34 lines
1.8 KiB
Markdown
34 lines
1.8 KiB
Markdown
This file documents my troubleshooting methodology for configuring nginx to reverse proxy https traffic, and reverse proxy non https traffic on tcp/443.
|
|
|
|
## Context
|
|
I have an OpenVPN server set up on a Raspberry Pi (`192.168.0.2`) listening on TCP/443 so that it's able to function on most networks. There are enough clients configured that I do not want to remake the server, then update config files for all the clients, and so on.
|
|
|
|
I have a Debian VM running on `192.168.0.6` that runs an "nginx hub" that I'd like to proxy all web-ish traffic out of my network with. It's currently handling at least one http(s) service running from that same VM, and will probably handle more.
|
|
|
|
Given I only have one external IP, I want the ability to handle both OpenVPN traffic and https traffic on port TCP/443. I know it's possible to reverse proxy raw TCP traffic, and it's apparently possible to reverse proxy openvpn traffic through nginx.
|
|
|
|
## Troubleshooting
|
|
|
|
Right now, it appears that I can't do that with one IP because that would require two separate nginx components listening on the same port, or that's what I ascertained from the logs.
|
|
|
|
I modified `/etc/nginx/nginx.conf` to include this block underneath the `http` block:
|
|
```nginx
|
|
stream {
|
|
server {
|
|
listen 443;
|
|
proxy_pass 192.168.0.2:443;
|
|
}
|
|
}
|
|
```
|
|
|
|
When trying to start with that change applied, I got the error:
|
|
```
|
|
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
|
|
```
|
|
## IP Aliasing
|
|
Hoping in vain that nginx would somehow be able to request the provided IP from the DHCP server and listen to it with no other config, I modified the `listen` directive from `listen 443;` to `listen 192.168.0.8:443;`. This resulted in the below error:
|
|
```
|
|
nginx: [emerg] bind() to 192.168.0.8:443 failed (99: Cannot assign requested address)
|
|
```
|
|
|