notes/IT/Making nginx forward VPN and https traffic on tcp 443.md

This file documents my troubleshooting methodology for configuring nginx to reverse proxy https traffic, and reverse proxy non https traffic on tcp/443.

## Context
I have an OpenVPN server set up on a Raspberry Pi (`192.168.0.2`) listening on TCP/443 so that it's able to function on most networks. There are enough clients configured that I do not want to remake the server, then update config files for all the clients, and so on.

I have a Debian VM running on `192.168.0.6` that runs an "nginx hub" that i'd like to proxy all web-ish traffic out of 

I would like to serve https traffic from a server (`192.168.0.6`)


Right now, it appears that I can't do that with one IP because that would require two separate nginx components listening on the same port, or that's what I ascertained from the logs.

I modified `/etc/nginx/nginx.conf` to include this block underneath the `http` block:
```nginx
stream {
	server {
		listen 443;
		proxy_pass 192.168.0.2:443;
	}
}
```

When trying to start with that change applied, I got the error:
```
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
```
## IP Aliasing
vault backup: 2024-05-19 09:41:53 2024-05-19 15:41:53 +00:00			`This file documents my troubleshooting methodology for configuring nginx to reverse proxy https traffic, and reverse proxy non https traffic on tcp/443.`

vault backup: 2024-05-19 09:47:53 2024-05-19 15:47:53 +00:00			`## Context`
vault backup: 2024-05-19 09:50:53 2024-05-19 15:50:53 +00:00			I have an OpenVPN server set up on a Raspberry Pi (`192.168.0.2`) listening on TCP/443 so that it's able to function on most networks. There are enough clients configured that I do not want to remake the server, then update config files for all the clients, and so on.

			I have a Debian VM running on `192.168.0.6` that runs an "nginx hub" that i'd like to proxy all web-ish traffic out of
vault backup: 2024-05-19 09:48:53 2024-05-19 15:48:53 +00:00
			I would like to serve https traffic from a server (`192.168.0.6`)
vault backup: 2024-05-19 09:47:53 2024-05-19 15:47:53 +00:00

vault backup: 2024-05-19 09:43:53 2024-05-19 15:43:53 +00:00			`Right now, it appears that I can't do that with one IP because that would require two separate nginx components listening on the same port, or that's what I ascertained from the logs.`

vault backup: 2024-05-19 09:44:53 2024-05-19 15:44:53 +00:00			I modified `/etc/nginx/nginx.conf` to include this block underneath the `http` block:
			```nginx
vault backup: 2024-05-19 09:46:53 2024-05-19 15:46:53 +00:00			`stream {`
			`server {`
			`listen 443;`
			`proxy_pass 192.168.0.2:443;`
			`}`
			`}`
vault backup: 2024-05-19 09:44:53 2024-05-19 15:44:53 +00:00			```
vault backup: 2024-05-19 09:43:53 2024-05-19 15:43:53 +00:00
vault backup: 2024-05-19 09:47:53 2024-05-19 15:47:53 +00:00			`When trying to start with that change applied, I got the error:`
			```
			`nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)`
			```
vault backup: 2024-05-19 09:41:53 2024-05-19 15:41:53 +00:00			`## IP Aliasing`