NGINX tcp stream on port 443 - nginx

Is it possible to have nginx host a website on standard ports 80 and 443 while at the same time having it proxy a tcp stream on the same port 443 ?
In which case, how does nginx know when to route the client to the website and when to route to the stream ? It seems like tcp streams don't support the "server_name" value.

It is not possible to use both stream and http on one port. HTTP has the concept of routing based on server name while a tcp stream cannot route based on a server name.

Related

Nginx proxy reverse out port

I want to define out port of my nginx server.
Actually some thing like port forwatding by iptables in nginx.
Request:
Client via(ip:port) send to nginx(ip:80).
Nginx via( nginx ip:client port) send to server B(ip:80).
Response:
Server B via(ip:80) send to nginx(ip:client port).
Nginx via(ip:80)send to client(Ip:port)
I have a server running nginx on it listen to port 80.
It recives requests from client and acording to location in request, forwards it to diferent proxy servers.
Problem:
I need to nginx connects to my proxy server by port which client conects to it.
For example:
Client connects to port 80 of my nginx server via port 1000 and now I want to my nginx connects to lisetenig port of my other server via port 1000.
Forwarded Ip is no matter.
And connection protocol is tcp http.

Have TCP server and client transmit data over HTTPS

I have a TCP server sitting on one host in a VPC, and a TCP client sitting on a separate host and VPC. Right now they are able to transmit data to each other using any matching ports, but I want their data to be transmitted to each other over HTTPS (port 443), is there a standard way of doing this?
My initial thought it to have Nginx running on both hosts to handle SSL over 443 with streams to handle the TCP traffic, but I'm lost when it comes to configuring the stream block in Nginx to wrap the TCP traffic with SSL on 443 for outgoing traffic for the server, or how to receive it on the client side and forward it to the TCP client. Any and all help is appreciated.

Port and IP address - what does bind mean?

I read on Ports WIKI page that "Ports are logical constructs which identifies a service or process", what service or process means here? It means protocol like HTTP, FTP etc. or software applications which are configured to listen on that port?
When it is said that application is listening on so and so... then does it listen for request to an IP address or a port, or listens on a combination of port and IP address? Application listen for a specific IP address and one or more ports are bound to it OR it listens for a combination of IP and port?
For example, I can have application configured for 7001 for HTTP requests and 7002 for HTTPS requests. So, would be listening on 7001 or what?
Applications/services such as a HTTP web server or an FTP server are assigned a port to use/listen on, usually in the config of the application. and they often use a standard port. HTTP for example usually uses port 80.
If an app/service is listening it listens to a port and has no relation to a specific IP address. This is because the IP address it is listening on is the IP address of the computer that the app/service it is running on.

Default port not 80 when I go to a web page?

So I have this little add on in Chrome called Live HTTP Headers.
There is this one url I go to, lets say "www.example.com"
When I inspect the headers I see:
GET / HTTP/1.1 Host: www.example.com:443
So port 443 is directly being asked for, but how come? Should not it be :80 ?
Port 443 is default port number for HTTPS, so
http://www.example.com comunicates on port 80, but
https://www.example.com comunicates on port 443.
Of course, you could always have a different port number and in this case is mandatory to explicitly show the port number in use, i.e.:
https://www.example.com:1443
You can actually run a webserver on any port within the valid range of 0 to 65535.
Internet Assigned Numbers Authority (IANA) do have port recommendations for serving and receiving different types of network traffic which you can read about here https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
But technically I think you can do whatever you like.
As others pointed out 443 is the default https port. But this just means example.com have configured their webserver to serve secure http (https) content on port 443. They could if they wanted to, serve it on 8443. Most browsers however are configured to automatically send https traffic to 443 if no port is specified in the url. This means if you wanted to server https traffic on port 8443 the user would have to put in the address https://example.com:8443 explicitly.

How to hide web application port in reverse proxy

I have use nginx for reverse proxy which listen on port 80. and I have a web application listen on port 9999, I config nginx with reverse proxy to redirect client request from port 80 to port 9999.
Now I found that when access 80 port, browser will show web application response (this is correct.), however, if browser directly access 9999 port, it will also show web application response.
So, How can I configure nginx that browser can only access port 80, not port 9999. Thanks!
i will recommend you two solutions:
You can bind your application to listen on localhost:9999 rather than *:9999
you can edit your firewall to don't allow traffic for 9999 port and only allow for port 80. for that you can edit iptables by going to /etc/sysconfig/iptables

Resources