Reverse proxy using nginx as frontend server

Server NGINX
1

Hello All,

I am trying to configure reverse proxy on my nginx server. This server
need to sit in the DMZ zone. Receive the web request and forward it to a
backend web server.

I have tried the configuration mentioned here.
http://wiki.nginx.org/NginxLikeApache

Note: - Currently No firewall in place so no port restriction.

Scenario -

The frontend server URL is https://mail.example.com

Backend Web Server URL is https://mail.webserver.com

Challenges -

  •     When the redirect happens the frontend URL should not change.

It should remain the same appending the new page details to the frontend
server URL.

  •     Need https configured from Client to frontend

  •     https/http from frontend to backend web server.

Can you please guide me with the configuration. Or let me know if you
need any further information

Regards,

Retheesh

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Any review, re-transmission, dissemination or other use of or taking of
any action in reliance upon,this information by persons or entities
other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the
material from your computer.
Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses.
However, given Internet accessibility, the Company cannot accept
liability for any virus introduced by this e-mail or any attachment and
you are advised to use up-to-date virus checking software.

2

Retheesh Kumar R wrote:

Hello All,

I am trying to configure reverse proxy on my nginx server. This server
need to sit in the DMZ zone. Receive the web request and forward it to a
backend web server.

I have tried the configuration mentioned here.
http://wiki.nginx.org/NginxLikeApache

Note: - Currently No firewall in place so no port restriction.

Scenario -

The frontend server URL is https://mail.example.com

Backend Web Server URL is https://mail.webserver.com

Challenges -

  •     When the redirect happens the frontend URL should not change.

It should remain the same appending the new page details to the frontend
server URL.

  •     Need https configured from Client to frontend

  •     https/http from frontend to backend web server.

Can you please guide me with the configuration. Or let me know if you
need any further information

Regards,

Retheesh

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Any review, re-transmission, dissemination or other use of or taking of
any action in reliance upon,this information by persons or entities
other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the
material from your computer.
Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses.
However, given Internet accessibility, the Company cannot accept
liability for any virus introduced by this e-mail or any attachment and
you are advised to use up-to-date virus checking software.

This is about what your looking for, although it only does plain-text
conversations from front-end to origin machines.

#Start of nginx config for SSL offloading


upstream app_pool {
server 192.168.1.100:80; # change these ports to connect to
SSL backend(s) instead?
server 192.168.1.101:80;
}

server {
ssl on;
ssl_certificate /etc/ssl/nginx/secure_combined.crt;
ssl_certificate_key
/etc/ssl/nginx/secure.some-domain-name-ssl-cert.com.key;

    listen                  443;
    location / {
    proxy_pass              http://app_pool; # possible to use ports

here…ie http://app_pool:443;
port_in_redirect off; # toggle on/off if you use a port
in the above line
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
}
}
}

End of Nginx config

Essentially, this config would listen on 443 of a machine, and pass all
requests to the two backends that are mentioned in the upstream block
above server. In this config, a user makes a connection via SSL to
https://thismachine.com, and the request is sent to the back-end as
plain-text(no ssl)

I would say you can use the “proxy_pass” statement in the server area to
try and connect to the origin machine(s) via SSL, as you can specify
ports in proxy_pass like this…

proxy_pass http://localhost:8080

Not exactly what you were looking for, but a few minutes of
experimenting with the proxy pass ports and upstream nodes, and you
should have what you want running.

Thanks!