Nginx forward ssl to ISPConfig lxc container

Question

I am having issues with https connexions to the ISPConfig admin panel (port 8080). My setup is relatively standard. I own a physical host, which routes all traffic on common ports to an LXC container which acts as a router. This runs an Nginx instance in reverse proxy mode, to forward traffic to other LXC containers in the veth local network.

If I bypass the lxc router, it works fine, so the problem isn't my firewall. I am also doing these tests locally, so the actual router isn't an issue. My certs aren't signed, but again this is just for testing.

Here is a work-in-progress of my lxc router config, I have tried many many many things, all didn't work. I have left some of the tests do you get a better idea of what I am trying to achieve.

upstream mumble {
    server 10.0.3.101:80; #MumPI
}

upstream ispconfig {
    server 10.0.3.103:8080;
}

server {
    listen 80;
    listen 8080;
    listen 443 ssl;

    server_name potato.love;

    ssl_certificate     /usr/local/ispconfig/ispserver.crt;
    ssl_certificate_key /usr/local/ispconfig/ispserver.key;

#   location / {
#       proxy_pass      http://mumble;
#       proxy_redirect      off;
#       proxy_set_header    Host $host;
#       proxy_set_header    X-Real-IP $remote_addr;
#       proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
#   }

        location / {
        proxy_pass              http://10.0.3.103:8080;
                proxy_redirect          off;
                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

#server {
#   listen 443 ssl;
#
#   ssl on;
#   server_name potato.love;
#
#   ssl_certificate     /usr/local/ispconfig/ispserver.crt;
#   ssl_certificate_key /usr/local/ispconfig/ispserver.key;
#   ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
#
#        location / {
#                proxy_pass              http://10.0.3.103:8080;
#                proxy_redirect          off;
#                proxy_set_header        Host $host;
#                proxy_set_header        X-Real-IP $remote_addr;
#                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
#       proxy_ssl_session_reuse off;
#        }      
#}

Once I actually get / to work, I will be routing an alias instead. Something like potato.love/admin/.

A few other questions:

• Do I have to use the same cert as the ISPConfig generated one?

• Since the admin interface is on 8080, and I am routing from 80 to it, and my port 80 isn't https, could that be the problem?

• Any downsides running everything in ssl?

• What is love?

Thank you so much for any help. It is really appreciated, I will provide more information if the question is not clear. Have a great day!

Answer 1

This is the stupidest thing, but through testing I had tried proxy_pass with https and nginx failed restart. It seems that was another problem.

Solution:

proxy_pass https://10.0.3.103:8080;

[sigh]