I have two linux VMs with IPs 192.168.1.10 - VM1 and 192.168.1.11 - VM2. NGINX is running in VM1. VM2 is ftp server. I can successfully upload files to 192.168.1.11:21.
What I am trying to achieve is, instead of using the IP of VM2, is it possible to use IP of VM1 to upload files using nginx?
EDIT
I am looking for something like below;
upstream ftp_server {
server 192.168.1.11:21 fail_timeout=0;
}
server {
}
I think you want to forward a TCP stream to another server.
So something like this should work for you:
stream {
upstream backend {
server 192.168.1.11:21;
}
server {
listen 21;
proxy_pass backend;
}
}
Related
I have 3 different VMs where 2 of them are running an application on Kubernetes (Minikube), on NodePort.
On the third server, I'm trying to use Nginx as a LoadBalancer but I cannot seem to reach the servers.
For that I am following the own Nginx guide using something like:
(I can access the application using NodePort on my PC)
http {
upstream backend {
server 192.168.1.1:31200;
server 192.168.1.2:31201;
}
server {
listen 80;
location / {
proxy_pass http://backend;
}
}
}
However when I connect to the LoadBalance, it cannot find the servers.
Am I configuring Nginx in a wrong way or by using a local server like Minikube it is not possible to Load Balance this way?
Turns out I had configured the DNS server wrongly, now it works as expected.
I am currently trying to make a nginx proxy work where it pass to different ips depending on the origin.
stream {
server {
listen 1000 udp;
proxy_pass 10.0.0.2;
allow 10.0.0.3;
}
server {
listen 1000 udp;
proxy_pass 10.0.0.3;
allow 10.0.0.2;
}
}
obviously this does not work as I can not listen on the same port twice. I tried something with "if" but it is not allowed there. Any ideas? I just want to proxy the traffic between the two ips.
You need transparent proxy or some kind of packet filter or firewall, not nginx, since it is reverse proxy and not suitable for your task.
While I'm not sure you choose the right way to solve your task (unless you need some kind of load-balancing), however this this should be possible using several upstream blocks and the geo block:
stream {
upstream first_upstream {
server 10.0.0.2:1000;
}
upstream second_upstream {
server 10.0.0.3:1000;
}
upstream third_upstream {
server 10.0.0.4:1000;
}
geo $upstream_name {
10.0.0.0/24 first_upstream;
10.0.1.0/24 second_upstream;
default third_upstream;
}
server {
listen 1000 udp;
proxy_pass $upstream_name;
}
}
If you need a load-balancing, see the TCP and UDP Load Balancing article.
I know I could use some like this:
stream {
upstream ssh {
server X.X.X.X:22;
}
server {
listen 2222;
proxy_pass ssh;
}
}
to proxy pass incoming traffic to port 2222 to another IP's port 22.
Straightforward. But, is there a way to create a dynamic proxy that accepts final destination's hostname and port as parameters?
Something that could be used like this:
proxy_hostname:8080?destination_hostname=example.com&destination_port=1111
ngx_stream_core_module does not accept url parameters. Could nginx be used as a dymanic proxy or only for static tunneling?
I'm asking this because I need a way to hide the IP of a machine firing php mysql requests.
mysqli_connect($hostname, ...)
right now I cannot specify a proxy for the php script alone, only for the entire machine.
Maybe with a small script and fcgiwrap:
https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/
fcgiwrap calls a bash script where you can convert the URI to the program you want to call (mysql) and return the output to nginx as web content.
You could also alter the config of nginx and reload the service. This way you could "dynamicly" open/forward ports. Quite insecure if you make it publicly available.
I have a dynamic IP which I manage using ddclient. I use no-ip to maintain the hostnames to point to my IP.
I have www.somename.com, sub.somename.com and app.somename.com. Obviously, these all point to my IP. The first two are a couple of wordpress pages on a server (server1) running NGINX, with separate configs in sites-available for each site. The latter is a separate application server (server2) running GitLab.
My router does not allow me to switch on subdomain, so all port 80 traffic is routed to server1. I'm hoping there is a config I can apply in nginx that will allow me to send all traffic for app.somename.com to a local IP address on my network (192.168.0.nnn), but keep the address of the page as app.subdomain.com.
Right now, I have :-
/etc/nginx/site-available$ ls
somename.com domain sub.somename.com app.somename.com
The relevant ones are linked in sites-enabled. For the app server, I have :-
server {
server_name app.somename.com;
location / {
proxy_pass http://192.168.0.16:80;
}
}
The problem, is that in the browser address bar, this results in :-
http://192.168.1.16/some/pages
Where I want :-
http://app.somename.com/some/pages
How do I resolve this?
You could try like this!
server {
server_name app.somename.com;
location / {
proxy_pass http://192.168.0.16:80;
proxy_set_header Host app.somename.com;
}
}
I'm trying to setup an FTP subdomain, such that all incoming SFTP requests to (say) ftp.myname.com, get routed to a particular internal server, (say) 10.123.456 via port 22.
How do I use nginx to route this traffic?
I've already setup the SFTP server, and can SFTP directly to the server, say:
sftp username#123.456.7890, which works fine.
The problem is that when I setup nginx to route all traffic to ftp.myname.com, it connects, but the passwords get rejected. I have no problems routing web traffic to my other subdomains, say dev.myname.com (with passwords), but it doesn't work for the SFTP traffic:
server {
listen 22;
server_name ftp.myname.com;
return .............
}
How do I define the return sting to route the traffic with the passwords?
The connection is SFTP (via port 22).
Thanks
Aswering to #peixotorms: yes, you can. nginx can proxy/load balance http as well as tcp and udp traffic, see nginx stream modules documentation (at the nginx main documentation page) , and specifically the stream core module's documentation.
You cannot do this on nginx (http only), you must use something like HaProxy and a simple dns record for your subdomain pointing to the server ip.
Some info: http://jpmorris-iso.blogspot.pt/2013/01/load-balancing-openssh-sftp-with-haproxy.html
Edit:
Since nginx version 1.15.2 it's now possible to do that using the variable $ssl_preread_protocol. The official blog added post about how to use this variable for multiplexing HTTPS and SSH on the same port.
https://www.nginx.com/blog/running-non-ssl-protocols-over-ssl-port-nginx-1-15-2/
Example of configuring SSH on an upstream block:
stream {
upstream ssh {
server 192.0.2.1:22;
}
upstream sslweb {
server 192.0.2.2:443;
}
map $ssl_preread_protocol $upstream {
default ssh;
"TLSv1.2" sslweb;
}
# SSH and SSL on the same port
server {
listen 443;
proxy_pass $upstream;
ssl_preread on;
}
}