Nginx reverse proxy address/port already in use

nginxport-443reverse-proxyweb-server

I have an nginx reverse proxy, and I would like to have it forward traffic on to several sites, and listen on port 443 for all of these services. I've seen this done several places, and seems like the normal way to have a reverse proxy setup…it listens on a single port, and forwards based on URL.

However, I have some settings that I consider to be a little weird because I have a site that uses NTLM validation through an IIS site, and because of that I am using nginx Stream

Here's my current config files:

/opt/nginx/nginx.conf

stream {
    upstream backend {
        hash $remote_addr consistent;
        server mysite.domain.com:80 weight=5;
        server 192.168.0.5 max_fails=3 fail_timeout=30s;
    }

    server {
        listen 192.168.0.2:443 ssl;
        ssl_certificate /usr/local/nginx/conf/mycert.crt;
        ssl_certificate_key /usr/local/nginx/conf/mykey.key;
        ssl_session_cache shared:SSL:10m;

        ssl_session_timeout 5m;

        proxy_connect_timeout 1s;
        proxy_timeout 3s;
        proxy_pass backend;
    }
}

http {
    include mime.types;
    default_type application/octet-stream;

    sendfile on;
    keepalive_timeout 65;

    server {
        listen       80;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }
    include /opt/nginx/sites-enabled/*;
}

/opt/nginx/sites-available/default

server {
        listen 80 default;
        server_name _;
        return 301 https://$host$request_uri;
}

server {

        listen 192.168.0.2:443 ssl;
        server_name myothersite.domain.com;

        ssl_certificate /usr/local/nginx/conf/mycert.crt;
        ssl_certificate_key /usr/local/nginx/conf/mykeykey;

        ssl_session_timeout 5m;

        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_prefer_server_ciphers on;

        location / {
                proxy_pass http://192.168.0.6:80;
                proxy_set_header Host $host;

                proxy_redirect http:// $scheme://;

        }
}

When I go to restart nginx, I get the error 

bind() to 127.0.0.1:443 failed (98: Address already in use)

I thought that under each server you could have it listen on the same port, but this seems to not be working.

If I remove the stream all together, and just use two other sites that don't use stream, this seems to work fine with multiple server sections.

Best Answer

According to the official documentation - Different servers must listen on different address:port pairs.

Related Topic