Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
14512 posts

Uber Geek
+1 received by user: 2670

Trusted
Subscriber

  Reply # 1569355 10-Jun-2016 12:29
Send private message

That config might be a good start, but isn't quite right. server_name should match the domain name, at least for port 80. If you're hosting multiple domains on one IP you'll want multiple blocks for port 80, each with a different server_name and proxy_pass. It will take some experimentation to get activesync and web serving working at the same time, but not that much.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2586 posts

Uber Geek
+1 received by user: 751


  Reply # 1569368 10-Jun-2016 12:54
Send private message

timmmay:server_name should match the domain name, at least for port 80. If you're hosting multiple domains on one IP you'll want multiple blocks for port 80, each with a different server_name and proxy_pass.

 

 

Well, Ubuntu and Nginx are installed but now I'm a little stuck on the specific of the config file and how to achieve what you suggest above.

 

Let's assume the following basic scenario where our external IP is 1.2.3.4; keeping it simple with just port 80 for now:

 

 

 

External A Records:

 

mail.company.com     1.2.3.4

 

portal.company.com   1.2.3.4

 

 

 

HTTP requests for mail.company.com should go to internal server 10.0.0.1

 

HTTP requests for portal.company.com should go to internal server 10.0.0.2

 

 

 

What is the correct syntax to do this?

 

Thanks


 
 
 
 


936 posts

Ultimate Geek
+1 received by user: 304

Trusted

  Reply # 1569370 10-Jun-2016 12:58
Send private message

Yeh Timmay is right if you name virutal hosts. Which means you can essentially have 2 things on the same port and do different stuff with it. Which is pretty cool. 

 

That config might have a few hic-ups in it. I bashed it together in about 3-4 minutes. 

 

Heres what I mean, suppose I have two wordpress sites. blah.co.nz and blah2.co.nz

 

server_name blah.co.nz www.blah.co.nz;
root /var/www/blah;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}

 

Then for another website I can have 

 

server_name blah2.co.nz www.blah2.co.nz;
root /var/www/blah2;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}

 

I still think purchasing more IP addresses will be a better solution. I think my company charges approximately $5/mth +GST per IP. So for a /29 it would be $40+GST a month. You will be able to use 6 addresses.






14512 posts

Uber Geek
+1 received by user: 2670

Trusted
Subscriber

  Reply # 1569389 10-Jun-2016 13:10
Send private message

Something like this. There are a whole bunch more directives you might need for your location that modify how things work.

 

 

 

server {
  server_name mail.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.1;
  }
}

 


server {
  server_name portal.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.2;
  }
}

 

 

 

The config Daryl is posting is more of a reverse proxy for a php based site than what you've said you need.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2586 posts

Uber Geek
+1 received by user: 751


  Reply # 1569394 10-Jun-2016 13:17
Send private message

timmmay:

 

Something like this. There are a whole bunch more directives you might need for your location that modify how things work.

 

 

 

server {
  server_name mail.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.1;
  }
}

 


server {
  server_name portal.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.2;
  }
}

 

 

 

The config Daryl is posting is more of a reverse proxy for a php based site than what you've said you need.

 

 

Thanks, that's looks a little more my speed!


936 posts

Ultimate Geek
+1 received by user: 304

Trusted

  Reply # 1569403 10-Jun-2016 13:23
Send private message

Thanks Timmay,

Yeh I have tried to explain it easily in this image. Also you cant have listen 80 twice. It will poo the bed.

 

Click to see full size








2586 posts

Uber Geek
+1 received by user: 751


  Reply # 1569405 10-Jun-2016 13:26
Send private message

darylblake:

 

Thanks Timmay,

Yeh I have tried to explain it easily in this image. Also you cant have listen 80 twice. It will poo the bed.

 

Click to see full size

 

 

Thanks Daryl,

 

I'll have a bit of a play and see what I can make work, appreciate the help.


14512 posts

Uber Geek
+1 received by user: 2670

Trusted
Subscriber

  Reply # 1569409 10-Jun-2016 13:31
Send private message

You can list port 80 twice for different server_names, ie inside a different server block. I have around eight domains under Nginx, each in its own server, each on the same IP, each listing on 80 and 443.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2586 posts

Uber Geek
+1 received by user: 751


  Reply # 1575053 16-Jun-2016 14:33
Send private message

Finally manage to get NGINX working in front of Exchange Activesync and a second separate web server using http and https.

 

Thanks @timmmay and @darylblake for the help.


14512 posts

Uber Geek
+1 received by user: 2670

Trusted
Subscriber

  Reply # 1575072 16-Jun-2016 15:02
Send private message

Perhaps you could post your configuration, with your private information removed, to help others in future?





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2586 posts

Uber Geek
+1 received by user: 751


  Reply # 1575122 16-Jun-2016 15:56
Send private message

timmmay:

 

Perhaps you could post your configuration, with your private information removed, to help others in future?

 

 

I will, but I just discovered there is still some tweaking to be done. For some reason if you attempt to access from a web browser using the public IP or a hostname that isn't configured in one of the server blocks (but still has an A record pointing to the public IP) it is still passing he traffic to one of the internal servers (seemingly at random).

 

Would you know how to make it drop any connections that aren't requesting the specific URLs as listed in the server blocks?


14512 posts

Uber Geek
+1 received by user: 2670

Trusted
Subscriber

  Reply # 1575127 16-Jun-2016 16:03
Send private message

You need to set up a default server

 

 

 

server {

 

server_name _;

 

listen *:80 default_server deferred;

 

return 444;

 

}




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2586 posts

Uber Geek
+1 received by user: 751


  Reply # 1575133 16-Jun-2016 16:14
Send private message

timmmay:

 

You need to set up a default server

 

 

 

server {

 

server_name _;

 

listen *:80 default_server deferred;

 

return 444;

 

}

 

 

That's what I've been trying but it is not working. do i put this in the "default" file under /etc/nginx/sites-available?





 Home:                                                           Work:
Home Work


13 posts

Geek


  Reply # 1575145 16-Jun-2016 16:31
Send private message

Have a similar situation with Windows Server Essentials 2012 R2.  I use IIS ARR 3.0 as a reverse proxy through my essentials server to either Exchange or other web servers.  Pretty straight forward to set up.


14512 posts

Uber Geek
+1 received by user: 2670

Trusted
Subscriber

  Reply # 1575147 16-Jun-2016 16:33
Send private message

Paul1977:

 

That's what I've been trying but it is not working. do i put this in the "default" file under /etc/nginx/sites-available?

 

 

Yeah that would typically work. Doesn't matter which file it goes in. Make sure "default" isn't in any of the other files.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Huawei unveils the P30 series
Posted 27-Mar-2019 05:13


Kordia announces recipient of inaugural Women in Technology Scholarship
Posted 26-Mar-2019 22:48


T&G Global and Abundant Robotics show first commercial robotic apple harvester
Posted 26-Mar-2019 21:34


Amazon introduces new Kindle with adjustable front light
Posted 21-Mar-2019 20:14


A call from the companies providing internet access for the great majority of New Zealanders, to the companies with the greatest influence over social media content
Posted 19-Mar-2019 15:21


Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33


GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47


Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47


LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45


New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52


2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10


D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09


Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58


Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14


FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.