What is a reverse proxy (taken from wikipedia):
“In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client like they originated from the proxy server itself”
So why do you want to use a reverse proxy? In my case it’s because I want to hide ports and instead forward request based on domain name. I also want to handle SSL encryption at one place. So even if I have a self signed certificate internally it will still show a green URL if NGINX is setup properly with a SSL CA.
Prerequisites
This config example assumes you have a DNS or DDNS already setup and a existing signed certificate from a CA (chained.pem and domain.key). The ports 80 and 433 on your router also need to forward request to your NGINX instance (in this example running on 192.168.2.1).
What I want to accomplish:
# Setup routing for Nas Management 192.168.1.4 (home.filegott.se)
http://home.filegott.se –(reverse proxy)–> http://192.168.1.4
https://home.filegott.se –(reverse proxy)–> https://192.168.1.4
# Setup routing for UniFi Controller 192.168.2.2 (unifi.filegott.se)
http://unifi.filegott.se –(redirect)–> https://unifi.filegott.se
https://unifi.filegott.se –(reverse proxy)–> https://192.168.2.2:8443
My nginx.config:
user nginx; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name home.filegott.se; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://192.168.1.4/; } } server { listen 443 ssl; server_name home.filegott.se; ssl_certificate /etc/nginx/certs/chained.pem; ssl_certificate_key /etc/nginx/certs/domain.key; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass https://192.168.1.4/; } } server { listen 80; server_name unifi.filegott.se; return 301 https://unifi.filegott.se$request_uri; } server { listen 443 ssl; server_name unifi.filegott.se; ssl_certificate /etc/nginx/certs/chained.pem; ssl_certificate_key /etc/nginx/certs/domain.key; location / { # redirect all HTTPS traffic to 192.168.2.2:8443 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass https://192.168.2.2:8443/; # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } }
I had to add three extra lines for support of webSockets for my UniFi Controller. Also worth mentioning is that the certificate used is signed for use of both domains: home.filegott.se and unifi.filegott.se.
Hi does this still work for you? I have also nginx with simillar setup, but I have 404 on reditect to “redirect.html?count=0.xxxx”
As you can see I’ve added the line “proxy_ssl_verify off;”. This is because I want to ignore the self-signed internal certificates.
Also I’ve removed the redirect rows:
As I only want Unifi controller to be available over HTTPS