ispconfig domain hidden from another ispconfig domain with proxy redirect from nginx

Discussion in 'ISPConfig 3 Priority Support' started by adrenalinic, Jul 8, 2015.

  1. adrenalinic

    adrenalinic Member

    Hi,
    I have a xenserver, where run a os firewall and two ispconfig installations , one with nginx and second with apache2.
    All traffic from firewal is nat to the nginx ispconfig with ip 192.168.11.21 and all works correctly.

    Now I need to trasnfer requests coming from port 80 on the nginx ispconfig to a domain that will run on the apache2 ispconfig with internal virtual lan ip 192.168.11.22.

    I have create a new website, store.mysite.com on the nginx ispconfig with the setup of redirect proxy with Redirect Path to 'http://192.168.11.22' with Rewrite Rules: 'rewrite ^/$ / last;'

    With this configuration , whe I try to see the subdomain, it run without any files of the html page...and I see only text!
    Both ispconfig servers are running with the private local ip of the xen virtual network, and the firewall manage the public ip.

    I have tryed to set in the apache ispconfig, the behind server, the public ip but it show the default web server page instead of the domain...

    Where is wrong in my configuration?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The proxy is setup on the ispconfig redirect tab, or manually?
    Do you have any rules in the nginx directives field of the website?
     
  3. adrenalinic

    adrenalinic Member

    The proxy is set in the ispconfig tab and there are no rules in the nginx field ,except for the proxy rewrite rule, but without, the error is the same.. Thanks
     
  4. adrenalinic

    adrenalinic Member

    I have tried to delete and add newly the lan ip to the apache server, and now I can see that run only text and for the other html content , the browser try to connect directly to the lan ip of the apache server.

    Therefore the nginx is passing directly the lan ip to the client..not acting as reverse proxy??!!

    For verification,i have added a new subdomain as nginx proxy that point to external server wan ip and the proxy whit this conf works... I can see the remote server content.

    Any idea?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you try to test this from outside of your local network? maybe it is a local config issue or a configuration in the hosts file on your desktop?
     
  6. adrenalinic

    adrenalinic Member

    Hello, I'm already out from the server lan, it is in the hetzner data center.
    I have verified the lan ip requests connecting me to the internal virtual server network with openvpn..
     
  7. adrenalinic

    adrenalinic Member

    ISPConfig 3.0.5.4p8 2015-07-09 11-12-48.png
     
  8. adrenalinic

    adrenalinic Member

    "Thinking..."
    An alternative not wonderful solution to bypass the ispconfig proxy can be:
    1) I use the cloudflare free proxy service to protect my server...
    2) Open a second tcp port for the webserver that cloudflare allow to be used as for example the port 2052
    3) natting input port 2052 from the os firewall to the apache2 iscconfig 192.168.11.22
    4) allow out connections from firewall on the port 2052
    5) set in the ispconfig nginx proxy the address http://my-wan-server-ip.com:2052
    6) loopback to/from tcp web connections to serve the wan ip of the server instead the lan internal ip

    The request for the host will arrive to the ngnix that will serve the external ip to 2052 tcp port, this will exit from the lan, than return to the firewall and sended to the apache2 server with nat wan:2052 - lan apache:80 ....

    I will try to test this network "wan loopback tricks"....

    Clear... is not the concept of using a proxy...

    Any idea?
     
    Last edited: Jul 9, 2015
  9. adrenalinic

    adrenalinic Member

    Other ... can be to add an alias hostname for the apache ip on the nginx server hostname, but I think will be incorrect...will create ip conflicts in the virtual network between the servers.. no?
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, I guess this will cause conflicts.

    Regarding the proxy settings, did you try to set just the redirect path and nothing more. I'am nots sure if the seo redirect or rewrite rule might cause a conflict with the proxy.
     
  11. adrenalinic

    adrenalinic Member

    Yes tried without rewrite rules... the same error...
     
  12. adrenalinic

    adrenalinic Member

    sorry but, if I add in the apache server two ip's, the lan and wan ip, when I request the hostname that will run in to the apache server, I see the default apache server page instead of the default apache website virtual host.

    Can be this a simple error that can be correct in to the apache server? why if I add as second ip, the wan ip (the ip assigned to the firewall from the xenserver host) I can see the default page of the apache server? this mean that the request is arriving correctly...no?
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Are your vhosts in the apache server set to * or to the IP address?
     
  14. adrenalinic

    adrenalinic Member

    if I set to * or external wan ip, it show only default server page,
    if set to lan ip it show the vhost but the nginx pass out the lan ip instead wan
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    It should work with * then. check the default vhost of the server and try to set it to * or try to disable the default vhost temporarily.
     
  16. adrenalinic

    adrenalinic Member

    Hello.. after weeks I'm newly here with the same problem...
    uuufffff o_O
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    In a Nat environment, the servers have to use the internal ip address for costs as they see only the internal ip, the translation to the external ip is done by the router. So you have to use the internal ip or * or don't run your server behind a router. The default ghost is used by apache and nginx when there is no better matching vhost. One thing that can cause the default vhost to match before a site is when the server Hostname is the name of the website.
     
  18. adrenalinic

    adrenalinic Member

    Hello Sir,
    the post its talking about proxy http pass using the nginx ispconfig "proxy" redirect tab option on port 80.....
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, sorry missed that part. I don't use the proxy function in a NAT enviroment so I cant help you out with that. But as far as I know, the same rules that I described above apply to proxys as well and your test results show that, so most likely my answer above applies to your problem.
     

Share This Page