I have an Nginx proxy where I have over 200 sites available (all SSL). I would like to simplify the traffic and terminate the SSL in the proxy and re-encrypt with a single certificate all 200 possible hosts and proxy pass them upstream.
Is this even possible?
Related
I have website and some game server.
I have domain which I connect to Cloudflare.
I want to redirect non http/https traffic to my server IP because when I try to connect to server with domain I can't do this because of Cloudflare proxy.
Maybe it can be done differently?
I use Nginx.
Cloudflare has its own SSL configuration.
There are 4 options for you:
Off disables https completely
Flexible Cloudflare will automatically switch client requests from HTTP to HTTPS but it still points to port 80 on your nginx server, should not configure SSL on nginx in this case.
So the only options for you are Full or Full Strict (more restricted on the cert configured on nginx, must be a valid cert).
With Full you can configure your nginx with a self-signed SSL and let it go. Cloudflare will handle the part between client and its proxy server.
Suppose I want to use a combination of NGinX (probably another since it doesn't proxy HTTP/2 requests) and Hypercorn. As both can handle SSL certificate files, I wonder who is the best suited to do this for an HTTPS request. It is important to me that Hypercorn could listen to 443 port and I'm not sure it can do that without specifying certfile and keyfile parameters.
Well, that depend what you want to do.
The simpliest solution is to configure both to use SSL.
Nginx will receive the request, decipher it, process it, send it to Hypercom on port 443 as an HTTPS Client. Hypercom will get the request as any normal HTTPS client.
If your goal is security : go with both
If your goal is just to not
have hypercom expose directly, you can configure it to not use SSL
Nginx support by default proxying request to an HTTPS upstream so that's the best solution I think. However, you might need to play with setting http-header for hypercom to correctly understand who's the client by playing with X-Forwarded-For, X-Forwarded-Host and any headers that might be needed by Hypercom.
I have Nginx running on server a (port 8000) and uWSGI running on server b (port 8001). b already serves a web socket at ws://b:8001/s. I would like to configure a as a reverse proxy also giving access to this web socket at ws://a:8000/s.
I am interested (if I understand correctly and this is the right approach) in a relaying the original HTTP request to b and in b initiating the protocol upgrade (as would also happen in the absence of a proxy), not in a initiating the protocol upgrade, as seems to happen in this example.
What Nginx location block would allow me to do that?
That proved straigthforward enough. The following location block apparently does the trick (for Nginx 1.10.3 and uWSGI 2.0.17.1):
location /s {
proxy_pass http://b:8001/s;
proxy_http_version 1.1;
}
I have an nginx proxy pointing at an external server. When the external server is down, the nginx proxy returns a 502 bad gateway.
Instead, I'd like nginx to also refuse the connection - How can I do this?
I have an 3 legged NGINX reverse proxy setup with External, Internal and DMZ networks.
NGINX has a reverse proxy server configured to listen on port 80 in the DMZ. I need to forward the request to another server via an upstream HTTP proxy, the request cannot be retrieved directly.
If I put the WEB proxy's IP address into upstream section - it sends "POST /DataService.svc HTTP/1.0" to http proxy and that obviously does not work.
Is it possible to rewrite $uri to include the host name in the request so it will look like "POST http://server.com/DataService.svc HTTP/1.0"
Should this work and how can I achieve this without installing squid etc...