Nginx docker reverse proxy with http/https and tcp (ssh) - nginx

I have a docker container with nginx (v. 1.17, no plus version) set up as a reverse-proxy (http/https) to other docker containers and machines.
An example configuration I have is the following:
server {
resolver 127.0.0.11;
listen 443 ssl;
server_name gitlab.mydomain.com;
location / {
proxy_pass http://gitlab:30000;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
And this works perfectly.
What is missing is the configuration for accessing gitlab (and other machines I need) trough SSH.
I saw in some other questions that you can use streams and other new nginx features, but I didn't quite get how to embed this with my current configuration.
Can someone help me with this settings? How can we combine http/https reverse proxy with ssh reverse-proxy?

Related

nginx reverse proxy sends all traffic to first defined server

I have multiple servers running on the same host. I am trying to configure nginx to route traffic based on the server_name, but all traffic is sent to the first defined server.
I have two urls:
example.domain.net
domain.net
which I have configured nginx to proxy with configuration:
server {
listen 3978;
listen [::]:3978;
server_name example.domain.net:3978 example.domain.net:3978;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://127.0.0.1:8443;
}
}
server {
listen 3978;
listen [::]:3978;
server_name domain.net:3978 www.domain.net:3978;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://127.0.0.1:8020;
}
}
But all traffic to both example.domain.net:3978 and domain.net:3978 is being sent to whichever server is defined first in the file (in this case example.domain.net)
I've seen other examples where this worked like This post. Is this possible with one having a subdomain and another not?
I am using nginx version 1.18.0 with the default nginx.conf on Ubuntu 18.04
server_name should not have ports. Try removing :3978 from the server_name.
Because you have the ports, the hostname does not match any of the server_name. So, the entire traffic is sent to the first server which is considered as a default for no matches.

How can I configure access from external ip to internal ip on GCP through nginx reverse proxy?

Can't connect to application through External IP.
I started gerrit code review application on GCP's vm instance(CentOS 7).
It works on http://localhost:8080 and I can't connect to it through external IP. Also I tried to create NGINX reverse proxy, but probably my configuration is wrong. By the way after installing NGINX, the starter page were shown on external ip.
# nginx configuration /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
auth_basic "Welcomme to Gerrit Code Review Site!";
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
gerrit.config
[httpd]
listenUrl = proxy-http://127.0.0.1:8080/
You use localhost as a server_name. I think that may cause conflict, because you connect to your server externally. You don't need server_name, cause you are going connect to your server by ip. And I recommend you enable logs in your nginx config. It will help you with bug fixing.
I recommend you try this config:
server {
listen 80;
access_log /var/log/nginx/gerrit_access.log;
error_log /var/log/nginx/gerrit_error.log;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
add a line in /etc/hosts
127.0.0.1 internal.domain
Update proxy config
proxy_pass http://internal.domain:8080;
It works with me

running Sonarqube behind a reverse proxy (Nginx)

We are trying to run sonarqube behind a reverse proxy (nginx).
We have nginx running on once instance within our AWS VPC, and sonarqube on another instance. Below is our sonarqube location block. NGINX is set to listen on port 80…
Sonarqube is running in a docker container with port 9000 mapped to 9000 on the host.
Our default location (below) redirects anything other than a valid location to the jira location.
When we try to access sonarqube using the address of the machine running NGINX and /sonarqube, we just get redirected to Jira.
It is worth noting that all our other applications that have a location block in the nginx config work as expected.
location / {
return 301 /jira;
}
location /sonarqube {
proxy_pass http://<ip-address of machine running sonarqube>:9000/sonarqube;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
Is your sonar.properties correctly configured?
sonar.web.port: 9000
sonar.web.context: /sonarqube
After that you can change your nginx config as
location /sonarqube {
proxy_pass http://<sonarqube_ip>:9000;
...
}

WildFly 8.2.1 and nGinX

I have 2 servers(CentOS7) in LAN WildflyAPP and nGinX.
nGinX is having 2 eth cards. One connected with LAN(192.X.X.X network) and second up to the wild world (external static IP).
I'm trying to use nGinX as Proxy to Wildfly 8.2.1(as a service) using subdomains:
app.mydomain.com to be used as proxy to Wildfly application (8080 port)
wildfly.mydomain.com for management to wildfly (9000 port)
In both cases im receiving 502 error
I used default configuration for nGinx:
server {
listen 80;
server_name app.mydomain.com;
error_log /var/log/nginx/app-error.log;
access_log /var/log/nginx/app-access.log;
location / {
proxy_pass http://192.X.X.X:8080/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
add_header Cache-Control "no-cache, no-store";
}
}
I also tried versions with:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
Nothing i found anywhere in net helped (standalone file checked and looks ok, APP accessible from LAN at 8080 without any problems).
Please help me what i am doing wrong here.

Dokku Port configuration problems EC2

I currently trying to deploy my App on a EC2 Instance using Dokku and my first impression is that it's really amazing. Still I have some problems relating the configuration of my App that it's reachable via port 80 and not to the docker container port.
So for instance when i try to reach my app it's reachable under:
http://recipeapp.xxx.de:49169/
but not under
http://recipeapp.xxx.de/
My VHOST config looks like this:
xxx.de
The nginx.conf of the app is generated as the following:
upstream recipeapp { server 127.0.0.1:49169; }
server {
listen [::]:80;
listen 80;
server_name recipeapp.xxx.de;
location / {
proxy_pass http://recipeapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
}
}
I add my remote with:
git remote add appstore dokku#xxx:recipeapp
And push it with:
git push appstore master
So what am I doing wrong? I now trying it for days to make it running correct but I don't see any possibilities any more.
Doublecheck the contents of /home/dokku/VHOST as root. The file should contain a single line, namely "xxx.de".
If the file is absent, touch /home/dokku/VHOST and enter the line.
Also keep in mind that you need to configure the DNS settings for xxx.de; A record for xxx.de pointing to EC2 instance and A record for *.xxx.de also pointing to EC2 instance.
Hope this helps.

Resources