nginx reverse proxy SSL

Question

Goals:

Have a single nginx reverse proxy for all sub-sites (running on other ports).
BLOCK all direct connections, and instead; route through nginx.

Problem(s):

502 gateway errors when trying to access https://www.example.com/site1/ (connect() failed (111: Connection refused) while connecting to upstream)

Setup:

example.com running on port 80 (nginx).
site1 and site2 running on ports 8001 and 8002 respectively.

nginx config:

    worker_processes 1;

    events { worker_connections 1024; }

    http {
        sendfile on;

        upstream site1 {
            server 127.0.0.1:8001;
        }

        upstream site2 {
            server 127.0.0.1:8002;
        }

        server {
            listen 80 default_server;
            server_name _;
            return 301 https://$host$request_uri;
        }

        server {

            listen 443 ssl;
            listen [::]:443 ssl;
            gzip on;
            access_log on;
            log_not_found on;
            error_log  /var/log/nginx/error.log error;
            server_name example.com www.example.com;
            charset UTF-8;
            root /var/www/html;
            error_page 404 /404.html;

            ssl_prefer_server_ciphers on;
            ssl_certificate /etc/ssl/server.crt;
            ssl_certificate_key /etc/ssl/server.key;

            location /site1/ {
                proxy_set_header X-Original-Request $request_uri;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_pass http://site1;
            }

            location /site2/ {
                proxy_set_header X-Original-Request $request_uri;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_pass http://site2;
            }
        }
    }

Facing a few problems regarding setting up my nginx reverse-proxy. Any help in this regard is much appreciated. Many thanks.

score 1 · Answer 1 · answered Jul 12 '19 at 15:11

Block all direct connections to port 8000/8001:

Close the firewall for ports 8000/8001 with IPtables/firewalld/ufw
Disallow any external IP addresses to access your content on 8000/8001 (requests from nginx will come from localhost).

Then you say “I have a few problems”. It isn’t really clear what those problems are. I’m assuming that your applications want to be run on /, while you are trying to run them on /site1 and /site2. Please ensure your applications allow you to run them on the appropriate URIs.

Thanks for the ports tip, I've updated the question with the primary problem. — Umesh .A Bhat, Jul 12 '19 at 15:17

nginx reverse proxy SSL

1 Answers1