Related

NGINX Config Generator

Easily configure a performant, secure, and stable NGINX server.

 Learn More
my site i down please see http://www.cheri3a.com/ Question Question
How do I get a SSL certificate for my WSGI Flask server so it can send data over HTTPS? Question Question

Question

how to access from outside my application protected by nginx reverse proxy?

Posted March 13, 2020 3.1k views
NginxApplications

my application works and is accessible normally in the local network and the internet network. but when I put it behind nginx (reverse proxy), it is no longer accessible from the internet. anyone know why?

Add a comment
mmuhammadeuss
By:
mmuhammadeuss

Related

NGINX Config Generator

Easily configure a performant, secure, and stable NGINX server.

 Learn More
my site i down please see http://www.cheri3a.com/ Question Question
How do I get a SSL certificate for my WSGI Flask server so it can send data over HTTPS? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
bobbyiliev March 13, 2020

Hi there @mmuhammadeuss,

I think that it might be due to your firewall, make sure that port 80 and 443 are open.

Another thing that could be causing the issue is the Nginx reverse proxy configuration.
Could you share your exact Nginx configuration?

Also, is your application running on a DigitalOcean Droplet or on your local PC?

Regards,
Bobby

Reply Report
  • mmuhammadeuss March 13, 2020

    thank you for your interest in my concern. I use centos and I have authorized ports 8081 and 443 (firewalld). my application runs on my local pc.
    here is my config file:

    user nginnnx;
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include /opt/nginx/conf/mime.types;
    include /opt/nginx/conf/naxsi_core.rules;
    default_type  application/octet-stream;
    access_log /var/log/access.log;
    error_log /var/log/error.log;
    sendfile        on;
    keepalive_timeout  65;
    tcp_nodelay on;
    gzip  on;
    gzip_disable "MSIE [1-6].(?!.*SV1)";
    server {
        listen 8081;
        server_name my.spacze.org;
        access_log off ;
        error_log off ;
location /RequestDenied {            return 403;        }

error_page 403 /403_error.html;
        location = /403_error.html {
            root /usr/share/nginx/html;
            internal;        }
 }
    server {
        listen 443 ssl;
        server_name my.spacze.org;
        access_log off ;
        error_log off ;
        ssl_certificate /etc/certs/spa.crt;
        ssl_certificate_key /etc/private/keyy.key;
error_page 403 /403_error.html;
        location = /403_error.html {
            root /usr/share/nginx/html;   
            internal;
        }

error_page 404 /404_error.html;
        location = /404_error.html {
            root /usr/share/nginx/html;
            internal;
        }
location ~/home/(.*)$ {
resolver 4.4.4.4;
 include /opt/nginx/conf/naxsi.rules;
proxy_pass https://inter.apopzs.org/$1;
}
           }
}

    so in the local network and from the internet the link https://inter.apopzs.org/ works properly. but once behind the reverse proxy, the link https://my.spacze.org/home/ which must show the content of the link https://inter.apopzs.org/ does not work from the internet but only in the local network .
    I use the resolver command because I am behind a firewall

    Reply Report
    • bobbyiliev March 26, 2020

      Hi there @mmuhammadeuss,

      Are there any errors in your Nginx error log? You can check that with the following command:

      • tail -100 /var/log/error.log

      Feel free to share the output here.
      Regards,
      Bobby

      Reply Report
      • mmuhammadeuss March 26, 2020

        Thank you for your interest.
        by analyzing the results of the command:

        • at first sight nothing special; the 100 errors generated are in fact the failed intrusion attempts of my vulnerability scanner. Example link

        even in my network architecture doing portforwarding it doesn’t work … I always have the error Object not found! The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again . Error 404.

        I don’t know if it’s my network architecture that poses the problem; I am confused and stuck;

        Reply Report
      • mmuhammadeuss March 27, 2020

        my network topology is as follows:
        -the local network application runs on different servers and some are accessible from the internet;
        -a nginx/naxsi server is in place to protect these applications. this nginx/naxsi server must be accessible from the internet. a reverse proxy was set up by also protecting my applications behind the naxsi firewall.
        what remains for me to do is make this nginx/naxsi server accessible from the internet; I would like my protected applications behind naxsi to be accessible from the internet.

        Reply Report
        • bobbyiliev June 14, 2020

          Hi there @mmuhammadeuss,

          I could suggest pining the inter.apopzs.org domain name from your Droplet to see if you get a response. If you do not get a response, I could suggest adding an entry to your /etc/hosts file so that your Droplet could resolve the domain.

          Also if you get a response, I would suggest trying to run curl -IL inter.apopzs.org from your Droplet and see if you get the correct response.

          Another thing that you could try doing is to run a traceroute from your Droplet to your inter.apopzs.org domain:

          • traceroute inter.apopzs.org

          Let me know how it goes.
          Regards,
          Bobby

          Reply Report
  • mmuhammadeuss March 25, 2020

    Hi there,

    no solution?

    Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help