Nginx to open internal http service as https subdomain
I found some partial answers on this site and similar ones, but I couldn't figure out how to put them together, or maybe there is an answer and I can't recognize it: - /
What I am trying to achieve:
I have a http service running on my local network (I have dnsmasq setup accordingly):
http://subdomain1.domain.com:1234/
and I would like to expose it as internet (also external DNS works fine):
https://subdomain2.domain.com:443/
with user authentication handled by nginx.
I also want (should?) Keep the url visible in the browser unmodified.
I tried several combinations of what I found from similar questions, but something like me is slipping away.
This is my final try:
ssl_certificate /var/www/domain.com/domain_com.crt;
ssl_certificate_key /var/www/domain.com/domain_com.key;
server {
listen 443 default_server;
server_name subdomain1.domain.com;
location / {
auth_basic "Restricted";
auth_basic_user_file /var/www/domain.com/domain.com.passwords;
proxy_pass http://subdomain1.domain.com:1234/;
proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect https://subdomain2.domain.com/ http://subdomain1.domain.me:1234/;
}
}
I get: "Error 107 (net :: ERR_SSL_PROTOCOL_ERROR): SSL protocol error."
Update:
I think I found a solution, but a review would be appreciated anyway. This also overwrites the http access to go through https.
ssl_certificate /var/www/domain.com/domain_com.crt;
ssl_certificate_key /var/www/domain.com/domain_com.key;
server {
listen 80;
server_name subdomain1.domain.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
ssl on;
server_name subdomain1.domain.com;
location / {
auth_basic "Restricted";
auth_basic_user_file /var/www/domain.com/domain.com.passwords;
proxy_pass http://subdomain2.domain.com:1234/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_redirect off;
}
}
source to share
No one has answered this question yet
Check out similar questions: