I got a task to use Nginx as a reverse proxies to all requests, so if someone is going through the proxy and the SNI is www.google.com the Nginx will access www.google.com fetch the data and provide it to the user, but I need it to all domains and not just some.
Is it something Nginx can do?
Tnx,
Omer
Related
I want to ask you if there is a possibility to configure NginX as http proxy and stream proxy on the same NginX server? Or should it be splited on two machines, one as http proxy, another as stream proxy?
Do you have experience with that kind configuration?
Thanks in advance for any suggestions.
My issue is that I can get the real IP address from the client when I am using the openlitespeed webserver with a reversed proxy in front of my openlitespeed serveres.
We have the ssl termination on the openlitespeed web serveres and NOT on the proxy server.
The proxy is only going to farward the request to the correct server nothing else. We have multiple serveres.
We are at this point only able to get the reversed proxy IP address and not the client ip address.
We have tried this with haProxy and are now trying it with nginx as reversed proxy.
I have read that it wont work with haProxy, but nginx is a bit more flexible it think.
I have set the server Use Client IP in Header to Yes on the openlitespeed servere:
My first question is:
Is this possible or dosent the openlitespeed server support this at all.
Ref: https://clients.javapipe.com/knowledgebase/135/Real-Visitor-IPs-With-Website-DDoS-Protection.html
This says its built in on litespeed.
My second question is:
Do you know if this have been done successfully with haProxy, Nginx or Squid proxy?
My third question is:
Do anyone have a config that works for either haProxy, Nginx or Squid proxy.
Prefered: Nginx or haProxy
A big thanks in advance for anyone who can answer these questions.
I can confirm that is doesn't not work with ols. The litespeed team has confirmed it. Though they might add support for proxy protocol in the future. We are now syncing the ssl from the webserver to the proxy making it s secure all the way.
I tried to search, but I can't find nothing.
What I have:
single node k8s cluster
two game servers(project zomboid and valheim)
some web app listening http requests
My problem is
I can't access my services. I don't know what to do to forward requests from internet directly to my services.
I tried to make nginx server on host machine and forward using reverse proxy. It is working good for http requests. I can forward each subdomain.domain.com to each of my services.
My Questions
What about tcp/udp requests?
How I can forward them?
Is it a good way having nginx on host machine?
Is it possible to route tcp/udp requests by domain name(e.g. mygameserver:700 redirects to gameserver1 ip and myanothergameserver:700 redirects to anothergameserver ip?
kubectl get all
I have website and some game server.
I have domain which I connect to Cloudflare.
I want to redirect non http/https traffic to my server IP because when I try to connect to server with domain I can't do this because of Cloudflare proxy.
Maybe it can be done differently?
I use Nginx.
Cloudflare has its own SSL configuration.
There are 4 options for you:
Off disables https completely
Flexible Cloudflare will automatically switch client requests from HTTP to HTTPS but it still points to port 80 on your nginx server, should not configure SSL on nginx in this case.
So the only options for you are Full or Full Strict (more restricted on the cert configured on nginx, must be a valid cert).
With Full you can configure your nginx with a self-signed SSL and let it go. Cloudflare will handle the part between client and its proxy server.
Suppose I want to use a combination of NGinX (probably another since it doesn't proxy HTTP/2 requests) and Hypercorn. As both can handle SSL certificate files, I wonder who is the best suited to do this for an HTTPS request. It is important to me that Hypercorn could listen to 443 port and I'm not sure it can do that without specifying certfile and keyfile parameters.
Well, that depend what you want to do.
The simpliest solution is to configure both to use SSL.
Nginx will receive the request, decipher it, process it, send it to Hypercom on port 443 as an HTTPS Client. Hypercom will get the request as any normal HTTPS client.
If your goal is security : go with both
If your goal is just to not
have hypercom expose directly, you can configure it to not use SSL
Nginx support by default proxying request to an HTTPS upstream so that's the best solution I think. However, you might need to play with setting http-header for hypercom to correctly understand who's the client by playing with X-Forwarded-For, X-Forwarded-Host and any headers that might be needed by Hypercom.