Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
13919 posts

Uber Geek
+1 received by user: 2471

Trusted
Subscriber

  Reply # 1569355 10-Jun-2016 12:29
Send private message

That config might be a good start, but isn't quite right. server_name should match the domain name, at least for port 80. If you're hosting multiple domains on one IP you'll want multiple blocks for port 80, each with a different server_name and proxy_pass. It will take some experimentation to get activesync and web serving working at the same time, but not that much.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2157 posts

Uber Geek
+1 received by user: 618


  Reply # 1569368 10-Jun-2016 12:54
Send private message

timmmay:server_name should match the domain name, at least for port 80. If you're hosting multiple domains on one IP you'll want multiple blocks for port 80, each with a different server_name and proxy_pass.

 

 

Well, Ubuntu and Nginx are installed but now I'm a little stuck on the specific of the config file and how to achieve what you suggest above.

 

Let's assume the following basic scenario where our external IP is 1.2.3.4; keeping it simple with just port 80 for now:

 

 

 

External A Records:

 

mail.company.com     1.2.3.4

 

portal.company.com   1.2.3.4

 

 

 

HTTP requests for mail.company.com should go to internal server 10.0.0.1

 

HTTP requests for portal.company.com should go to internal server 10.0.0.2

 

 

 

What is the correct syntax to do this?

 

Thanks


892 posts

Ultimate Geek
+1 received by user: 268

Trusted

  Reply # 1569370 10-Jun-2016 12:58
Send private message

Yeh Timmay is right if you name virutal hosts. Which means you can essentially have 2 things on the same port and do different stuff with it. Which is pretty cool. 

 

That config might have a few hic-ups in it. I bashed it together in about 3-4 minutes. 

 

Heres what I mean, suppose I have two wordpress sites. blah.co.nz and blah2.co.nz

 

server_name blah.co.nz www.blah.co.nz;
root /var/www/blah;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}

 

Then for another website I can have 

 

server_name blah2.co.nz www.blah2.co.nz;
root /var/www/blah2;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}

 

I still think purchasing more IP addresses will be a better solution. I think my company charges approximately $5/mth +GST per IP. So for a /29 it would be $40+GST a month. You will be able to use 6 addresses.






13919 posts

Uber Geek
+1 received by user: 2471

Trusted
Subscriber

  Reply # 1569389 10-Jun-2016 13:10
Send private message

Something like this. There are a whole bunch more directives you might need for your location that modify how things work.

 

 

 

server {
  server_name mail.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.1;
  }
}

 


server {
  server_name portal.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.2;
  }
}

 

 

 

The config Daryl is posting is more of a reverse proxy for a php based site than what you've said you need.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2157 posts

Uber Geek
+1 received by user: 618


  Reply # 1569394 10-Jun-2016 13:17
Send private message

timmmay:

 

Something like this. There are a whole bunch more directives you might need for your location that modify how things work.

 

 

 

server {
  server_name mail.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.1;
  }
}

 


server {
  server_name portal.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.2;
  }
}

 

 

 

The config Daryl is posting is more of a reverse proxy for a php based site than what you've said you need.

 

 

Thanks, that's looks a little more my speed!


892 posts

Ultimate Geek
+1 received by user: 268

Trusted

  Reply # 1569403 10-Jun-2016 13:23
Send private message

Thanks Timmay,

Yeh I have tried to explain it easily in this image. Also you cant have listen 80 twice. It will poo the bed.

 

Click to see full size








2157 posts

Uber Geek
+1 received by user: 618


  Reply # 1569405 10-Jun-2016 13:26
Send private message

darylblake:

 

Thanks Timmay,

Yeh I have tried to explain it easily in this image. Also you cant have listen 80 twice. It will poo the bed.

 

Click to see full size

 

 

Thanks Daryl,

 

I'll have a bit of a play and see what I can make work, appreciate the help.


13919 posts

Uber Geek
+1 received by user: 2471

Trusted
Subscriber

  Reply # 1569409 10-Jun-2016 13:31
Send private message

You can list port 80 twice for different server_names, ie inside a different server block. I have around eight domains under Nginx, each in its own server, each on the same IP, each listing on 80 and 443.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2157 posts

Uber Geek
+1 received by user: 618


  Reply # 1575053 16-Jun-2016 14:33
Send private message

Finally manage to get NGINX working in front of Exchange Activesync and a second separate web server using http and https.

 

Thanks @timmmay and @darylblake for the help.


13919 posts

Uber Geek
+1 received by user: 2471

Trusted
Subscriber

  Reply # 1575072 16-Jun-2016 15:02
Send private message

Perhaps you could post your configuration, with your private information removed, to help others in future?





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2157 posts

Uber Geek
+1 received by user: 618


  Reply # 1575122 16-Jun-2016 15:56
Send private message

timmmay:

 

Perhaps you could post your configuration, with your private information removed, to help others in future?

 

 

I will, but I just discovered there is still some tweaking to be done. For some reason if you attempt to access from a web browser using the public IP or a hostname that isn't configured in one of the server blocks (but still has an A record pointing to the public IP) it is still passing he traffic to one of the internal servers (seemingly at random).

 

Would you know how to make it drop any connections that aren't requesting the specific URLs as listed in the server blocks?


13919 posts

Uber Geek
+1 received by user: 2471

Trusted
Subscriber

  Reply # 1575127 16-Jun-2016 16:03
Send private message

You need to set up a default server

 

 

 

server {

 

server_name _;

 

listen *:80 default_server deferred;

 

return 444;

 

}




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2157 posts

Uber Geek
+1 received by user: 618


  Reply # 1575133 16-Jun-2016 16:14
Send private message

timmmay:

 

You need to set up a default server

 

 

 

server {

 

server_name _;

 

listen *:80 default_server deferred;

 

return 444;

 

}

 

 

That's what I've been trying but it is not working. do i put this in the "default" file under /etc/nginx/sites-available?





  Home:                                                      Work:
Home Work


12 posts

Geek


  Reply # 1575145 16-Jun-2016 16:31
Send private message

Have a similar situation with Windows Server Essentials 2012 R2.  I use IIS ARR 3.0 as a reverse proxy through my essentials server to either Exchange or other web servers.  Pretty straight forward to set up.


13919 posts

Uber Geek
+1 received by user: 2471

Trusted
Subscriber

  Reply # 1575147 16-Jun-2016 16:33
Send private message

Paul1977:

 

That's what I've been trying but it is not working. do i put this in the "default" file under /etc/nginx/sites-available?

 

 

Yeah that would typically work. Doesn't matter which file it goes in. Make sure "default" isn't in any of the other files.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.