I have several ISS Webservers hosting multiple web applications on each IIS server. The do have a public certificate on each system. Every IIS has an unique IP. All IIS Server are placed in the same DMZ
I have setup an nginx System in another DMZ. My goal is, to have nginx handle all the requests to the IIS from the Internet and JUST passthrough all the SSL and certificates checking to the IIS. So as it was before nginx. I don't want to have nginx break up the certificates, or offloads them etc.
Before I try to rumble with nginx reverse proxy to get it done (since I'm not very familiar with nginx), my question would be, if this is possible?
Believe me I've googled times and times and could not find something which answers my question(s) Or maybe I'm too dumb google correctly. I've searched even for passthrough, or reverse proxy, offloading.
So far I've gathered, nginx needs probably some extra mods. Since I have a "apt-get" Installation, I don't even know how to add them.
nevermind I found the solution:
Issue:
Solution:
Steps to be done:
1. A single nginx RP should be placed on the external-DMZ.
2. Configure nginx: - Install nginx on a fully patched debian with apt-get install nginx
. At this Point you'll get Version 1.14 for nginx. Of course you may compile it too
ngx_stream_ssl_preread, ngx_stream_map, and stream
. Don't worry, they are already in the package. You may check with nginx -V
4. external DNS Configuration: - all DNS request from the Internet should point the nginx.
Eg webserver1.domain.com --> nginx webserver2.domain.com --> nginx webserver3.domain.com --> nginx
5. Configuration nginx reverse-proxy
/etc/nginx/modules-enabled
enter code here
stream {
map $ssl_preread_server_name $name {
webserver01.domain.com webserver01_backend;
webserver02.domain.com webserver02_backend;
}
upstream support_backend {
server 192.168.0.1:443; # or DNS Name
}
upstream intranet_backend {
server 192.168.0.2:443; # or DNS Name
}
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received"
"$upstream_connect_time"';
access_log /var/log/nginx/access.log basic;
error_log /var/log/nginx/error.log;
server {
listen 443;
proxy_pass $name; # Pass allrequests to the above defined variable container $name
ssl_preread on;
}
}
6. Unlink the default virtual webserver rm /etc/nginx/sites-enabled/default
7. Redirect all http traffic to https:
enter code here
server {
listen 80;
return 301 https://$host$request_uri;
}
nginx -t
systemctl reload nginx
Open up a browser and check the /var/log/nginx/access.log
while calling the webservers
Finish
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.