443 ssl; server_name my.spacze.org; access_log off ; error_log off ; ssl_certificate /etc/certs/spa.crt; ssl_certificate_key /etc/private/keyy.key; error_page 403 /403_error.html; location = /403_error.html { root /usr/share/nginx/html; internal; } error_page 404 /404_error.html; location = /404_error.html { root /usr/share/nginx/html; internal; } location ~/home/(.*)$ { resolver 4.4.4.4; include /opt/nginx/conf/naxsi.rules; proxy_pass https://inter.apopzs.org/$1; } } }

so in the local network and from the internet the link https://inter.apopzs.org/ works properly. but once behind the reverse proxy, the link https://my.spacze.org/home/ which must show the content of the link https://inter.apopzs.org/ does not work from the internet but only in the local network .
I use the resolver command because I am behind a firewall
Reply Report
- bobbyiliev March 26, 2020
  
  Hi there @mmuhammadeuss,
  
  Are there any errors in your Nginx error log? You can check that with the following command:
  
  tail -100 /var/log/error.log
  
  Feel free to share the output here.
  Regards,
  Bobby
  
  Reply Report
  
  mmuhammadeuss March 26, 2020
  
  Thank you for your interest.
  by analyzing the results of the command:
  
  at first sight nothing special; the 100 errors generated are in fact the failed intrusion attempts of my vulnerability scanner. Example link
  
  even in my network architecture doing portforwarding it doesn’t work … I always have the error Object not found! The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again . Error 404.
  
  I don’t know if it’s my network architecture that poses the problem; I am confused and stuck;
  
  Reply Report
  
  mmuhammadeuss March 27, 2020
  
  my network topology is as follows:
  -the local network application runs on different servers and some are accessible from the internet;
  -a nginx/naxsi server is in place to protect these applications. this nginx/naxsi server must be accessible from the internet. a reverse proxy was set up by also protecting my applications behind the naxsi firewall.
  what remains for me to do is make this nginx/naxsi server accessible from the internet; I would like my protected applications behind naxsi to be accessible from the internet.
  
  Reply Report
  
  bobbyiliev June 14, 2020
  
  Hi there @mmuhammadeuss,
  
  I could suggest pining the inter.apopzs.org domain name from your Droplet to see if you get a response. If you do not get a response, I could suggest adding an entry to your /etc/hosts file so that your Droplet could resolve the domain.
  
  Also if you get a response, I would suggest trying to run curl -IL inter.apopzs.org from your Droplet and see if you get the correct response.
  
  Another thing that you could try doing is to run a traceroute from your Droplet to your inter.apopzs.org domain:
  
  traceroute inter.apopzs.org
  
  Let me know how it goes.
  Regards,
  Bobby
  
  Reply Report
mmuhammadeuss March 25, 2020

Hi there,

no solution?
Reply Report

Related

Question

how to access from outside my application protected by nginx reverse proxy?

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

how to access from outside my application protected by nginx reverse proxy?

Related

Leave a comment

Related

question

my site i down please see http://www.cheri3a.com/

question

How do I get a SSL certificate for my WSGI Flask server so it can send data over HTTPS?

question

Same Website Open On different Domain On single droplet

question

my html mobile sensor not working in this server, but its work on other server

Looking for something else?