Ryfujk

What properties make a magic weapon befit a Rogue more than a DEX-based Fighter?

How to preserve electronics (computers, ipads, phones) for hundreds of years?

How can a new country break out from a developed country without war?

Should I warn a new PhD Student?

Recursively move files within sub directories

Rendered textures different to 3D View

Make a Bowl of Alphabet Soup

Do I have to take mana from my deck or hand when tapping this card?

Should a narrator ever describe things based on a character's view instead of facts?

Showing mass murder in a kid's book

Is this saw blade faulty?

1 John in Luther’s Bibel

Mortal danger in mid-grade literature

Why doesn't Gödel's incompleteness theorem apply to false statements?

Did I make a mistake by ccing email to boss to others?

How do I lift the insulation blower into the attic?

What is the meaning of "You've never met a graph you didn't like?"

Why is indicated airspeed rather than ground speed used during the takeoff roll?

What is the period/term used describe Giuseppe Arcimboldo's style of painting?

How do you say "Trust your struggle." in French?

Not hide and seek

Do native speakers use "ultima" and "proxima" frequently in spoken English?

Amorphous proper classes in MK

Magnifying glass in hyperbolic space

nginx reverse proxy to non-standard ssl port

Nginx has ssl module, but thinks it doesn'tNginx proxy pass works for https but not httpnginx load balancer rewrite to listen portnginx proxy redirecting request to different proxyNginx subversion commit failureConfigure Nginx as reverse proxy with upstream SSLNginx/Apache: set HSTS only if X-Forwarded-Proto is httpsnginx reverse proxy hide login query also on 301 redirect or full qualified urlConfigure NGINX : How to handle 500 Error on upstream itself, While Nginx handle other 5xx errorsnginx (reverse proxy + ssl): shifting conf-lines destroys configuration

0

I am having a terrible time getting this to work, here's my config file. When I navigate to 'sub.domain.com' I'm redirected to an https version of the URL so I know nginx is receiving the request, but the reverse proxy isn't loading 10.3.2.200:8443. When I load "https://sub.domain.com", Chrome tells me "ERR_CONNECTION_CLOSED". I'm using snippets from other answers on StackExchage + other online tutorials but with no success.

As a peculiarity, if I run a test and change 443 to 20205 in the second server block, then the reverse proxy works with 'https://sub.domain.com:20205' and successfully forwards to 10.3.2.200:8443.

## running on 10.3.2.205

upstream destsrv {        

    server 10.3.2.200:8443;

}

server {        

    listen 80 http2;

    listen [::]:80 http2;        

    server_name sub.domain.com;        

    return 301 https://$server_name$request_uri;

}

server {

    listen 443 ssl http2;

    listen [::]:443 ssl http2;

    server_name sub.domain.com;

    ssl_certificate /etc/letsencrypt/certs/star_domain_com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/certs/star_domain_com/privkey.pem;

    location / {

        proxy_pass https://destsrv;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;

    }

}

This is a reverse proxy on a home server, I have ports 80 and 443 forwarded to my nginx server.

What's going on here?

nginx ssl reverse-proxy https

share|improve this question

edited May 3 '18 at 16:12

Telperion

asked May 3 '18 at 15:51

TelperionTelperion

11

bumped to the homepage by Community♦ 1 min ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  the nginx configuration looks good. What's running on 10.3.2.200 ? Is that firewall blocked?
  
  – Federico Galli
  May 3 '18 at 16:04
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @FedericoGalli It's not firewall blocked; I can access it publicly over https directly. With external port 20200 on router forwarded to 10.3.2.200:8443 and my public IP as an A record, sub.domain.com:20200 loads my web app. Also if I forward external 20205 to ..*.205:20205 and change nginx listener to 20205, I can load my app from sub.domain.com:20205 through the nginx reverse proxy.
  
  – Telperion
  May 3 '18 at 16:17
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @FedericoGalli Turns out my router was listening for connections on 443, so my redirect was never making it through to the web server. Once I stopped that, it started working.
  
  – Telperion
  May 3 '18 at 19:28
  

  
  
  
  

add a comment | 

0

I am having a terrible time getting this to work, here's my config file. When I navigate to 'sub.domain.com' I'm redirected to an https version of the URL so I know nginx is receiving the request, but the reverse proxy isn't loading 10.3.2.200:8443. When I load "https://sub.domain.com", Chrome tells me "ERR_CONNECTION_CLOSED". I'm using snippets from other answers on StackExchage + other online tutorials but with no success.

As a peculiarity, if I run a test and change 443 to 20205 in the second server block, then the reverse proxy works with 'https://sub.domain.com:20205' and successfully forwards to 10.3.2.200:8443.

## running on 10.3.2.205

upstream destsrv {        

    server 10.3.2.200:8443;

}

server {        

    listen 80 http2;

    listen [::]:80 http2;        

    server_name sub.domain.com;        

    return 301 https://$server_name$request_uri;

}

server {

    listen 443 ssl http2;

    listen [::]:443 ssl http2;

    server_name sub.domain.com;

    ssl_certificate /etc/letsencrypt/certs/star_domain_com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/certs/star_domain_com/privkey.pem;

    location / {

        proxy_pass https://destsrv;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;

    }

}

This is a reverse proxy on a home server, I have ports 80 and 443 forwarded to my nginx server.

What's going on here?

nginx ssl reverse-proxy https

share|improve this question

edited May 3 '18 at 16:12

Telperion

asked May 3 '18 at 15:51

TelperionTelperion

11

bumped to the homepage by Community♦ 1 min ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  the nginx configuration looks good. What's running on 10.3.2.200 ? Is that firewall blocked?
  
  – Federico Galli
  May 3 '18 at 16:04
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @FedericoGalli It's not firewall blocked; I can access it publicly over https directly. With external port 20200 on router forwarded to 10.3.2.200:8443 and my public IP as an A record, sub.domain.com:20200 loads my web app. Also if I forward external 20205 to ..*.205:20205 and change nginx listener to 20205, I can load my app from sub.domain.com:20205 through the nginx reverse proxy.
  
  – Telperion
  May 3 '18 at 16:17
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @FedericoGalli Turns out my router was listening for connections on 443, so my redirect was never making it through to the web server. Once I stopped that, it started working.
  
  – Telperion
  May 3 '18 at 19:28
  

  
  
  
  

add a comment | 

I am having a terrible time getting this to work, here's my config file. When I navigate to 'sub.domain.com' I'm redirected to an https version of the URL so I know nginx is receiving the request, but the reverse proxy isn't loading 10.3.2.200:8443. When I load "https://sub.domain.com", Chrome tells me "ERR_CONNECTION_CLOSED". I'm using snippets from other answers on StackExchage + other online tutorials but with no success.

As a peculiarity, if I run a test and change 443 to 20205 in the second server block, then the reverse proxy works with 'https://sub.domain.com:20205' and successfully forwards to 10.3.2.200:8443.

## running on 10.3.2.205

upstream destsrv {        

    server 10.3.2.200:8443;

}

server {        

    listen 80 http2;

    listen [::]:80 http2;        

    server_name sub.domain.com;        

    return 301 https://$server_name$request_uri;

}

server {

    listen 443 ssl http2;

    listen [::]:443 ssl http2;

    server_name sub.domain.com;

    ssl_certificate /etc/letsencrypt/certs/star_domain_com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/certs/star_domain_com/privkey.pem;

    location / {

        proxy_pass https://destsrv;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;

    }

}

This is a reverse proxy on a home server, I have ports 80 and 443 forwarded to my nginx server.

What's going on here?

nginx ssl reverse-proxy https

share|improve this question

edited May 3 '18 at 16:12

Telperion

asked May 3 '18 at 15:51

TelperionTelperion

11

## running on 10.3.2.205

upstream destsrv {        

    server 10.3.2.200:8443;

}

server {        

    listen 80 http2;

    listen [::]:80 http2;        

    server_name sub.domain.com;        

    return 301 https://$server_name$request_uri;

}

server {

    listen 443 ssl http2;

    listen [::]:443 ssl http2;

    server_name sub.domain.com;

    ssl_certificate /etc/letsencrypt/certs/star_domain_com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/certs/star_domain_com/privkey.pem;

    location / {

        proxy_pass https://destsrv;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;

    }

}

share|improve this question

edited May 3 '18 at 16:12

Telperion

asked May 3 '18 at 15:51

TelperionTelperion

11

share|improve this question

edited May 3 '18 at 16:12

Telperion

asked May 3 '18 at 15:51

TelperionTelperion

11

asked May 3 '18 at 15:51

TelperionTelperion

11

asked May 3 '18 at 15:51

TelperionTelperion

11

1 Answer
1

active

oldest

votes

0

@FedericoGalli Turns out my router was listening for connections on 443, so my redirect was never making it through to the web server. Once I stopped that, it started working.

Moral of the story: Don't just check your running web servers, make sure that your routing devices themselves aren't using certain ports.

share|improve this answer

answered May 3 '18 at 19:29

TelperionTelperion

11

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f910586%2fnginx-reverse-proxy-to-non-standard-ssl-port%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

@FedericoGalli Turns out my router was listening for connections on 443, so my redirect was never making it through to the web server. Once I stopped that, it started working.

Moral of the story: Don't just check your running web servers, make sure that your routing devices themselves aren't using certain ports.

share|improve this answer

answered May 3 '18 at 19:29

TelperionTelperion

11

add a comment | 

0

@FedericoGalli Turns out my router was listening for connections on 443, so my redirect was never making it through to the web server. Once I stopped that, it started working.

Moral of the story: Don't just check your running web servers, make sure that your routing devices themselves aren't using certain ports.

share|improve this answer

answered May 3 '18 at 19:29

TelperionTelperion

11

add a comment | 

@FedericoGalli Turns out my router was listening for connections on 443, so my redirect was never making it through to the web server. Once I stopped that, it started working.

Moral of the story: Don't just check your running web servers, make sure that your routing devices themselves aren't using certain ports.

share|improve this answer

answered May 3 '18 at 19:29

TelperionTelperion

11

share|improve this answer

answered May 3 '18 at 19:29

TelperionTelperion

11

answered May 3 '18 at 19:29

TelperionTelperion

11

answered May 3 '18 at 19:29

TelperionTelperion

11