I have a problem with my NGINX configuration. I have two webservers running on windows servers. Which one is called from outside with 443 and then should be forwarded to the server with 41001. The second server block should be called the FQDN and nginx should forward this to FQDN.com/test. Internal and external.
On the first server block this takes forever to load and nothing seems to work. With the second server block I get a 404 back.
This is what my configurations look like and the error logs
server {
server_name test.example.com;
return 301 http://test.example.com/test$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
access_log /var/log/nginx/test_service_access.log;
error_log /var/log/nginx/test_service_error.log;
ssl_certificate /etc/nginx/ssl/test.com.pem;
ssl_certificate_key /etc/nginx/ssl/test.key;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G> ssl_prefer_server_ciphers off;
location /test {
proxy_pass https://10.10.10.10/test/;
}
client_max_body_size 0;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
send_timeout 90;
}
server {
server_name test2.example.com;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://test2.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name test2.example.com;
access_log /var/log/nginx/test2_service_access.log;
error_log /var/log/nginx/test2_service_error.log;
ssl_certificate /etc/nginx/ssl/test2.example.com.pem;
ssl_certificate_key /etc/nginx/ssl/test2example.key;
# ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G>
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security max-age=15768000;
location / {
# resolver 10.150.10.10 8.8.8.8;
proxy_pass https://test2.example.com:41001/;
proxy_redirect https://test2.example.com:41001/ https://test2.example.com/;
client_max_body_size 0;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
send_timeout 90;
}
}
}
I looked at the error.logs and this is what came up.
2022/02/13 12:54:58 [error] 2620#2620: *15 open() "/usr/share/nginx/html/DocuWare/Platform/LoginRedirect" failed (2: No such file or directory), client: xxx.xxx.xxx.xxx, server: , request: "GET /DocuWare/Platform/LoginRedirect?returnUrl=%2fdocuware%2fPlatform%2fWebClient%2f HTTP/2.0", host: "test2.domain.com", referrer: "https://test.domain.com/docuware/Platform/WebClient/"
2022/02/13 12:35:17 [error] 2541#2541: *1 upstream timed out (110: Connection timed out) while connecting to upstream, client:
Regarding the first error, I don't understand exactly what is wrong
As I understand it, I need to define an upstream for the server with port 41001, is that correct?
Am I missing something here?
UPDATE
I have adjusted my configuration to the smallest so that I can test this. As follows my configuration looks like this
######################################################################
upstream abacus {
server 10.120.50.11;
}
server {
listen 80;
server_name abacus.example.com;
return 301 https://abacus.example.com$request_uri;
}
server {
listen 443 ssl;
server_name abacus.example.com;
ssl_certificate /etc/nginx/ssl/xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.key;
ssl_protocols TLSv1.2 TLSv1.3;
access_log /var/log/nginx/abacus_service_access.log;
error_log /var/log/nginx/abacus_service_error.log;
location / {
proxy_pass http://abacus;
}
}
#######################################################################
upstream docuware {
server 10.120.50.10;
}
server {
listen 80;
server_name docuware.example.com;
return 301 https://docuware.example.com$request_uri;
}
server {
listen 443 ssl;
server_name docuware.example.com;
ssl_certificate /etc/nginx/ssl/xxx.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.key;
ssl_protocols TLSv1.2 TLSv1.3;
access_log /var/log/nginx/docuware_service_access.log;
error_log /var/log/nginx/docuware_service_error.log;
location / {
proxy_pass http://docuware/docuware;
}
}
}
When I access the server "abacus.example.com", I get to the IIS homepage. So here I have to define that I come from outside with 443 (HTTPS) and I am redirected to port 23001.
If I access the server "docuware.example.com/docuware", I get a 404 - File or directory was not found. So here I have to define somehow that it can access the server with the subpath.
In the internal network this works without problems. I am redirected to "docuware.example.com/DocuWare/Platform/WebClient/ClientAccount/xxx".
Do you see here what I have to adjust? I've been beating my head against it for hours.
First error says that nginx cannot find the specific file at the location which he has. One way to solve that is to give nginx a specific folder for files that are requested. That's how web servers work.
I am not sure if you can redirect user with nginx from non-SSL traffic to SSL traffic. Both request and response should be the same encrypted/non-encrypted no matter how many steps there are to access target server from user web browser.
Look into the nginx logs if nginx goes into loop, while request is going to the same server which is redirected.
One thing that is likely needed is setting proper Host header for the proxied headers:
For abacus:
For docuware: