I am wondering if anybody has experience using nginx as a reverse proxy. Here is how I have begin setting up, each is on its own vhost within the same host server at the moment. I have just one public IP so I have to resort to reverse proxy to allow all of the local vhosts to be accessible outside of my network. rproxy xxx.xxx.xxx.0 [ nginx ] ispc xxx.xxx.xxx.1 [ apache ] webXXX xxx.xxx.xxx.XXX [ multiple vhosts with apache each with its own internal ip] So with this infrastructure I thought this would work under NGINX however ive realised this won't because of ssl, i'm not sure what the next steps are to get this to work. Code: server { listen 80; server_name domain1.com www.domain1.com domain2.com www.domain2 (etc etc etc); location / { proxy_pass http://xxx.xxx.xxx.xxx:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443; server_name domain1.com www.domain1.com domain2.com www.domain2 (etc etc etc); location / { proxy_pass http://xxx.xxx.xxx.xxx:443; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } Thinking ahead here, once I have this working I will need a way to do this automatically for any vhosts, maybe ISPC can update nginx or nginx can use a map file that ISPC can update as servers are added/removed?
I never try this, but I think you might want to check ISPConfig files that create the vhost files for each domain, and rewrite it or create a plugin for it, so that on each creation of apache vhost file, an nginx reverse proxy vhost file will also be created. That is said, there is also an old tutorial for nginx catch-all host as front end to apache in ISPConfig which may be relevant and useful instead of rewriting or creating a plugin, but I am not really sure how and whether it will work though.
I got some stuff working, ive posted a guide here about some place. Anyway http(s) works, all i needed was to set up some hosts in nginx to reverse proxy and create a new cert. Then I realised I could only SSH into one server remotely, so ive fixed that with a workaround but now I find ftp is also affected so that's yet another thing on my list, the guide is growing and the configuration is getting far more complex than it should for such a thing because i have had to resort to using ports as a kind of map to the individual servers and services, clearly this is not a long term solution or advisable. Nginx 1.9 has helped but it still needs better function, it needs to collect the hostname used no matter which protocol is used but it doesnt seem thats possible or the standard. If it did then it would be very simple to just say ssh domain.com -p22 or ftp://domain.com, ive not even gotten to the database yet, I suspect that will be even more complicated but at least that is only a single server to deal with for now. In the end I may just scrap the reverse proxy and allow apache to serve up the websites and handle everything else locally. Another option is to speak to my isp about getting a load of IPs, I dont see that conversation going too well. I know they allow 1 extra, but I doubt they would offer more. The best solution but they don't yet support it is IPV6 as then I could have all the ips needed and never need worry about it, but this has a drawback because its not fully accepted yet. My own ISP is proof of this.
I thought nginx is meant only for web server with main ports of 80 and 443 but others, like ssh port 22 and ftp port 20 and 21 are different kind of servers, so I am not sure how this nginx reverse proxy is related or can work on the later.
If you read my guide https://www.howtoforge.com/communit...-as-a-reverse-proxy-for-http-s-and-ssh.82918/ you will see (in great detail) how its done. Yes nginx is a http proxy but with later versions above 1.9 you have more functionality that allows some latitude. adding in a stream { } to the ginx main conf file you can now access ssh, databases and ftp servers etc etc. The problem as I have ourlined in my guide is that its a bit or a work around. Actually its more like a whole reach around and grab nginx by the b*** and force it route our connections. But it works and for the smaller infrastructure its perfectly manageable. Once you get over a handful of hosts behind nginx it will become far to complex and tedious, so much so that it would absolutely require full automation to configure everything in less than a day or three.
