notes/IT/Making nginx forward VPN and https traffic on tcp 443.md

This file documents my troubleshooting methodology for configuring nginx to reverse proxy https traffic, and reverse proxy non https traffic on tcp/443.

## Context
I have an OpenVPN server set up on a Raspberry Pi (`192.168.0.2`) listening on TCP/443 so that it's able to function on most networks. There are enough clients configured that I do not want to remake the server, then update config files for all the clients, and so on.

I have a Debian VM running on `192.168.0.6` that runs an "nginx hub" that I'd like to proxy all web-ish traffic out of my network with. It's currently handling at least one http(s) service running from that same VM, and will probably handle more.

Given I only have one external IP, I want the ability to handle both OpenVPN traffic and https traffic on port TCP/443. I know it's possible to reverse proxy raw t


Right now, it appears that I can't do that with one IP because that would require two separate nginx components listening on the same port, or that's what I ascertained from the logs.

I modified `/etc/nginx/nginx.conf` to include this block underneath the `http` block:
```nginx
stream {
	server {
		listen 443;
		proxy_pass 192.168.0.2:443;
	}
}
```

When trying to start with that change applied, I got the error:
```
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
```
## IP Aliasing
vault backup: 2024-05-19 09:41:53 2024-05-19 15:41:53 +00:00			`This file documents my troubleshooting methodology for configuring nginx to reverse proxy https traffic, and reverse proxy non https traffic on tcp/443.`

vault backup: 2024-05-19 09:47:53 2024-05-19 15:47:53 +00:00			`## Context`
vault backup: 2024-05-19 09:50:53 2024-05-19 15:50:53 +00:00			I have an OpenVPN server set up on a Raspberry Pi (`192.168.0.2`) listening on TCP/443 so that it's able to function on most networks. There are enough clients configured that I do not want to remake the server, then update config files for all the clients, and so on.

vault backup: 2024-05-19 09:52:53 2024-05-19 15:52:53 +00:00			I have a Debian VM running on `192.168.0.6` that runs an "nginx hub" that I'd like to proxy all web-ish traffic out of my network with. It's currently handling at least one http(s) service running from that same VM, and will probably handle more.
vault backup: 2024-05-19 09:47:53 2024-05-19 15:47:53 +00:00
vault backup: 2024-05-19 09:53:53 2024-05-19 15:53:53 +00:00			`Given I only have one external IP, I want the ability to handle both OpenVPN traffic and https traffic on port TCP/443. I know it's possible to reverse proxy raw t`


vault backup: 2024-05-19 09:47:53 2024-05-19 15:47:53 +00:00
vault backup: 2024-05-19 09:43:53 2024-05-19 15:43:53 +00:00			`Right now, it appears that I can't do that with one IP because that would require two separate nginx components listening on the same port, or that's what I ascertained from the logs.`

vault backup: 2024-05-19 09:44:53 2024-05-19 15:44:53 +00:00			I modified `/etc/nginx/nginx.conf` to include this block underneath the `http` block:
			```nginx
vault backup: 2024-05-19 09:46:53 2024-05-19 15:46:53 +00:00			`stream {`
			`server {`
			`listen 443;`
			`proxy_pass 192.168.0.2:443;`
			`}`
			`}`
vault backup: 2024-05-19 09:44:53 2024-05-19 15:44:53 +00:00			```
vault backup: 2024-05-19 09:43:53 2024-05-19 15:43:53 +00:00
vault backup: 2024-05-19 09:47:53 2024-05-19 15:47:53 +00:00			`When trying to start with that change applied, I got the error:`
			```
			`nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)`
			```
vault backup: 2024-05-19 09:41:53 2024-05-19 15:41:53 +00:00			`## IP Aliasing`