Author Topic: Nginx Reverse Proxy  (Read 16051 times)

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Nginx Reverse Proxy
« Reply #15 on: September 30, 2011, 05:44:24 pm »
I can't get nginx to work.

http://xxxx.dyndns.org:999/test   does not take me to http://test inside my lan   or even just the IP address 192.168.0.1

There has to be something I am missing or just not understanding:

1) open port 999 in firewall
2) create vhost in zentyal named test on IP 192.168.12.1
3) apt-get nginx
4) make new directory in /etc/nginx/sites-enabled = /etc/nginx/sites-enabled/test
5) edit  ( nano /etc/nginx/sites-enabled/test  ) new file - maybe not correct command??????
6) Put in the following script

server {
        listen   999;
        server_name  xxxx.dyndns.org;

        access_log  /var/log/nginx/access_test.log;


        location / {
                proxy_pass      http://192.168.12.1/;
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

7) control ^ X to save   (maybe I did not save it correct)
8) restart nginx
9) put address http://xxxxx.dyndns.org:999/test into the browser and that should get you to test inside the lan ??????

However this does not work... so I am doing something wrong ...

christian

  • Guest
Re: Nginx Reverse Proxy
« Reply #16 on: September 30, 2011, 05:57:27 pm »
I think I understand what you don't understand  :)

What you need to do is to "configure" Nginx, not to create some "page" in /test.
Nginx config is done in /etc/nginx/nginx.conf
You have to edit this file.
It can contain "includes" to store additional conf (like in /conf.d) but can contain also everything directly inside.

Furthermore, your conf will point http://xxxxx.dyndns.org:999 to the internal serve (because of "location /"
« Last Edit: September 30, 2011, 05:59:02 pm by christian »

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Nginx Reverse Proxy
« Reply #17 on: September 30, 2011, 06:30:31 pm »
when you say the conf will point to the internal server do you mean have it point to 127.0.0.1 internal localhost ??? Instead of going to the 192.168.0.1??

christian

  • Guest
Re: Nginx Reverse Proxy
« Reply #18 on: September 30, 2011, 06:41:06 pm »
Could you please share your /etc/nginx/nginx.conf and your /etc/nginx/sites-enabled/test files?
When I wrote internal server, I meant server on the LAN, meaning 192.168.12.1
My point here is to say that URL to be accessed in order to reach the internal server is http://xxxxx.dyndns.org:999, not http://xxxxx.dyndns.org:999/test

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Nginx Reverse Proxy
« Reply #19 on: October 01, 2011, 02:29:37 am »
Another thing to consider is if you are running nginx on your zentyal server, and you are accessing from the internal network, you need to add a firewall rule internal-network---> Zentyal allowing connection to nginx service (port999).

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Nginx Reverse Proxy
« Reply #20 on: October 01, 2011, 02:32:18 am »
One other thing to remember is that you need to make a symlink from /etc/nginx/sites-available/test /etc/nginx/sites-enabled/test.

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Nginx Reverse Proxy
« Reply #21 on: October 01, 2011, 03:14:32 am »
My sites-available file (name matches my FQDN xed out here)
server{
    listen 82;
    server_name xxxx.no-ip.com;
    access_log /var/log/nginx/access_xxxx.log;
   
    location /{
        proxy_pass http://192.168.0.1/;
        }
}
symlinked to my sites-enabled.
I created a service called nginx in Zentyal and configured tcp/udp 82 (matches my listen statement).
I added an allow rule in outside-networks to Zentyal and inside networks to Zentyal for service nginx.
I opened a web browser locally and typed in http://xxxx.no-ip.com:82 and connected to my telephone system (192.168.0.1).   I then VPNed into work and RDPed into one of the machines and repeated the web browser thing and presto I was greeted with my telephone system login. 

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Nginx Reverse Proxy
« Reply #22 on: October 01, 2011, 04:48:42 am »
I have set up things more like I would if I was going to use it in production.

server{
    listen 80;
    server_name xxx.no-ip.com;
    access_log /var/log/nginx/access_xxx.log;
   
    location /{
        proxy_pass http://192.168.0.3:81/;
        }
    location /asterisk/ {
    rewrite /asterisk/(.*) /$1 break;
        proxy_pass http://192.168.0.1/;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

I set the Zentyal webserver to port 81 (notice the redirection in the first proxy_pass statement).  This gives the same results as the earlier experiment.  This would be usefull if you were, for instance running a tomcat server and wanted to integrate it into your main webserver. 

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Nginx Reverse Proxy
« Reply #23 on: October 01, 2011, 11:33:12 pm »
Both you Half_life and Christian make sense with your explanations and examples.  Combined with google I should have figured this out.  I don't see my firewall dropping packets so it all must be in how I wrote the script.  Alright I have attached it here. 

Just for my clarification do I make a file in either /etc/nginx/sites-available or /etc/nginx/sites enabled ??  If I do does it matter what I name them? 

Do I do add anything in the /etc/nginx/nginx.conf ???   

I have attached two different attempts and one nginx.conf

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Nginx Reverse Proxy
« Reply #24 on: October 01, 2011, 11:46:33 pm »
I am going to answer a few pieces of this now and then take a little time to look over the rest of your setup.  The accepted best practices for a sites-available, sites-enabled paradym  is to make your files in sites-available and then symlink them to sites-enabled where the server will actually be looking.  However, as long as you have the files in sites-enabled (symlinked or real) the server will find them.  The default nginx.conf file will work "out of the box" so you don't need to change it.

//edited to correct where the server looks for its configuration files which is sites-enabled.  <Smacks self in head>
« Last Edit: October 02, 2011, 04:51:56 pm by half_life »

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Nginx Reverse Proxy
« Reply #25 on: October 02, 2011, 12:04:59 am »
Did you open port 82 to internal traffic (internal-networks to Zentyal)?    Are you entering in http://your-server-ip:82/ for testing purposes?

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Nginx Reverse Proxy
« Reply #26 on: October 02, 2011, 12:19:33 am »
I also remember that you have multiple vlans setup. Prior to trying nginx,  where you able to access your web server (not the Zentyal gui but the "ITWORKS" page)?

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Nginx Reverse Proxy
« Reply #27 on: October 03, 2011, 02:54:50 pm »
From inside my lan I can get to the "IT Works" Page for ip 192.168.12.1   This is the IP for my Vlan interface named wifi.lan. 

Half_life I copied your example (just changed some IP and names to match my system) ..... I created a service nginx on port 82.  I added that port 82 to the firewall to both external and internal connections. I can see in the firewall logs that a connection came through.  It does not say anything about it being dropped so I am assuming I am reaching the open port...

I left the original /etc/nginx/nginx.conf at default setting on my first attempt.  I created a new file in /etc/nginx/sites-available/XXXX

I created a symlink between the sites available and sited enabled.  Checked that the link existed.

put the following script into the file

server{
    listen 82;
    server_name xxxx.dyndns.org;
    access_log /var/log/nginx/access_xxxx.log;
   
    location /{
        proxy_pass http://192.168.12.1/;
        }
}

I just keep getting The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.

I have tried putting the script directly into the nginx.conf file - did not work
I have tried adding the lines
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Did not work either. 

I can't connect from either inside my LAN or from the WAN.

It is almost as if I am not reaching nginx at all.

christian

  • Guest
Re: Nginx Reverse Proxy
« Reply #28 on: October 03, 2011, 03:34:36 pm »
Standard implementation is has described in here attached picture.
BTW what you did looks correct. Notice you do have to keep the "proxy" related lines in your conf.
Then if you try to access from intranet to something defined on internet, it may require some tuning.

Port numbers I show on here attached picture do not match your but you will easily align  ;)

In order to see whenever you reach or not Nginx, you can just try to telnet on Nginx port.

Why don't you try to set up everything internally, just to be sure you do not suffer from unexpected side effect because of FW, Zentyal or whatever?
Once it works, meaning you can use Nginx as reverse proxy, you can move it to Zentyal and adjust ports, firewall rules.

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Nginx Reverse Proxy
« Reply #29 on: October 04, 2011, 12:53:07 am »
from a command prompt ps -ef |grep nginx.  Do you get any results?