LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices


Reply
  Search this Thread
Old 07-24-2013, 09:09 AM   #1
mosiac
Member
 
Registered: Jan 2013
Distribution: RHEL
Posts: 54
Blog Entries: 1

Rep: Reputation: 4
Nginx as SSL Proxy for Weblogic Server and switching ports.


I'm currently using this config file (I know it's a bit messy):
Code:
#######################################################################
#
# This is the main Nginx configuration file.  
#
# More information about the configuration options is available on 
#   * the English wiki - http://wiki.nginx.org/Main
#   * the Russian documentation - http://sysoev.ru/nginx/
#
#######################################################################

#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
#   http://wiki.nginx.org/NginxHttpMainModule
#
#----------------------------------------------------------------------

user              nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log debug;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


#----------------------------------------------------------------------
# Events Module 
#
#   http://wiki.nginx.org/NginxHttpEventsModule
#
#----------------------------------------------------------------------

events {
    worker_connections  1024;
}


#----------------------------------------------------------------------
# HTTP Core Module
#
#   http://wiki.nginx.org/NginxHttpCoreModule 
#
#----------------------------------------------------------------------

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
	
proxy_cache_path /etc/nginx/cache levels=1:2 keys_zone=data-cache:8m
max_size=1000m inactive=600m;
  proxy_temp_path /etc/nginx/cache/tmp;




    sendfile        on;
    #tcp_nopush     on;
 
    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
   

    #
    # The default server
    #
    server {
	chunkin on;

        error_page 411 = @my_411_error;
        location @my_411_error {
                chunkin_resume;
        }

        listen       9043 ssl;
	listen 	     9044 ssl;
        listen 	     9070 ssl; 	
	server_name  mysite1.com;

	### SSL log files ###
	access_log   /var/log/nginx/ssl-access.log;
	error_log    /var/log/nginx/ssl-error.log;

	### SSL cert files ###
	ssl_certificate  /etc/nginx/ssl/mysite1.com.crt;
	ssl_certificate_key  /etc/nginx/ssl/mysite1.com.key;
	### Add SSL specific settings here ###
	keepalive_timeout   60;

        ### Limiting Ciphers ################
	# Uncomment as per your setup
	# ssl_ciphers HIGH:!ADH
	# ssl_perfer_server_ciphers on;
	# ssl_protocols SSLv3;
	#####################################
 	# We want full access to SSL via backend ###
              

location / {
                more_clear_input_headers 'Transfer-Encoding';
                proxy_pass http://myhost1.com:9043;
                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

                ### Set headers ####
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                ### Most PHP, Python, Rails, Java App can use this header ###
                proxy_set_header X-Forwarded_Proto https;

                ### By default we don't want to redirect it ####
                proxy_redirect  off;

    }

        location /pci/ {
                more_clear_input_headers 'Transfer-Encoding';
                proxy_pass http://myhost1.com:9044/pci/;
                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

                ### Set headers ####
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                ### Most PHP, Python, Rails, Java App can use this header ###
                proxy_set_header X-Forwarded_Proto https;

                ### By default we don't want to redirect it ####
	        proxy_redirect  off;

    }

 location /TEST/ {
                more_clear_input_headers 'Transfer-Encoding';
                proxy_pass http://myhost1.com:9044/TEST/;
                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

                ### Set headers ####
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                ### Most PHP, Python, Rails, Java App can use this header ###
                proxy_set_header X-Forwarded_Proto https;

                ### By default we don't want to redirect it ####
                proxy_redirect  off;


        }

}
 server {
        chunkin on;

        error_page 411 = @my_411_error;
        location @my_411_error {
                chunkin_resume;
        }
        listen      8897 ssl;
        server_name  mysite2.com;

        ### SSL log files ###
        access_log   /var/log/nginx/ssl-access.log;
        error_log    /var/log/nginx/ssl-error.log;

        ### SSL cert files ###
        ssl_certificate  /etc/nginx/ssl/mysite2.com.crt;
        ssl_certificate_key  /etc/nginx/ssl/mysite2.com.key;
        ### Add SSL specific settings here ###
        keepalive_timeout   60;

        ### Limiting Ciphers ################
        # Uncomment as per your setup
        # ssl_ciphers HIGH:!ADH
        # ssl_perfer_server_ciphers on;
        # ssl_protocols SSLv3;
        #####################################
        # We want full access to SSL via backend ###


 location / {
                #rewrite ^(.*)$ brim/$1 break;
		more_clear_input_headers 'Transfer-Encoding';
                proxy_pass http://myhost2.com:8897;
                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

                ### Set headers ####
		proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_store off;
		#proxy_redirect off;
		proxy_buffering off;
		###  cache  ###
		proxy_cache data-cache;
		proxy_cache_valid 200 302 60m;
		
		### Most PHP, Python, Rails, Java App can use this header ###
                proxy_set_header X-Forwarded_Proto https;

                ### By default we don't want to redirect it ####
                proxy_redirect http://mysite2.com:8897 https://mysite2.com:8897;

    }
}

server {
        chunkin on;

        error_page 411 = @my_411_error;
        location @my_411_error {
                chunkin_resume;
        }

        listen       8899 ssl;
        server_name  mysite3.com;

        ### SSL log files ###
        access_log   /var/log/nginx/ssl-access.log;
        error_log    /var/log/nginx/ssl-error.log;

        ### SSL cert files ###
        ssl_certificate  /etc/nginx/ssl/mysite3.com.crt;
        ssl_certificate_key  /etc/nginx/ssl/mysite3.com.key;
        ### Add SSL specific settings here ###
        keepalive_timeout   60;

        ### Limiting Ciphers ################
        # Uncomment as per your setup
        # ssl_ciphers HIGH:!ADH
        # ssl_perfer_server_ciphers on;
        # ssl_protocols SSLv3;
        #####################################
        # We want full access to SSL via backend ###

 location / {
                #rewrite ^(.*)$ bannerevents/$1 break;
                more_clear_input_headers 'Transfer-Encoding';
                proxy_pass http://myhost2.com:8899;
                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

                ### Set headers ####
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_store off;
                #proxy_redirect off;
                proxy_buffering off;
                ###  cache  ###
                proxy_cache data-cache;
                proxy_cache_valid 200 302 60m;

                ### Most PHP, Python, Rails, Java App can use this header ###
                proxy_set_header X-Forwarded_Proto https;

                ### By default we don't want to redirect it ####
                proxy_redirect http://mysite3.com:8899 https://mysite3.com:8899;

    }



}

 # Load config files from the /etc/nginx/conf.d directory
  include /etc/nginx/conf.d/*.conf;

}
As for right now everything is working as it should but I'm wondering if I can change the ports that nginx is offering out without breaking anything.

Right now you have to type https://mysite1.com:9043/blah to get to that site but I'd like to be able to just have https://mysite1.com/blah and just use the standard 443.
 
Old 07-24-2013, 09:13 AM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
Here's the thing. Thats a nice complicated setup you got -- so why not spin up a VM, run nginx and get it working locally, then change it and see if it messes anything up?

If someone gets on here and says "Nah, you'll be fine," and then you aren't, you'll wish you had.
 
1 members found this post helpful.
Old 07-24-2013, 09:14 AM   #3
mosiac
Member
 
Registered: Jan 2013
Distribution: RHEL
Posts: 54

Original Poster
Blog Entries: 1

Rep: Reputation: 4
This is a test environment and I have the system in a snapshot so I'm not too worried about knocking anything major out.
 
Old 07-24-2013, 09:31 AM   #4
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
Nice. in that case, if all you want to do is change the port to 443, then just change the two mentions of 9043 to 443. Reading through, there doesnt seem to be any reason for it not to work for mysite1. Just make sure you update your firewall if its running.
 
1 members found this post helpful.
Old 07-24-2013, 10:37 AM   #5
mosiac
Member
 
Registered: Jan 2013
Distribution: RHEL
Posts: 54

Original Poster
Blog Entries: 1

Rep: Reputation: 4
It's always the first thing I forget to check, firewall settings. Everything works fine. Thanks
 
Old 07-24-2013, 10:57 AM   #6
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
No problem. Mark the thread solved if you'd like.

And also,.. checking the firewall on a server is basically like checking to make sure a users desktop is plugged in!!
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Nginx as SSL Reverse Proxy mosiac Linux - Server 6 07-18-2013 04:54 PM
Nginx and node.js create proxy server thuananh Linux - Newbie 0 06-04-2012 05:03 AM
How do i find SSL enabled ports or SSL instances Doknik Linux - Software 1 12-10-2011 04:29 AM
All traffic showed as proxy after installing nginx proxy to apache centosfan Linux - Server 0 10-25-2008 09:41 AM
ssl.conf on a reverse proxy server depdiver Linux - Security 0 01-17-2005 09:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop

All times are GMT -5. The time now is 11:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration