Tengo una pregunta muy similar a la publicada aquí.
Utilice el pase de proxy Nginx (proxy inverso) para servir un sitio alojado en Apache con SSL
Servidor 1: servidor de correo con nginx y su propio certificado SSL (mail.midominio.com) Servidor 2: nextcloud con apache y su propio certificado SSL (nube.midominio.com)
Ambos sitios funcionan si cambio mi enrutador de reenvío de puertos 80/443 a sus IP internas.
Me gustaría reenviar/proxy inverso el sitio nextcloud usando nginx y no estoy seguro de cómo hacerlo.
server {
listen 80;
listen [::]:80;
server_name mail.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mail.mydomain.com;
root /usr/share/nginx/roundcubemail/;
index index.php index.html index.htm;
error_log /var/log/nginx/roundcube.error;
access_log /var/log/nginx/roundcube.access;
location / {
try_files $uri $uri/ /index.php;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known/acme-challenge {
allow all;
}
####################################################################
# SSL Stuff
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
####################################################################
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security " max-age=15768000";
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
###################################
# REVERSE PROXY LOCATION SETTINGS #
###################################
location /calibre/ {
proxy_pass http://192.168.1.83:8084/;
proxy_set_header Host $host ;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_redirect off;
}
##########################################################
# Sonarr needs additional config regarding reverse proxy
# Settings -> General -> URL Base: /sonarr
##########################################################
location /sonarr/ {
proxy_pass http://192.168.1.77:8989;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /sabnzbd/ {
proxy_pass http://192.168.1.77:8080;
proxy_set_header Host $host ;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_redirect off;
}
}
La única forma de hacer que cloud.mydomain.com funcione es crear una entrada de hosts para su IP interna (obviamente, esto solo funciona en la red interna)
¿Qué necesito hacer con mi configuración de nginx?