Nginx Reverse Proxy w/ SSL – 403 Error

apache-2.2http-status-code-403nginxreverse-proxyUbuntu

I've been trying to install Nginx as a reverse proxy for the past couple of days, but I can't get it to work. Everytime I load a page on my site, or even a file on my server, it returns a 403 forbidden error.

I've been following a tutorial I found on DigitalOcean, which I've completed. (At the end of the article, there's a picture of a phpinfo page says it was loaded with an Apache Handler. My phpinfo page said the same thing.

But what ever I do, I can't get the 403 error to go away.

Server Specs:

OS: Unbutu

RAM: 512 MB

Nginx Config File

    server {

    ### server port and name ###
    listen          *:443;
    ssl             on;
    server_name     --Server Name--;


    #include global/common.conf;
    #include global/wordpress.conf;
    #include global/multisite.conf;


    ### SSL log files ###
    access_log      --Log Location--;
    error_log       --Log Location--;

    ### SSL cert files ###
    ssl_certificate      --Certificate File--;
    ssl_certificate_key  --Certificate Key File--;

    root /var/www/; 
    allow 127.0.0.1;
    deny all;
    index index.php index.html index.htm;

    server_name --Server Name--; 

    location / {
    try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_pass 127.0.0.1:9000;

    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:8080;

     }

     location ~ /\.ht {
                deny all;

    }
   }

Apache Ports.conf File

   # If you just change the port or add more ports here, you will likely       also
   # have to change the VirtualHost statement in
   # /etc/apache2/sites-enabled/000-default.conf


   #Listen 127.0.0.1:8080
   Listen *:8080
   #Listen 80

   <IfModule ssl_module>
    Listen 444
    #Didn't work on 443 with Nginx as a reverse proxy
   </IfModule>

   <IfModule mod_gnutls.c>
    Listen 444
    #Didn't work on 443 with Nginx as a reverse proxy
   </IfModule>

   # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Apache Config File

<VirtualHost *:8080>


DocumentRoot /var/www/

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

Best Answer

Ok, everything looks like it's running smoothly. Basically, I changed my Nginx server block to forward SSL requests to port 445, which Apache runs SSL on.

Nginx Server Block

    proxy_redirect          off;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    location / {
    proxy_pass https://127.0.0.1:445;

Apache Virtual Host File

    <VirtualHost *:445>

    (Apache Config options w/ SSL)

    </VirtualHost>

This post sent me on the right track. Multisite Nginx reverse proxy routing to Apache

Related Topic