Nginx reverse proxy with multiple ssl domain

I have problem with Nginx when I need configure it as reverse proxy for multiple locations based on source server, but on one port.

For example I have these servers:

server1.domain.com

server2.domain.com

server3.domain.com

nginx.domain.com is Nginx reverse proxy server

And I need access by this scheme:

nginx.domain.com/site -> server1.domain.com/site

(https) nginx.domain.com/site2 -> (https) server2.domain.com/site2

(https) nginx.domain.com/site3 -> (https) server3.domain.com/site3

But now I can access only to site2 which is first in configuration. When I change order then is working site3. Configuration of location in all servers is ok.

My default.conf I have following configuration.

server1

server {
listen 80;
server_name  server1.domain.com;
access_log  off;
error_log off;
# some locations
}

server2

server {
listen 80;
server_name  server2.domain.com;
access_log  off;
error_log off;
# some locations
}

server {
listen 443 ssl;
server_name  server2.domain.com;

include ssl/ssl.conf;
ssl     on;
ssl_certificate      ssl/server2.domain.com.crt;
ssl_certificate_key  ssl/server2.domain.com.key;    
# some locations
}

server3

server {
listen 80;
server_name  server3.domain.com;
access_log  off;
error_log off;
# some locations
}

server {
listen 443 ssl;
server_name  server3.domain.com;

ssl     on;
include ssl/ssl.conf;
ssl_certificate      ssl/server3.domain.com.crt;
ssl_certificate_key  ssl/server3.domain.com.key;
# some locations
}

In ssl.conf I have

ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  10m;

Thanks

server { listen 80; listen 443 ssl; # Ensure your certificate is for nginx.domain.com; server_name nginx.domain.com; location /site1 { proxy_pass $scheme://server1.domain.com; } location /site2 { proxy_pass $scheme://server2.domain.com; } location /site3 { proxy_pass $scheme://server3.domain.com; } }

Best Answer

You set up 3 servers respectively listening for requests addressed to server[123].domain.com.

When a request for an unknown domain kicks in, nginx serves it with the default domain. By default, nginx uses the first defined one, unless you explicitely specify another one with the default_server flag on the listen directive of one of your servers. That is why your nginx.domain.com requests will always be served by the default (first) server.

Now, what you wish is a reverse proxy. It is not what you asked nginx to do. You simply defined your backend servers to which you need to add another nginx server as frontend reverse-proxy.

To do so, you will need to use the ngx_http_proxy_module along with the ngx_http_upstream_module.

Specifically, you proxy requests from a location with proxy_pass to your backend servers.

Here is a simple reverse-proxy server configuration that might work for you:

Note the use of the $scheme variable, reproducing the scheme used to connect to the frontend with connection to the backend.

I am unsure about SSL configuration on the backend. I guess you need to use the same server_name on each of them and the same SSL certificate as on the frontend. I do not know if you can use different certificates on backends, each with a different server_name and change SSL parameters for connections proxy -> backends with the proxy module.

Best Answer

Related Solutions

Nginx has ssl module, but thinks it doesn’t

NGINX Reverse Proxy – URL Rewrite

Related Topic