Nginx config to proxy pass to external ip and port (https -> http)

redirect ssl nginx https proxy
10,210

Try to use the upstream feature in Nginx.

You should know though, when doing proxy pass to external address, you will need to permit outgoing traffic to these ports in your office FWs, as the traffic will be going through the Nginx server.

Configure the server (vhost jira.a.team), note the upstream reference jira_app

server {
  listen       *:443 ssl;
  server_name  jira.a.team;
  ssl on;
  ssl_certificate           ....
  ssl_certificate_key       ....
  ssl_session_cache         ....
  ssl_session_timeout       5m;
  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers               ....
  ssl_prefer_server_ciphers on;
  access_log            /var/log/nginx/....access.log combined;
  error_log             /var/log/nginx/....error.log;
  location / {
    proxy_pass            http://jira_app;
    proxy_read_timeout    90;
    proxy_connect_timeout 90;
    proxy_redirect        off;
    proxy_set_header      Host $host;
    proxy_set_header      X-Real-IP $remote_addr;
    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header      Proxy "";
  }
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-For $remote_addr;
  proxy_set_header X-Forwarded-Proto $scheme;   
}

Configure upstream

upstream jira_app {
  server     ---.---.---.133:8080  fail_timeout=10s;
}

If you still want to use redirect from HTTP to HTTPs you can do the following as a separate server object:

server {                                                                                                                                                 
 listen *:80;                                                                                                                                           
 server_name           jira.a.team;                                                                                                               
 location / {                                                                                                                                                                                                                                                   
  rewrite ^ https://jira.a.team$request_uri? permanent;                                                                                            
 }                                                                                                                                                      
}
Share:
10,210
Dommar92
Author by

Dommar92

Student of computer science and assistant software developer. Fluently in Java and Php, developing in C++, Java, Perl, Bash and web technology

Updated on September 23, 2022

Comments

  • Dommar92
    Dommar92 over 1 year

    I have a little complicated configuration of services.

    My domain (call it "a.team" for now) points to my 1&1 Cloud Server with different services running dockerized fully functional with a dockerized nginx. Many subdomains pointing to docker containers and everything is fine.

    Now I got a server at the office, ports 8080, 8090 and 7990 (Atlassian products) with access through the router fw and a static ip (works fine).

    I want the cloud Server to manage the domain and proxy like this:

    SSL https://jira.a.team to non SSL http://---.---.---.133:8080 (dummy) as a proxy (and for the other products, too)

    Nginx is configured to redirect all http to https:

    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;  
    return 301 https://$host$request_uri;
}
server {
    listen 443 default_server ssl;
    server_name _;
    ssl_certificate /path/bundle.cer;
    ssl_certificate_key /path/-.a.team_private_key.key;
}

    And I want to add the new configuration to the existing ones.

    server {
    listen 443 ssl;
    server_name jira.a.team;

    location / {
        proxy_pass http://---.---.---.133:8080;
        proxy_redirect off;
    }
}

    I tried many combinations with proxy set headers for host, x-real-ip and x-forwarded-for but all I get is a 504 gateway timeout.

    Thank you for helping!

    Regards

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"Remove the following redirect chain if possible" on Nginx
Forcing a particular SSL protocol for an nginx proxying server
nginx proxy based on host when using https
Nginx does redirect, not proxy
NGINX Redirect http to https and non-www to ww
How do I redirect HTTPS to HTTP on NGINX?
Redirect all http to https in nginx, except one file
IIS HTTP to HTTPS relative redirect
Redirect HTTP to HTTPS from Nginx is not working
How to fix PR_END_OF_FILE_ERROR when using nginx with ssl?