Nginx self-signed https and reverse proxy

Nginx self-signed https and reverse proxy

The company’s wiki server and docker private registry in the company’s desktop cloud, since public IP resource constraints,
these servers can not be coupled with each public network IP, it can only be accessed through a public IP, so you need to use Nginx Be a reverse proxy to access these servers.
In addition, these services should be accessed with https.

server IP network
wiki.rmohan.com 192.168.1.47
hub.rmohan.com 192.168.1.48
Generate a self-signed certificate

mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

tc/nginx/sites-available/default

upstream wiki {
server 192.168.1.47:80; # wiki.rmohan.com
}

upstream hub {
server 192.168.1.48; # hub.rmohan.com
}

## Start wiki.rmohan.com ##
server {

listen 80;

listen 443 ssl;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

server_name wiki.google.com;

access_log /var/log/nginx/wiki.rmohan.access.log;
error_log /var/log/nginx/wiki.rmohan.error.log;
root /usr/share/nginx/html;
index index.html index.htm;

## send request back to apache1 ##
location / {
proxy_pass http://wiki;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
## End wiki.rmohan.com ##

## START hub.rmohan.com ##
server {
server_name hub.rmohan.com;

listen 80;
listen 443 ssl;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

access_log /var/log/nginx/hub.rmohan.access.log;
error_log /var/log/nginx/hub.rmohan.error.log;
root /usr/local/nginx/html;
index index.html;

location / {
proxy_pass https://hub;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
## END hub.rmohan.com ##

IP restrictions

For safety reasons, to ban people outside the company access to these services,
the company set up to allow only IP access nginx years. In the two configurations above was added the following:

allow 203.38.12.12;
allow 203.38.12.20;
deny all;