Nginx config to proxy pass to external ip and port (https -> http)
Try to use the upstream feature in Nginx.
You should know though, when doing proxy pass to external address, you will need to permit outgoing traffic to these ports in your office FWs, as the traffic will be going through the Nginx server.
Configure the server (vhost jira.a.team), note the upstream reference jira_app
server {
listen *:443 ssl;
server_name jira.a.team;
ssl on;
ssl_certificate ....
ssl_certificate_key ....
ssl_session_cache ....
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ....
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/....access.log combined;
error_log /var/log/nginx/....error.log;
location / {
proxy_pass http://jira_app;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
Configure upstream
upstream jira_app {
server ---.---.---.133:8080 fail_timeout=10s;
}
If you still want to use redirect from HTTP to HTTPs you can do the following as a separate server object:
server {
listen *:80;
server_name jira.a.team;
location / {
rewrite ^ https://jira.a.team$request_uri? permanent;
}
}
Dommar92
Student of computer science and assistant software developer. Fluently in Java and Php, developing in C++, Java, Perl, Bash and web technology
Updated on September 23, 2022Comments
-
Dommar92 over 1 year
I have a little complicated configuration of services.
My domain (call it "a.team" for now) points to my 1&1 Cloud Server with different services running dockerized fully functional with a dockerized nginx. Many subdomains pointing to docker containers and everything is fine.
Now I got a server at the office, ports 8080, 8090 and 7990 (Atlassian products) with access through the router fw and a static ip (works fine).
I want the cloud Server to manage the domain and proxy like this:
SSL https://jira.a.team to non SSL http://---.---.---.133:8080 (dummy) as a proxy (and for the other products, too)
Nginx is configured to redirect all http to https:
server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } server { listen 443 default_server ssl; server_name _; ssl_certificate /path/bundle.cer; ssl_certificate_key /path/-.a.team_private_key.key; }
And I want to add the new configuration to the existing ones.
server { listen 443 ssl; server_name jira.a.team; location / { proxy_pass http://---.---.---.133:8080; proxy_redirect off; } }
I tried many combinations with proxy set headers for host, x-real-ip and x-forwarded-for but all I get is a 504 gateway timeout.
Thank you for helping!
Regards