I have configured a nginx reverse proxy on a debian 11 which I can reach the application server with the subdomain from the internet. But on the internal network it does not work.
The reserve proxy is in the same subnet as the application server 172.3.0.1/24. The domain controllers are entered as DNS. The clients are in a different subnet and cannot reach the subdomain via the browser. The clients can ping the reserve proxy but when I access the subdomain with HTTPS I get a connection refused.
So the main goal is that everyone can access the subdomain and from the Internet to the subdomain, the subdomain with the special port and that via HTTPS. The access should be redirected from HTTP to HTTPS, because the application supports only port 80.
I don't understand what the problem is or if I have configured something wrong.
First Block of my configuration
server {
listen 80;
return 301 https://$host$request_uri;
}
and the second
server {
listen 443 ssl;
server_name somesubdomain.www.com;
ssl_certificate /etc/nginx/ssl/somesubdomain.pem;
ssl_certificate_key /etc/nginx/ssl/somesubdomain.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/somesubdomainweb.www.com.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.3.0.x;
proxy_read_timeout 90;
}
}
and the last block of my configuration for access via a special port
server {
listen 443 ssl;
server_name somesubdomain.www.com:27000;
ssl_certificate /etc/nginx/ssl/somesubdomain.pem;
ssl_certificate_key /etc/nginx/ssl/somesubdomain.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/somesubdomainpath.www.com.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.3.0.13:27000;
proxy_read_timeout 90;
}
}
Thank you for the help
I have managed to solve my problem. A new network adapter was added and configured and the routing was controlled and adjusted.
I then allowed the allowed subnets in the server block and controlled the configuration and performed a reload. Then everything worked!
I hope this way helps someone with same head banging.