Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-24-2013, 09:09 AM
|
#1
|
Member
Registered: Jan 2013
Distribution: RHEL
Posts: 54
Rep:
|
Nginx as SSL Proxy for Weblogic Server and switching ports.
I'm currently using this config file (I know it's a bit messy):
Code:
#######################################################################
#
# This is the main Nginx configuration file.
#
# More information about the configuration options is available on
# * the English wiki - http://wiki.nginx.org/Main
# * the Russian documentation - http://sysoev.ru/nginx/
#
#######################################################################
#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
# http://wiki.nginx.org/NginxHttpMainModule
#
#----------------------------------------------------------------------
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log debug;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
#----------------------------------------------------------------------
# Events Module
#
# http://wiki.nginx.org/NginxHttpEventsModule
#
#----------------------------------------------------------------------
events {
worker_connections 1024;
}
#----------------------------------------------------------------------
# HTTP Core Module
#
# http://wiki.nginx.org/NginxHttpCoreModule
#
#----------------------------------------------------------------------
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
proxy_cache_path /etc/nginx/cache levels=1:2 keys_zone=data-cache:8m
max_size=1000m inactive=600m;
proxy_temp_path /etc/nginx/cache/tmp;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#
# The default server
#
server {
chunkin on;
error_page 411 = @my_411_error;
location @my_411_error {
chunkin_resume;
}
listen 9043 ssl;
listen 9044 ssl;
listen 9070 ssl;
server_name mysite1.com;
### SSL log files ###
access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;
### SSL cert files ###
ssl_certificate /etc/nginx/ssl/mysite1.com.crt;
ssl_certificate_key /etc/nginx/ssl/mysite1.com.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
### Limiting Ciphers ################
# Uncomment as per your setup
# ssl_ciphers HIGH:!ADH
# ssl_perfer_server_ciphers on;
# ssl_protocols SSLv3;
#####################################
# We want full access to SSL via backend ###
location / {
more_clear_input_headers 'Transfer-Encoding';
proxy_pass http://myhost1.com:9043;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
### Set headers ####
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded_Proto https;
### By default we don't want to redirect it ####
proxy_redirect off;
}
location /pci/ {
more_clear_input_headers 'Transfer-Encoding';
proxy_pass http://myhost1.com:9044/pci/;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
### Set headers ####
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded_Proto https;
### By default we don't want to redirect it ####
proxy_redirect off;
}
location /TEST/ {
more_clear_input_headers 'Transfer-Encoding';
proxy_pass http://myhost1.com:9044/TEST/;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
### Set headers ####
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded_Proto https;
### By default we don't want to redirect it ####
proxy_redirect off;
}
}
server {
chunkin on;
error_page 411 = @my_411_error;
location @my_411_error {
chunkin_resume;
}
listen 8897 ssl;
server_name mysite2.com;
### SSL log files ###
access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;
### SSL cert files ###
ssl_certificate /etc/nginx/ssl/mysite2.com.crt;
ssl_certificate_key /etc/nginx/ssl/mysite2.com.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
### Limiting Ciphers ################
# Uncomment as per your setup
# ssl_ciphers HIGH:!ADH
# ssl_perfer_server_ciphers on;
# ssl_protocols SSLv3;
#####################################
# We want full access to SSL via backend ###
location / {
#rewrite ^(.*)$ brim/$1 break;
more_clear_input_headers 'Transfer-Encoding';
proxy_pass http://myhost2.com:8897;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
### Set headers ####
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_store off;
#proxy_redirect off;
proxy_buffering off;
### cache ###
proxy_cache data-cache;
proxy_cache_valid 200 302 60m;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded_Proto https;
### By default we don't want to redirect it ####
proxy_redirect http://mysite2.com:8897 https://mysite2.com:8897;
}
}
server {
chunkin on;
error_page 411 = @my_411_error;
location @my_411_error {
chunkin_resume;
}
listen 8899 ssl;
server_name mysite3.com;
### SSL log files ###
access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;
### SSL cert files ###
ssl_certificate /etc/nginx/ssl/mysite3.com.crt;
ssl_certificate_key /etc/nginx/ssl/mysite3.com.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
### Limiting Ciphers ################
# Uncomment as per your setup
# ssl_ciphers HIGH:!ADH
# ssl_perfer_server_ciphers on;
# ssl_protocols SSLv3;
#####################################
# We want full access to SSL via backend ###
location / {
#rewrite ^(.*)$ bannerevents/$1 break;
more_clear_input_headers 'Transfer-Encoding';
proxy_pass http://myhost2.com:8899;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
### Set headers ####
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_store off;
#proxy_redirect off;
proxy_buffering off;
### cache ###
proxy_cache data-cache;
proxy_cache_valid 200 302 60m;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded_Proto https;
### By default we don't want to redirect it ####
proxy_redirect http://mysite3.com:8899 https://mysite3.com:8899;
}
}
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
}
As for right now everything is working as it should but I'm wondering if I can change the ports that nginx is offering out without breaking anything.
Right now you have to type https://mysite1.com:9043/blah to get to that site but I'd like to be able to just have https://mysite1.com/blah and just use the standard 443.
|
|
|
07-24-2013, 09:13 AM
|
#2
|
Senior Member
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278
|
Here's the thing. Thats a nice complicated setup you got -- so why not spin up a VM, run nginx and get it working locally, then change it and see if it messes anything up?
If someone gets on here and says "Nah, you'll be fine," and then you aren't, you'll wish you had.
|
|
1 members found this post helpful.
|
07-24-2013, 09:14 AM
|
#3
|
Member
Registered: Jan 2013
Distribution: RHEL
Posts: 54
Original Poster
Rep:
|
This is a test environment and I have the system in a snapshot so I'm not too worried about knocking anything major out.
|
|
|
07-24-2013, 09:31 AM
|
#4
|
Senior Member
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278
|
Nice. in that case, if all you want to do is change the port to 443, then just change the two mentions of 9043 to 443. Reading through, there doesnt seem to be any reason for it not to work for mysite1. Just make sure you update your firewall if its running.
|
|
1 members found this post helpful.
|
07-24-2013, 10:37 AM
|
#5
|
Member
Registered: Jan 2013
Distribution: RHEL
Posts: 54
Original Poster
Rep:
|
It's always the first thing I forget to check, firewall settings. Everything works fine. Thanks
|
|
|
07-24-2013, 10:57 AM
|
#6
|
Senior Member
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278
|
No problem. Mark the thread solved if you'd like.
And also,.. checking the firewall on a server is basically like checking to make sure a users desktop is plugged in!!
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 11:38 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|