Nginx multidomain proxypass

Discussion in 'Server Operation' started by Jiri Benes, Jun 4, 2018.

Tags:
  1. Jiri Benes

    Jiri Benes New Member

    Hello guys,

    Im trying to setup proxypass on my nginx reverse proxy but I can not figure out how to set it up :/ Because our clinet dont want to use * cert for these domains I have to use Lets Encrypt.
    My goal is to proxypass only www.mydomain.com and mydomain.com to some internal server for ex. http://www.infra/
    mydomain.com works fine but if i try www.mydomain.com it can not find a virtual host "Unknown virtual name"


    Here is my current config for mydomain.com on nginx proxy:

    server {
    listen *:80;

    listen *:443 ssl;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_certificate /var/www/clients/client1/web84/ssl/mydomain.com-le.crt;
    ssl_certificate_key /var/www/clients/client1/web84/ssl/mydomain.com-le.key;

    server_name mydomain.com www.mydomain.com;

    root /var/www/mydomain.com/web/;

    if ($scheme != "https") {
    rewrite ^ https://$http_host$request_uri? permanent;
    }


    index index.html index.htm index.php index.cgi index.pl index.xhtml;



    error_page 400 /error/400.html;
    error_page 401 /error/401.html;
    error_page 403 /error/403.html;
    error_page 404 /error/404.html;
    error_page 405 /error/405.html;
    error_page 500 /error/500.html;
    error_page 502 /error/502.html;
    error_page 503 /error/503.html;
    recursive_error_pages on;
    location = /error/400.html {

    internal;
    }
    location = /error/401.html {

    internal;
    }
    location = /error/403.html {

    internal;
    }
    location = /error/404.html {

    internal;
    }
    location = /error/405.html {

    internal;
    }
    location = /error/500.html {

    internal;
    }
    location = /error/502.html {

    internal;
    }
    location = /error/503.html {

    internal;
    }

    error_log /var/log/ispconfig/httpd/mydomain.com/error.log;
    access_log /var/log/ispconfig/httpd/mydomain.com/access.log combined;

    location ~ /\. {
    deny all;
    }

    location ^~ /.well-known/acme-challenge/ {
    access_log off;
    log_not_found off;
    root /usr/local/ispconfig/interface/acme/;
    autoindex off;
    index index.html;
    try_files $uri $uri/ =404;
    }

    location = /favicon.ico {
    log_not_found off;
    access_log off;
    expires max;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }

    location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }

    location /stats/ {

    index index.html index.php;
    auth_basic "Members Only";
    auth_basic_user_file /var/www/clients/client1/web84/web/stats/.htpasswd_stats;
    }

    location ^~ /awstats-icon {
    alias /usr/share/awstats/icon;
    }

    location ~ \.php$ {
    try_files /4c632487bc4f297eaf8b10538547e380.htm @php;
    }


    location @php {
    deny all;
    }




    location / {

    proxy_pass_header Authorization;
    proxy_pass http://www.infra/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_buffering off;
    client_max_body_size 0;
    proxy_read_timeout 36000s;
    proxy_redirect off;
    proxy_ssl_session_reuse off;

    }



    }
     

Share This Page