Host -> jail -> host - BAD GATEWAY

Dobai-Pataky_BSSSSl · November 5, 2010, 9:13pm

Im using FreeBSD and jails. I have my postfix on host, and main http
server in jail.

When I set in jail (192.168.1.2):

server {
<------>listen 80;
<------>server_name www.poczta.a.org poczta.a.org;
<------>access_log /var/log/nginx/poczta.a.org-access.log;

<------>location / {
<------><------> proxy_pass http://188.212.129.X;
<------><------> proxy_set_header X-Real-IP $remote_addr;
<------><------> proxy_set_header Host $http_host;
<------>}
}

188.212.129.X it is my host IP.

I must set nginx on host, because without this my www mail client
(roundcube) dont working. I cant install postfix in jail. How to fix it?

Posted at Nginx Forum:

dong · November 5, 2010, 9:20pm

On Fri, Nov 5, 2010 at 1:11 PM, dong [email protected] wrote:

Im using FreeBSD and jails. I have my postfix on host, and main http
server in jail.

why bother with a jail maybe?

dong · November 5, 2010, 9:25pm

I cant install postfix in jail… its problem

Posted at Nginx Forum:

dong · November 5, 2010, 9:30pm

yes - don’t use jails at all. nginx is pretty secure, as is postfix…

dong · November 5, 2010, 9:43pm

of course.

2010/11/5 Jérôme Loyet [email protected]:

dong · November 5, 2010, 9:39pm

2010/11/5 Michael S. [email protected]:

yes - don’t use jails at all. nginx is pretty secure, as is postfix…

yes until a security hole is discovered …

dong · November 5, 2010, 10:00pm

Anybody have other idea?

Posted at Nginx Forum:

dong · November 5, 2010, 10:41pm

On Fri, 2010-11-05 at 16:11 -0400, dong wrote:

<------>location / {
<------><------> proxy_pass http://188.212.129.X;
<------><------> proxy_set_header X-Real-IP $remote_addr;
<------><------> proxy_set_header Host $http_host;
<------>}
}

188.212.129.X it is my host IP.

I’m not too familiar with BSD or BSD jails, but it sounds like a network
configuration issue rather than an Nginx issue. I’d first make sure
that 188.212.129.X is actually reachable from inside the jail. Then
make sure that whatever you are proxying to on the public IP is actually
listening there on port 80. Then make sure you aren’t filtering
packets to that 188.212.129.X:80 or that you at least have an exception
for 192.168.1.2.

Overall, I’m pretty confused as to what you are trying to accomplish by
proxying from a jail with a private IP address to a service that
apparently resides on a public IP address, since you could simply bypass
the proxy and access the public IP directly.

Cliff

–
Cliff W. [email protected]