Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ Nginx reverse proxy and self-signed https     - Linux, Oracle listen address modification (Database)

- Manually create Oracle Database Explanations (Database)

- Ubuntu 15.04 Linux install anti-virus software Antiviral 0.2 (Linux)

- Android Studio Installation and Configuration Guide tutorial (Linux)

- Digital jQuery scrolling effect (Programming)

- Use the vi text editor and copy and paste Linux tips (Linux)

- Linux performance monitoring (Linux)

- Installation CD audio file extraction tool Flacon (Linux)

- An Example of GoldenGate Extract Process Hang Problem Solving (Database)

- Linux user groups, file permissions Detailed (Linux)

- System with Windows Remote Desktop to connect Ubuntu 15.04 (Linux)

- To build PHP environment (Nginx + MariaDB + PHP7) under CentOS 6.5 (Server)

- Linux installed Cisco Packet Tracer (Linux)

- Recover accidentally deleted Nginx logs (Server)

- Hive handle count distinct inclination to produce data processing (Database)

- Oracle 11g statistics collection - collection of multi-column statistics (Database)

- Android engineers interview questions (Programming)

- Linux landing problem (Linux)

- Hadoop 0.23 compile common errors (Server)

- Why use Docker (Programming)

 
         
  Nginx reverse proxy and self-signed https
     
  Add Date : 2016-05-04      
         
         
         
  Scenes

The company's wiki server and docker private registry in the company's desktop cloud, since the public IP network resource constraints, these servers can not be coupled with each public IP network, can only be accessed through a public IP network, it is necessary to use Nginx be reverse proxy access to these servers. In addition, these services should be accessed with https.

Internal server network IP
wiki.renhl.com 172.168.100.47
hub.renhl.com 172.168.100.48
Generate a self-signed certificate

Because his company will not need to apply for certification with a certificate, and can be self-signed.

$ Sudo mkdir -p / etc / nginx / ssl
$ Sudo openssl req -x509 -nodes -days 3650 -newkey rsa: 2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Configure Reverse Proxy

Edit / etc / nginx / sites-available / default, adding the following:

upstream wiki {
    server 172.168.100.47:80; # wiki.renhl.com
}

upstream hub {
    server 172.168.100.48; # hub.renhl.com
}

## Start wiki.renhl.com ##
server {

    listen 80;

    listen 443 ssl;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    server_name wiki.ecloud.com.cn;

    access_log /var/log/nginx/wiki.renhl.access.log;
    error_log /var/log/nginx/wiki.renhl.error.log;
    root / usr / share / nginx / html;
    index index.html index.htm;

    ## Send request back to apache1 ##
    location / {
     proxy_pass http: // wiki;
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_redirect off;
     proxy_buffering off;
     proxy_set_header Host $ host;
     proxy_set_header X-Real-IP $ remote_addr;
     proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
   }
}
## End wiki.renhl.com ##

## START hub.renhl.com ##
server {
    server_name hub.renhl.com;

    listen 80;
    listen 443 ssl;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

   access_log /var/log/nginx/hub.renhl.access.log;
   error_log /var/log/nginx/hub.renhl.error.log;
   root / usr / local / nginx / html;
   index index.html;

   location / {
        proxy_pass https: // hub;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header Host $ host;
        proxy_set_header X-Real-IP $ remote_addr;
        proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
    }
}
## END hub.renhl.com ##
IP restrictions

For safety reasons, to ban people outside the company access to these services, the company set up to allow only the IP access nginx inside. In the two configurations above was added the following:

allow 111.206.238.12;
allow 111.206.238.94;
deny all;
     
         
         
         
  More:      
 
- Thinking in Java study notes - Generics (Programming)
- tar decompression problems gzip: stdin: not in gzip format (Linux)
- Timing Nginx logs cut and remove the log records of the specified number of days before (Server)
- CentOS7 virtual machine settings, and bridging problems (Linux)
- To install GCC development environment under SUSE11 (Linux)
- Using PHP MySQL library (Programming)
- Modify grub solve computer startup error: ERROR 17 (Linux)
- Linux Getting Started tutorial: Experience Xen Virtual Machine chapter (Linux)
- Android Studio interface-related settings (Linux)
- Oracle Data Pump Example (Database)
- configuration ssh without password under Linux (Linux)
- OpenSSL for secure transmission and use of skills of files between Windows and Linux (Linux)
- PostgreSQL procedural language learning (Database)
- Oracle Database ORA-01555 snapshot too old (Database)
- To add the Oracle JDBC driver in Maven repository (Linux)
- Linux beginners should know 12 commands (Linux)
- Linux command Detailed chpasswd bulk edit user password (Linux)
- Linux Nginx installation and configuration instructions (Server)
- Source compiler install Nginx (Server)
- Ubuntu mysql stop fail to solve the problem (Database)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.