Nginx Reverse Proxy w/ SSL - 403 Error

apache-2.2 ubuntu nginx reverse-proxy http-status-code-403

7,437

Ok, everything looks like it's running smoothly. Basically, I changed my Nginx server block to forward SSL requests to port 445, which Apache runs SSL on.

Nginx Server Block

    proxy_redirect          off;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    location / {
    proxy_pass https://127.0.0.1:445;

Apache Virtual Host File

    <VirtualHost *:445>

    (Apache Config options w/ SSL)

    </VirtualHost>

This post sent me on the right track. Multisite Nginx reverse proxy routing to Apache

7,437

Marc Woodyard

System Admin by day, developer by night. Web dev somewhere in between.

Updated on September 18, 2022

Comments

Marc Woodyard over 1 year

I've been trying to install Nginx as a reverse proxy for the past couple of days, but I can't get it to work. Everytime I load a page on my site, or even a file on my server, it returns a 403 forbidden error.

I've been following a tutorial I found on DigitalOcean, which I've completed. (At the end of the article, there's a picture of a phpinfo page says it was loaded with an Apache Handler. My phpinfo page said the same thing.

But what ever I do, I can't get the 403 error to go away.

Server Specs:

OS: Unbutu

RAM: 512 MB

Nginx Config File

    server {

    ### server port and name ###
    listen          *:443;
    ssl             on;
    server_name     --Server Name--;


    #include global/common.conf;
    #include global/wordpress.conf;
    #include global/multisite.conf;


    ### SSL log files ###
    access_log      --Log Location--;
    error_log       --Log Location--;

    ### SSL cert files ###
    ssl_certificate      --Certificate File--;
    ssl_certificate_key  --Certificate Key File--;

    root /var/www/; 
    allow 127.0.0.1;
    deny all;
    index index.php index.html index.htm;

    server_name --Server Name--; 

    location / {
    try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_pass 127.0.0.1:9000;

    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:8080;

     }

     location ~ /\.ht {
                deny all;

    }
   }

Apache Ports.conf File

   # If you just change the port or add more ports here, you will likely       also
   # have to change the VirtualHost statement in
   # /etc/apache2/sites-enabled/000-default.conf


   #Listen 127.0.0.1:8080
   Listen *:8080
   #Listen 80

   <IfModule ssl_module>
    Listen 444
    #Didn't work on 443 with Nginx as a reverse proxy
   </IfModule>

   <IfModule mod_gnutls.c>
    Listen 444
    #Didn't work on 443 with Nginx as a reverse proxy
   </IfModule>

   # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Apache Config File

<VirtualHost *:8080>


DocumentRoot /var/www/

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

xeon about 9 years

Whats the logs say?
Marc Woodyard about 9 years

It says 2015/04/09 17:49:27 [error] 12042#0: *1 directory index of "/var/www/" is forbidden, client: [IP Address], server: [URL], request: "GET / HTTP/1.1", host: "[URL]"
Droopy4096 about 9 years

looks like our phpinfo would be served through fastcgi interface (port 9000) thus unrelated to apache config. there's quire a mix of fastcgi_pass and proxy_pass which to me looks like it is the most likely culprit. Shouldn't you split them by location?
Marc Woodyard about 9 years

I created a test file I can access without 403 Forbidden error. But, when I try to access the WordPress Multisite network in /var/www/, it still displays a 403 error with index.php added to the URL in the address bar.
Marc Woodyard about 9 years

I finally got my homepage to show up. But, when I navigate to a page, it displays a 404 Not Found error. Also, when I login to the admin area /wp-admin/, it redirects me to :8080/wp-admin/

Marc Woodyard about 9 years

When I try to access the admin dashboard, sometimes it redirects /wp-admin/ to :445/wp-admin/. But when I delete the :445, it loads the login page and I'm able to login. Is this normal?