Torrent client, qtorrent, has web GUI.
Torrent client on one server with unique ip address.
Nginx reverse proxy setup with unique ip address.
Have setup Nginx reverse proxy to point subdomain address internal ip address with specific port (traffic HTTPS via letsencrypt).
Can load Torrent Client GUI login page, but no page formatting (images provided below).
enter image description here
enter image description here
Can access Torrent Client GUI when on local network, via local ip address:port.
When login details are entered in site (that is accessed via domain address sub.example.com), a blank white web page is loaded and the web address changes to "https://www.sub.example.com/?username=UNameExample&password=PASSWORDExample"
Any advise on where to confirm or check configurations.
Below worked for Nginx Reverse Proxy setup for qtorrent.
Original found solution here.
#
#Code below is for SSL
#
server {
listen 80;
listen [::]:80;
server_name bittorrent.example.com www.bittorrent.example.com;
include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name bittorrent.example.com;
ssl_certificate /etc/letsencrypt/live/bittorrent.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bittorrent.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/bittorrent.example.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://www.bittorrent.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name www.bittorrent.example.com;
ssl_certificate /etc/letsencrypt/live/bittorrent.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bittorrent.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/bittorrent.example.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
location / {
proxy_pass http://192.168.0.10:9091/;
proxy_set_header X-Forwarded-Host $server_name:$server_port;
proxy_hide_header Referer;
proxy_hide_header Origin;
proxy_set_header Referer '';
proxy_set_header Origin '';
add_header X-Frame-Options "SAMEORIGIN";
}
}
Related
I am trying to setup an Nginx reverse proxy to an AWS API Gateway address like https://12345.execute-api.eu-central-1.amazonaws.com/v2 behind a corporate proxy.
I tried the following setup to www.example.com and it works. But as soon as I add https to it like https://www.example.com it fails. I add https since my API Gateway address is not accessible without it.
Current working config:
server {
listen 80;
listen [::]:80;
listen 443;
underscores_in_headers on;
location / {
proxy_pass_request_headers on;
proxy_set_header Host www.example.com;
proxy_pass http://myCorporateProxy.org:8080;
}
}
What I want to achieve and error I get:
Redirect all incoming traffic to localhost to be redirected to API Gateway address which looks similar to https://123456.execute-api.region.amazonaws.com/v2/
When trying following config, I get a 302 temporarily Moved error.
In configuration it would look like this:
server {
listen 80;
listen [::]:80;
listen 443;
underscores_in_headers on;
location / {
proxy_pass_request_headers on;
proxy_set_header Host https://www.example.com;
proxy_pass http://myCorporateProxy.org:8080;
}
}
You should try something like this. To redirect from http to https is a little different.
server {
listen 80;
server_name myCorporateProxy.org www.myCorporateProxy.org;
return 301 https://myCorporateProxy.org$request_uri;
}
I'm trying to learn more about how CDN works. How does it knows which Edge sever should it redirect the client to for lowest latency? Thank you.
For this purpose, Upstream configuration is used in Nginx webserver.
nginx redirect users's requests to the destination server.
sample of Nginx upstream is as bellow.
upstream example.com {
server example.com;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
access_log /var/log/nginx/access.log custom;
location / {
proxy_pass http://example.com;
}
I have auto SSL enabled for a VHOST, but I need to disabled that for a specific URL that needs to accept only non SSL requests.
This, put into vhosts, is working fine if the specific old URL was HTTPS, but it is HTTP. I cannot use HTTPS_METHOD=noredirect disabling auto SSL for the entire VHOST. Is it possible just to disable it for the context of this custom nginx location? I can see in the nginx-proxy logs that it gets a 301 before it even hits this nginx customization. So unfortunately I've only been able to get this proxy_pass config to work with HTTPS URLs, not HTTP.
Thanks for your help.
location /specific/old/http/URL {
proxy_pass http://service.new.tld/new;
proxy_set_header host http://service.new.tld;
proxy_ssl_certificate /etc/nginx/certs/new.tld/fullchain.pem;
proxy_ssl_certificate_key /etc/nginx/certs/new.tld/key.pem;
}
location /upstream {
proxy_pass http://service.new.tld;
proxy_ssl_certificate
/etc/nginx/certs/service.new.tld/fullchain.pem;
proxy_ssl_certificate_key
/etc/nginx/certs/service.new.tld/key.pem;
}
You need to Have one server directive for both http and https (will listen on 80 and 443) and you need to add the redirect script only on the wanted locations.
See example:
server {
listen 80;
listen 443 ssl;
server_name example.com www.example.com;
ssl on;
ssl_certificate example.crt;
ssl_certificate_key example.key;
location /specific/old/http/URL {
proxy_pass http://service.new.tld/new;
proxy_set_header host http://service.new.tld;
proxy_ssl_certificate /etc/nginx/certs/new.tld/fullchain.pem;
proxy_ssl_certificate_key /etc/nginx/certs/new.tld/key.pem;
}
location /upstream {
# add this condition only on the locations you want to redirect to https
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
proxy_pass http://service.new.tld;
proxy_ssl_certificate /etc/nginx/certs/service.new.tld/fullchain.pem;
proxy_ssl_certificate_key /etc/nginx/certs/service.new.tld/key.pem;
}
The problem:
I have an application running with Nginx serving as a reverse proxy. I have a ssl certificate to a certain example.com, but I also want my application to respond to example.organization.com (even without a certificate for the domain).
My idea was to set a return directive to return the desired URL and 301 as the status code... The problem is, my directive is not being used by Nginx. The nginx does force a HTTPS connection, but with any URL used and returning 302, so with the example.organization.com the browser does not accept it because of the lack of a ssl certificate. Even when the listen 80 block is disabled the redirect still goes on. Nginx is running inside a Docker container and it's hitting another Docker container (I don't think it is influencing the behavior, but I'm not sure)
What I've tried:
I tried to use the rewrite ^ https://example.com$request_uri permanent instead of the return 301 https://example.com$request_uri.
I also tried this:
server {
listen 443 ssl;
server_name example.com;
if ($host != "example.com") {
return 301 https://example.com;
}
}
But it didn't work.
server configuration:
server {
listen 80;
server_name example.com example.organization.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/conf/cert.crt;
ssl_certificate_key /etc/nginx/conf/cert.key;
location / {
proxy_pass http://container:80/
}
proxy_set_header HOST $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
I have a project and use nginx to reverse proxy the request on the respectively port without having the port open. I also use Lets encrypt for ssl certification and everything works fine.
What I wanted to do was, to close port 80 and leave 443 open. I thought that ,
one more port close = a bit more security.
BUT, now the http to https redirect doesn't work (obviously I guess). Now the link only works if I type the prefix "https://" in front.
So I have two questions,
1) Is there a way to redirect the link to https without opening port 80?
2) How safe can we assume it is to leave port 80 open in order to make the redirection work, if the only app running is this one and only ports 443 and 22 are open?
my configuration file goes like this:
server {
listen 80;
server_name domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain.com;
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
location / {
proxy_pass http://127.0.0.1:PORT;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
No you can't forward trafffic from one port when it's closed on your server itself.
If possible and you have advanced network management you might be able to redirect traffic from 80 to 443 before it reaches your server.
For instance in Digital Ocean you have the ability under networks to add a loadbalancer and setup a redirect from port 80 to 443. That way you can leave port 80 closed on your server.