{"id":5441,"date":"2015-12-19T19:40:08","date_gmt":"2015-12-19T11:40:08","guid":{"rendered":"http:\/\/rmohan.com\/?p=5441"},"modified":"2015-12-19T19:40:08","modified_gmt":"2015-12-19T11:40:08","slug":"nginx-self-signed-https-and-reverse-proxy","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5441","title":{"rendered":"Nginx self-signed https and reverse proxy"},"content":{"rendered":"<p>Nginx self-signed https and reverse proxy<\/p>\n<p>The company&#8217;s wiki server and docker private registry in the company&#8217;s desktop cloud, since public IP resource constraints,<br \/>\nthese servers can not be coupled with each public network IP, it can only be accessed through a public IP, so you need to use Nginx Be a reverse proxy to access these servers.<br \/>\nIn addition, these services should be accessed with https.<\/p>\n<p>server IP network<br \/>\nwiki.rmohan.com 192.168.1.47<br \/>\nhub.rmohan.com 192.168.1.48<br \/>\nGenerate a self-signed certificate<\/p>\n<p>mkdir -p \/etc\/nginx\/ssl<br \/>\nopenssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout \/etc\/nginx\/ssl\/nginx.key -out \/etc\/nginx\/ssl\/nginx.crt<\/p>\n<p>tc\/nginx\/sites-available\/default<\/p>\n<p>upstream wiki {<br \/>\nserver 192.168.1.47:80; # wiki.rmohan.com<br \/>\n}<\/p>\n<p>upstream hub {<br \/>\nserver 192.168.1.48; # hub.rmohan.com<br \/>\n}<\/p>\n<p>## Start wiki.rmohan.com ##<br \/>\nserver {<\/p>\n<p>listen 80;<\/p>\n<p>listen 443 ssl;<\/p>\n<p>ssl_certificate \/etc\/nginx\/ssl\/nginx.crt;<br \/>\nssl_certificate_key \/etc\/nginx\/ssl\/nginx.key;<\/p>\n<p>server_name wiki.google.com;<\/p>\n<p>access_log \/var\/log\/nginx\/wiki.rmohan.access.log;<br \/>\nerror_log \/var\/log\/nginx\/wiki.rmohan.error.log;<br \/>\nroot \/usr\/share\/nginx\/html;<br \/>\nindex index.html index.htm;<\/p>\n<p>## send request back to apache1 ##<br \/>\nlocation \/ {<br \/>\nproxy_pass http:\/\/wiki;<br \/>\nproxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;<br \/>\nproxy_redirect off;<br \/>\nproxy_buffering off;<br \/>\nproxy_set_header Host $host;<br \/>\nproxy_set_header X-Real-IP $remote_addr;<br \/>\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br \/>\n}<br \/>\n}<br \/>\n## End wiki.rmohan.com ##<\/p>\n<p>## START hub.rmohan.com ##<br \/>\nserver {<br \/>\nserver_name hub.rmohan.com;<\/p>\n<p>listen 80;<br \/>\nlisten 443 ssl;<\/p>\n<p>ssl_certificate \/etc\/nginx\/ssl\/nginx.crt;<br \/>\nssl_certificate_key \/etc\/nginx\/ssl\/nginx.key;<\/p>\n<p>access_log \/var\/log\/nginx\/hub.rmohan.access.log;<br \/>\nerror_log \/var\/log\/nginx\/hub.rmohan.error.log;<br \/>\nroot \/usr\/local\/nginx\/html;<br \/>\nindex index.html;<\/p>\n<p>location \/ {<br \/>\nproxy_pass https:\/\/hub;<br \/>\nproxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;<br \/>\nproxy_redirect off;<br \/>\nproxy_buffering off;<br \/>\nproxy_set_header Host $host;<br \/>\nproxy_set_header X-Real-IP $remote_addr;<br \/>\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br \/>\n}<br \/>\n}<br \/>\n## END hub.rmohan.com ##<\/p>\n<p>IP restrictions<\/p>\n<p>For safety reasons, to ban people outside the company access to these services,<br \/>\nthe company set up to allow only IP access nginx years. In the two configurations above was added the following:<\/p>\n<p>allow 203.38.12.12;<br \/>\nallow 203.38.12.20;<br \/>\ndeny all;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nginx self-signed https and reverse proxy<\/p>\n<p>The company&#8217;s wiki server and docker private registry in the company&#8217;s desktop cloud, since public IP resource constraints, these servers can not be coupled with each public network IP, it can only be accessed through a public IP, so you need to use Nginx Be a reverse proxy to [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[70],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5441"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5441"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5441\/revisions"}],"predecessor-version":[{"id":5442,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5441\/revisions\/5442"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}