Home / user-942987

Cyanmodex9's questions

Martin Hope
Cyanmodex9
Asked: 2022-02-14 04:46:00 +0800 CST
  • 0

I have a problem with my NGINX configuration. I have two webservers running on windows servers. Which one is called from outside with 443 and then should be forwarded to the server with 41001. The second server block should be called the FQDN and nginx should forward this to FQDN.com/test. Internal and external.

On the first server block this takes forever to load and nothing seems to work. With the second server block I get a 404 back.

This is what my configurations look like and the error logs

server {
    server_name test.example.com;
    return 301 http://test.example.com/test$request_uri;
    }


server {
        listen  443 ssl http2;
        listen  [::]:443 ssl http2;
 
        access_log /var/log/nginx/test_service_access.log;
        error_log /var/log/nginx/test_service_error.log;

        ssl_certificate /etc/nginx/ssl/test.com.pem;
        ssl_certificate_key /etc/nginx/ssl/test.key;
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G>        ssl_prefer_server_ciphers off;

        location /test {
        proxy_pass https://10.10.10.10/test/;
        }

        client_max_body_size    0;
        proxy_connect_timeout   90s;
        proxy_send_timeout              90s;
        proxy_read_timeout              90s;
        send_timeout                    90;
    }

server {
        server_name test2.example.com;
        # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
        return 301 https://test2.example.com$request_uri;
}

server {
        listen  443 ssl http2;
        listen  [::]:443 ssl http2;
        server_name test2.example.com;

        access_log /var/log/nginx/test2_service_access.log;
        error_log /var/log/nginx/test2_service_error.log;

        ssl_certificate /etc/nginx/ssl/test2.example.com.pem;
        ssl_certificate_key /etc/nginx/ssl/test2example.key;

#       ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G>
        ssl_prefer_server_ciphers off;

        add_header Strict-Transport-Security max-age=15768000;

        location / {

#       resolver 10.150.10.10 8.8.8.8;
        proxy_pass https://test2.example.com:41001/;
        proxy_redirect  https://test2.example.com:41001/ https://test2.example.com/;

        client_max_body_size    0;
        proxy_connect_timeout   90s;
        proxy_send_timeout              90s;
        proxy_read_timeout              90s;
        send_timeout                    90;
        }
    }
}

I looked at the error.logs and this is what came up.

2022/02/13 12:54:58 [error] 2620#2620: *15 open() "/usr/share/nginx/html/DocuWare/Platform/LoginRedirect" failed (2: No such file or directory), client: xxx.xxx.xxx.xxx, server: , request: "GET /DocuWare/Platform/LoginRedirect?returnUrl=%2fdocuware%2fPlatform%2fWebClient%2f HTTP/2.0", host: "test2.domain.com", referrer: "https://test.domain.com/docuware/Platform/WebClient/"

2022/02/13 12:35:17 [error] 2541#2541: *1 upstream timed out (110: Connection timed out) while connecting to upstream, client:

Regarding the first error, I don't understand exactly what is wrong

As I understand it, I need to define an upstream for the server with port 41001, is that correct?

Am I missing something here?

UPDATE

I have adjusted my configuration to the smallest so that I can test this. As follows my configuration looks like this

######################################################################
   upstream abacus {
      server 10.120.50.11; 
   }
   
   server {
      listen 80;
      server_name abacus.example.com;
      return 301 https://abacus.example.com$request_uri;
   }
    
   server {
      listen 443 ssl;
      server_name abacus.example.com;
      ssl_certificate /etc/nginx/ssl/xxx.com.pem;
      ssl_certificate_key /etc/nginx/ssl/xxx.key;
      ssl_protocols TLSv1.2 TLSv1.3;

      access_log /var/log/nginx/abacus_service_access.log;
      error_log /var/log/nginx/abacus_service_error.log;

   location / {
      proxy_pass http://abacus;
   }
}

#######################################################################
   upstream docuware {
      server 10.120.50.10; 
   }
   
   server {
      listen 80;
      server_name docuware.example.com;
      return 301 https://docuware.example.com$request_uri;
   }
   
   server {
      listen 443 ssl;
      server_name docuware.example.com;
      ssl_certificate /etc/nginx/ssl/xxx.pem;
      ssl_certificate_key /etc/nginx/ssl/xxx.key;
      ssl_protocols TLSv1.2 TLSv1.3;

      access_log /var/log/nginx/docuware_service_access.log;
      error_log /var/log/nginx/docuware_service_error.log;
      
   location / {
      proxy_pass http://docuware/docuware;
   }
}
}

When I access the server "abacus.example.com", I get to the IIS homepage. So here I have to define that I come from outside with 443 (HTTPS) and I am redirected to port 23001.

If I access the server "docuware.example.com/docuware", I get a 404 - File or directory was not found. So here I have to define somehow that it can access the server with the subpath.

In the internal network this works without problems. I am redirected to "docuware.example.com/DocuWare/Platform/WebClient/ClientAccount/xxx".

Do you see here what I have to adjust? I've been beating my head against it for hours.

log-files nginx nginx-reverse-proxy iis-8.5 external-connection
Martin Hope
Cyanmodex9
Asked: 2021-12-13 03:53:34 +0800 CST
  • 0

I have configured a nginx reverse proxy on a debian 11 which I can reach the application server with the subdomain from the internet. But on the internal network it does not work.

The reserve proxy is in the same subnet as the application server 172.3.0.1/24. The domain controllers are entered as DNS. The clients are in a different subnet and cannot reach the subdomain via the browser. The clients can ping the reserve proxy but when I access the subdomain with HTTPS I get a connection refused.

So the main goal is that everyone can access the subdomain and from the Internet to the subdomain, the subdomain with the special port and that via HTTPS. The access should be redirected from HTTP to HTTPS, because the application supports only port 80.

I don't understand what the problem is or if I have configured something wrong.

First Block of my configuration

 server {
  listen 80;
  return 301 https://$host$request_uri;
 }

and the second

 server {

  listen 443 ssl;
  server_name somesubdomain.www.com;

  ssl_certificate           /etc/nginx/ssl/somesubdomain.pem;
  ssl_certificate_key       /etc/nginx/ssl/somesubdomain.key;

  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  access_log            /var/log/nginx/somesubdomainweb.www.com.access.log;

  location / {

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;

  proxy_pass          http://172.3.0.x;
  proxy_read_timeout  90;

 }
}

and the last block of my configuration for access via a special port

 server {

  listen 443 ssl;
  server_name somesubdomain.www.com:27000;

  ssl_certificate           /etc/nginx/ssl/somesubdomain.pem;
  ssl_certificate_key       /etc/nginx/ssl/somesubdomain.key;

  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  access_log            /var/log/nginx/somesubdomainpath.www.com.access.log;

  location / {

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;

  proxy_pass          http://172.3.0.13:27000;
  proxy_read_timeout  90;

 }
}

Thank you for the help

windows linux networking nginx reverse-proxy
Martin Hope
Cyanmodex9
Asked: 2021-12-03 06:17:37 +0800 CST
  • 0

I have a question about which I am racking my brains. The following scenario. There is an application which displays a white page via the browser internally via a port and a path /keep-alive. Externally via the configured Nginx Proxy Manager the application is reachable via FQDN.

So a proxy host has been set and a stream for the port. If I now access the port and /keep-alive from external I get

CANNOT GET keep-alive

I wonder, is this a setting that needs to be set on the Nginx Proxy Manager (and if so, what the parameter for it needs to be) or does it need to be set on the web server by the software developer of the application? The web server that runs the software in the background is OpenResty (based on Nginx Core).

Thanks for your time!

nginx reverse-proxy openresty