Question

Internal Network Problem with nginx reverse proxy

Posted December 13, 2021 251 views
NginxNetworkingDebian 11

Hello dear community

I’m working on a configuration, which is slowly but surely driving me crazy. Here’s the scenario. An application server which is in one network (as example 172.10.0.1/24), Nginx reverse proxy which is in the same network and clients which are in another network (as example 172.12.0.1/24). I have configured the Nginx reverse proxy and created a subdomain pointing to the public IP which has a NAT rule on the firewall and points to the application server. In the Nginx reverse proxy the subdomain is also defined as the server name and a proxy pass to the application server. The clients cannot access it. Only if the DNS of the application is specified, the access via HTTP is possible, because the appliation supports only port 80.

The goal is that the application server is accessible from everywhere, with the domain controller as DNS and via HTTPS.

What am I doing wrong?

Here is my configuration in /etc/nginx/sites-avaible/

server {

    listen 443 ssl;
    server_name sub.domain.com;

    ssl_certificate           /etc/nginx/ssl/subdomain.com.pem;
    ssl_certificate_key       /etc/nginx/ssl/subdomain.com.key;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/subdomain.com.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          http://172.10.0.10;
      proxy_read_timeout  90;

#      proxy_redirect      http://172.17.0.13 https://subdomain.com;
    }
}

server {

    listen 24001 ssl;
    server_name sub.domain.com:29005;

    ssl_certificate           /etc/nginx/ssl/subdomain.com.pem;
    ssl_certificate_key       /etc/nginx/ssl/subdomain.com.key;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/subdomain.com.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        Connection "";
      proxy_http_version      1.1;

      proxy_pass          http://172.10.0.10:29005;

#      proxy_redirect      http://172.10.0.10:29005 https://sub.domain.com:29005;


Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!