Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
14109 posts

Uber Geek
+1 received by user: 2527

Trusted
Subscriber

  Reply # 1569355 10-Jun-2016 12:29
Send private message

That config might be a good start, but isn't quite right. server_name should match the domain name, at least for port 80. If you're hosting multiple domains on one IP you'll want multiple blocks for port 80, each with a different server_name and proxy_pass. It will take some experimentation to get activesync and web serving working at the same time, but not that much.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2317 posts

Uber Geek
+1 received by user: 655


  Reply # 1569368 10-Jun-2016 12:54
Send private message

timmmay:server_name should match the domain name, at least for port 80. If you're hosting multiple domains on one IP you'll want multiple blocks for port 80, each with a different server_name and proxy_pass.

 

 

Well, Ubuntu and Nginx are installed but now I'm a little stuck on the specific of the config file and how to achieve what you suggest above.

 

Let's assume the following basic scenario where our external IP is 1.2.3.4; keeping it simple with just port 80 for now:

 

 

 

External A Records:

 

mail.company.com     1.2.3.4

 

portal.company.com   1.2.3.4

 

 

 

HTTP requests for mail.company.com should go to internal server 10.0.0.1

 

HTTP requests for portal.company.com should go to internal server 10.0.0.2

 

 

 

What is the correct syntax to do this?

 

Thanks


911 posts

Ultimate Geek
+1 received by user: 276

Trusted

  Reply # 1569370 10-Jun-2016 12:58
Send private message

Yeh Timmay is right if you name virutal hosts. Which means you can essentially have 2 things on the same port and do different stuff with it. Which is pretty cool. 

 

That config might have a few hic-ups in it. I bashed it together in about 3-4 minutes. 

 

Heres what I mean, suppose I have two wordpress sites. blah.co.nz and blah2.co.nz

 

server_name blah.co.nz www.blah.co.nz;
root /var/www/blah;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}

 

Then for another website I can have 

 

server_name blah2.co.nz www.blah2.co.nz;
root /var/www/blah2;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}

 

I still think purchasing more IP addresses will be a better solution. I think my company charges approximately $5/mth +GST per IP. So for a /29 it would be $40+GST a month. You will be able to use 6 addresses.






14109 posts

Uber Geek
+1 received by user: 2527

Trusted
Subscriber

  Reply # 1569389 10-Jun-2016 13:10
Send private message

Something like this. There are a whole bunch more directives you might need for your location that modify how things work.

 

 

 

server {
  server_name mail.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.1;
  }
}

 


server {
  server_name portal.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.2;
  }
}

 

 

 

The config Daryl is posting is more of a reverse proxy for a php based site than what you've said you need.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2317 posts

Uber Geek
+1 received by user: 655


  Reply # 1569394 10-Jun-2016 13:17
Send private message

timmmay:

 

Something like this. There are a whole bunch more directives you might need for your location that modify how things work.

 

 

 

server {
  server_name mail.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.1;
  }
}

 


server {
  server_name portal.company.com;

 

  listen 80;

  location / {
    proxy_pass http://127.0.0.2;
  }
}

 

 

 

The config Daryl is posting is more of a reverse proxy for a php based site than what you've said you need.

 

 

Thanks, that's looks a little more my speed!


911 posts

Ultimate Geek
+1 received by user: 276

Trusted

  Reply # 1569403 10-Jun-2016 13:23
Send private message

Thanks Timmay,

Yeh I have tried to explain it easily in this image. Also you cant have listen 80 twice. It will poo the bed.

 

Click to see full size








2317 posts

Uber Geek
+1 received by user: 655


  Reply # 1569405 10-Jun-2016 13:26
Send private message

darylblake:

 

Thanks Timmay,

Yeh I have tried to explain it easily in this image. Also you cant have listen 80 twice. It will poo the bed.

 

Click to see full size

 

 

Thanks Daryl,

 

I'll have a bit of a play and see what I can make work, appreciate the help.


14109 posts

Uber Geek
+1 received by user: 2527

Trusted
Subscriber

  Reply # 1569409 10-Jun-2016 13:31
Send private message

You can list port 80 twice for different server_names, ie inside a different server block. I have around eight domains under Nginx, each in its own server, each on the same IP, each listing on 80 and 443.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2317 posts

Uber Geek
+1 received by user: 655


  Reply # 1575053 16-Jun-2016 14:33
Send private message

Finally manage to get NGINX working in front of Exchange Activesync and a second separate web server using http and https.

 

Thanks @timmmay and @darylblake for the help.


14109 posts

Uber Geek
+1 received by user: 2527

Trusted
Subscriber

  Reply # 1575072 16-Jun-2016 15:02
Send private message

Perhaps you could post your configuration, with your private information removed, to help others in future?





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2317 posts

Uber Geek
+1 received by user: 655


  Reply # 1575122 16-Jun-2016 15:56
Send private message

timmmay:

 

Perhaps you could post your configuration, with your private information removed, to help others in future?

 

 

I will, but I just discovered there is still some tweaking to be done. For some reason if you attempt to access from a web browser using the public IP or a hostname that isn't configured in one of the server blocks (but still has an A record pointing to the public IP) it is still passing he traffic to one of the internal servers (seemingly at random).

 

Would you know how to make it drop any connections that aren't requesting the specific URLs as listed in the server blocks?


14109 posts

Uber Geek
+1 received by user: 2527

Trusted
Subscriber

  Reply # 1575127 16-Jun-2016 16:03
Send private message

You need to set up a default server

 

 

 

server {

 

server_name _;

 

listen *:80 default_server deferred;

 

return 444;

 

}




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




2317 posts

Uber Geek
+1 received by user: 655


  Reply # 1575133 16-Jun-2016 16:14
Send private message

timmmay:

 

You need to set up a default server

 

 

 

server {

 

server_name _;

 

listen *:80 default_server deferred;

 

return 444;

 

}

 

 

That's what I've been trying but it is not working. do i put this in the "default" file under /etc/nginx/sites-available?





 Home:                                                           Work:
Home Work


12 posts

Geek


  Reply # 1575145 16-Jun-2016 16:31
Send private message

Have a similar situation with Windows Server Essentials 2012 R2.  I use IIS ARR 3.0 as a reverse proxy through my essentials server to either Exchange or other web servers.  Pretty straight forward to set up.


14109 posts

Uber Geek
+1 received by user: 2527

Trusted
Subscriber

  Reply # 1575147 16-Jun-2016 16:33
Send private message

Paul1977:

 

That's what I've been trying but it is not working. do i put this in the "default" file under /etc/nginx/sites-available?

 

 

Yeah that would typically work. Doesn't matter which file it goes in. Make sure "default" isn't in any of the other files.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.