Apache SSL 지원 사이트에 대한 Nginx 역방향 프록시

Apache SSL 지원 사이트에 대한 Nginx 역방향 프록시

여기에 게시된 것과 매우 유사한 질문이 있습니다.

Nginx 프록시 패스(역방향 프록시)를 사용하여 SSL로 Apache 호스팅 사이트 제공

서버 1 - nginx가 있고 자체 SSL 인증서(mail.mydomain.com)가 있는 메일 서버 서버 2 - Apache가 있고 자체 SSL 인증서(cloud.mydomain.com)가 있는 nextcloud

80/443 포트 전달 라우터를 내부 IP로 변경하면 두 사이트 모두 작동합니다.

nginx를 사용하여 nextcloud 사이트를 전달/역방향 프록시하고 싶은데 어떻게 해야 할지 모르겠습니다.

server {
 listen 80;
 listen [::]:80;
 server_name mail.mydomain.com;

 return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name mail.mydomain.com;
    root /usr/share/nginx/roundcubemail/;
    index index.php index.html index.htm;

  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ {
    deny all;
  }

  location ~ \.php$ {
   try_files $uri =404;
    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /.well-known/acme-challenge {
    allow all;
  }

          ####################################################################
          # SSL Stuff
          # https://mozilla.github.io/server-side-tls/ssl-config-generator/
          ####################################################################
          

          # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
          ssl_certificate           /etc/letsencrypt/live/mydomain.com/fullchain.pem;
          ssl_certificate_key       /etc/letsencrypt/live/mydomain.com/privkey.pem;
          ssl_session_timeout 1d;
          ssl_session_cache shared:SSL:50m;
          ssl_session_tickets off;


          # modern configuration. tweak to your needs.
          ssl_protocols TLSv1.2;
          ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
          ssl_prefer_server_ciphers on;

          # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
          add_header Strict-Transport-Security " max-age=15768000";

          # OCSP Stapling ---
          # fetch OCSP records from URL in ssl_certificate and cache them
         ssl_stapling on;
          ssl_stapling_verify on;


      ###################################
          # REVERSE PROXY LOCATION SETTINGS #
          ###################################
          location /calibre/ {
                proxy_pass http://192.168.1.83:8084/;
                proxy_set_header     Host            $host ;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https        on;
                proxy_redirect       off;
          }

          ##########################################################
          # Sonarr needs additional config regarding reverse proxy
          # Settings -> General -> URL Base: /sonarr
          ##########################################################
          location /sonarr/ {
                proxy_pass http://192.168.1.77:8989;
                proxy_set_header     Host            $host;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header     X-Forwarded-For      $proxy_add_x_forwarded_for;
          }

 location /sabnzbd/ {
                proxy_pass http://192.168.1.77:8080;
                proxy_set_header     Host            $host ;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https        on;
                proxy_redirect       off;
    }


}

cloud.mydomain.com이 작동하도록 하는 유일한 방법은 내부 IP에 대한 호스트 항목을 만드는 것입니다(분명히 이것은 내부 네트워크에서만 작동합니다).

nginx 구성에 무엇을 해야 합니까?

관련 정보