Reverse Proxy - SSL Certificate for an infinite number of domain - nginx

Currently I have a NGINX Reverse proxy (server A) setup that redirect all request to another server (server B).
I have an infinite number of domain name that have DNS A Record pointing to server A. Basically the Server A is a server with a static ip. So customer using my app can set up their domain name to point to server A and then the server redirect to server B is dynamic ip so that's why I have the server A.
Now what I want to achieve is that all domain pointing to server A should use HTTPS.
As my reverse proxy is not setup to accept ssl certificate, the request are blocked. I got this error while attempting to access from a domain ERR_CONNECTION_REFUSED.
The issue is, as I can have an infinite number of domain what is the best solution to make sure that all the domain can use HTTPS.
Is there a way in NGINX + Let's Encrypt to do something that would accept all domain?
Otherwise should I update and create a SSL certificate manually for each new domain and update the NGINX config?
Thank you! :)
EDIT: While manually creating the certificate on the server A it's working but I would need to figure out a way to automatically create the file ... Or find another solution.

Related

nginx reverse proxy upstream server using domain name (ex. www.test.com)

I have a website hosted somewhere in some server. lets say the domain name is https://www.test.com
Now, I am working on setting up the reverse proxy for this website using the upstream server for this domain name and it is not working.
I don't want to try it with the IP Address.
I want to try it upstream server with the domain name.
Any help is much appreciated.

Can I use Nginx Certbot to put ssl in an aws default ec2 domain?

I tried to put the command to get the certificate but it gave me this error:
An unexpected error occurred:
The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "ec2-34-237-242-160.compute-1.amazonaws.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy
Here's an alternative
Create a subdomain (api.example.com) for your domain (example.com)
Install a reverse proxy (like nginx) on your ec2 instance
Configure SSL for the reverse proxy.
Retain SSL for the app on your ec2 instance as usual.
Redirect https (and probably http also) traffic to your app in the reverse proxy (like nginx) conf.
Let's Encrypt blocks Amazon AWS domains because the domain names are transient and are subject to change.
https://community.letsencrypt.org/t/policy-forbids-issuing-for-name-on-amazon-ec2-domain/12692/4

Can a reverse-proxy server takes https request and forward to a web server via http?

If I have a reverse proxy server (say Nginx) running on an SSL-certified domain name, can this proxy server takes an HTTPS request and forwards it to a regular web server (say gunicorn) via HTTP without creating errors like "blocked with mixed content"?
If the answer to the above question is "no", is the only way to forward an HTTPS request from a reverse-proxy server to another regular server (hosted on some IP address) is to buy a domain name for the regular server and get it an SSL certificate?
I tried googling this but I can't find a clear answer. Any help is appreciated!
Actually, SSL termination is one of the main use cases of a reverse proxy. So yes, this is possible.

route 53 CNAME with Nginx

I have a domain and its DNS entries are managing using AWS Route53.
I have 30 servers on a datacenter which only have private IPs, and the sites hosted on these servers are loading using a nginx proxy server which have public IP.
For this, I have created an A record (say *.abc.com A IPofproxy), then I added some redirection rules on proxy server to load the corresponding sites.
redirection rule on proxy server are as follows :
1.abc.com redirects to 1.1.1.1
2.abc.com redirects to 2.2.2.2
3.abc.com redirects to 3.3.3.3 , etc.
But now am facing an issue with the CNAMEs,
The issue is,
I created some CNAME records like :
abc.abc.com CNAME 1.abc.com
def.abc.com CNAME 2.abc.com
fgh.abc.com CNAME 3.abc.com , etc
Then I tried to access all of the above domains (abc.abc.com , def.abc.com, etc), but all the sites are pointing to only one server which is the first one on redirection rules.
I am new to nginx, it would be great if anyone help me to fix this.
If I'm understanding your configuration correctly, the issue you're experiencing is not specifically related to either Route 53 or Nginx.
Instead, it's related to how web browsers interact with DNS entries. You'd have this issue with any reverse proxy server.
You have to configure each CNAME entry in your proxy, individually, because the browser doesn't care about the CNAME entry -- the Host: header sent with each request is the hostname the browser started with, not the hostname the browser ended up with after any CNAMEs were traversed.
a.example.com IN A 203.0.113.1
b.example.com IN CNAME a.example.com.
A request for b.example.com will be routed by the proxy according to its rules for b.example.com and not by its rules for a.example.com, because the CNAME does not change the browser's Host: header, which is what the proxy is almost certainly using for its routing decision.
If you want requests for b.example.com, it must be configured in the proxy, and not only in the DNS.

Forwarding based on Host Headers

I am trying to get around ISP limitations of 1 IP address. Here is what I am trying to do. I have two web servers running internally on my network. One is my main IIS box that runs 4 or 5 sites and I just added a windows home server. I have created a dns entry for it called home.mydomain.com and the other server reponds to www.mydomain.com.
My router is set to forward 80 to www.mydomain.com's server (192.168.1.3) so when requests come in for home.mydomain.com the request fails since www server is not set up to listen to that host header.
I would like to know if there is a way with IIS 7 to 'proxy' requests to home.mydomain.com (192.168.1.4). I had tried setting up HttpRedirect in IIS but that does not work as I would have hoped since it sends back a 302 to the client with a name that points back to the main IP address and then a vicious redirect loop happens.
I am told in apache this can be done by having one server proxy for the other. Can this be done in IIS 7? If not does anyone know of a webserver proxy type of software I can use?
Thanks in advance,
Rich
What you are looking for is a "reverse proxy". In Apache you can do this via mod_proxy. In IIS, you'll want to try the Application Request Routing package.
URL Rewrite for IIS can also be used to do reverse proxing.
Yet another reverse proxy package is Managed Fusion URL Rewriter and Reverse Proxy

Resources