Forwarding HTTPS to VM's HTTPS...
Miguel C
miguelmclara at gmail.com
Tue Feb 16 13:14:55 UTC 2016
On Tue, Feb 16, 2016 at 1:14 PM, Miguel C <miguelmclara at gmail.com> wrote:
> I have similar setups with freebsd jails... usually one the jails is a
> 'frontend proxy server' which I'm guessing is what you're aiming at but
> with linux containers....
>
> Make sure the firewall allow traffic from the frontend to backends which
> could be other nginx servers or just php-fpm it self depending on the
> setup, but all you really need is to use proxy_pass.
>
> Since you want HTTPS you need to have the certificates config in the
> frontend, regardless if the connection to the backends is also encrypted or
> not.
>
>
> A simple example assuming one VM(LXC) as php-fpm running you could just
> setup the frontend as you would normally do just use:
>
> fastcgi_pass CONTAINER_IP:FPM_PORT
>
>
> Another scenario is ofc you have nginx running in the LXC container which
> is already "fastcgi_passing" to php, in this case you would use proxy_pass
> to the backend niginx, IE:
>
> server {
> listen IP:443;
> server_name expemple.org;
>
> ssl on;
> ssl_certificate /usr/local/etc/nginx/ssl/site.crt;
> ssl_certificate_key /usr/local/etc/nginx/ssl/site.key;
>
> location / {
> proxy_pass http://lxc_nginx;
> }
> }
>
> upstream lxc_nginx {
> server 10.221.186.23:80; <<<< --- Note that in this case the
> connection from frontend to the nginx container is not encrypted, but you
> can use 443 here as long as the backup as the proper ssl config
> (ssl_certificate and key)
> }
>
> NOTE: 10.221.186.23:80 <http://10.221.186.23/>; is ofc an example IP
> (you're container IP)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160216/4d6d804d/attachment.html>
More information about the nginx
mailing list