nginx reverse proxy

Post Reply
sergtech
Posts: 3
Joined: Tue Jun 23, 2020 5:48 am

I have a problem, and maybe there is a better solution than the one I built.

The use case: I use myVesta (and vestacp) sometimes as a nginx reverse proxy (to another site hosted elsewhere). In order to do this, I manually edit the file /home/$username/admin/conf/$domain.nginx.ssl.conf so that nginx does what it needs to (additional custom listening ports, replacing files on the run, etc...)

The problem: when the letsencrypt cert gets updated, the nginx config file gets overwritten, therefore all the custom config goes. Same thing happened when I did an upgrade using apt, as well as when I migrated servers (using backup/restore).

My (dirty) solution: I modified the v-add-letsencrypt-domain script so that it copies back my custom config file when the cert gets updated (and of course I am very careful now when I run apt-get distupgrade).

Is there a better solution to prevent this file (/home/$username/admin/conf/$domain.nginx.ssl.conf) from being (auto-generated) overwritten?

Comment: I understand that the answer may very well be "NO" because there are reasons why this file is re-created, but just wanted to check.
Thank you :-)
Top
User avatar
myVesta
Site Admin
Posts: 963
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 10 times
Been thanked: 6 times

Very simple answer: create your own nginx template that have your desired IP.

- go to /usr/local/vesta/data/templates/web/nginx folder
- take for example hosting.tpl and hosting.stpl
- copy it as myhosting.tpl and myhosting.stpl
- edit IP inside that tpl
- put myhosting nginx template to your domain

Also, maybe you want tpl that does only reverse proxy, here it is:

Code: Select all

http://dl.myvestacp.com/vesta/vesta-cp-nginx-tpl/fwd-http2/forward.tpl
http://dl.myvestacp.com/vesta/vesta-cp-nginx-tpl/fwd-http2/forward.stpl
Just replace FORWARDTO to desired IP.
Top
sergtech
Posts: 3
Joined: Tue Jun 23, 2020 5:48 am

Thanks for the idea. I hadn't considered using the templating system because each reverse proxy instance would require it's own, but it likely would be the best long term solution. :-)
S
Top
User avatar
myVesta
Site Admin
Posts: 963
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 10 times
Been thanked: 6 times

sergtech wrote: Sun Jun 28, 2020 6:45 am Thanks for the idea. I hadn't considered using the templating system because each reverse proxy instance would require it's own, but it likely would be the best long term solution. :-)
S
Then:

Code: Select all

wget -nv -O /usr/local/vesta/data/templates/web/nginx/forward.sh http://dl.myvestacp.com/vesta/vesta-cp-nginx-tpl/fwd-http2/forward.sh
wget -nv -O /usr/local/vesta/data/templates/web/nginx/forward.tpl http://dl.myvestacp.com/vesta/vesta-cp-nginx-tpl/fwd-http2/forward.tpl
wget -nv -O /usr/local/vesta/data/templates/web/nginx/forward.stpl http://dl.myvestacp.com/vesta/vesta-cp-nginx-tpl/fwd-http2/forward.stpl
chmod a+x /usr/local/vesta/data/templates/web/nginx/forward.sh

user='your-vesta-user' # enter
domain='your-domain.com' # enter
newip='xxx.xxx.xxx.xxx' #  enter

echo "$newip" > /home/$user/conf/web/forward-all.txt
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" 'forward' 'txt' 'yes'
If all domains goes to the same IP, you can set it globaly instead of per account:

Code: Select all

echo "$newip" > /home/forward-all.txt
And last 'yes' is to restart nginx after each domain, so it can be 'no' and then restart manuly.

Foreach loop for all domains:

Code: Select all

    echo "$newip" > /home/forward-all.txt
    for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
        if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
            continue;
        fi
        for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
            /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" 'forward' 'txt' 'no'
            echo "=== Redirected: $domain"
        done
    done
    service nginx reload
Top
absolutemusik
Posts: 14
Joined: Wed Feb 03, 2021 10:01 am

I can't really understand the above coding.
Actually, my case is having multiple domain like:
demo.abc.com -> http://192.168.1.3:8080/abc
helo.def.com -> https://192.168.1.5

I am thinking that I may have multiple tpl files like the examples below. Is it a good idea or a smarter way?

File 1: abc.com.tpl
server {
listen 443;
server_name demo.abc.com;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

location / {
proxy_pass http://192.168.1.3:8080/abc/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
}
}
File 2: helo.def.com
server {
listen 443;
server_name helo.def.com;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

location / {
proxy_pass https://192.168.1.5;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
}
}
Top
Post Reply

Return to “General discussion”