Вопросы Теги

Multiple Web Applications - Same VM vs Multiple VMs

Firstly, I am more of a dev than admin. I asked the same question here. But please let me know if there is a better place to ask this question.

Here's my situation. I have an application that is built to run on linux. It serves both https (on port 443 using nginx) and ssh (on port 22). But due to organizational restrictions, I am forced to run it on a windows host with a linux guest using virtual box. Also, there is another web application on the host box; both these web applications should be served based on the URL (example: app1.com, app2.com). URLs need to be preserved. All ssh traffic can default to guest.

One idea I have to make this work is below, and I would like to know if I am making this more complicated than it should be. Any help is appreciated.

Steps:

  1. Use an unused port for https (say 8443) on my host and redirect all traffic to the guest. Use NAT based port forwarding (8443 -> 443, 22 -> 22) in Virtualbox.
  2. The only thing left would be to setup another nginx on the host as a reverse proxy. Set up virtual hosts on windows (/etc/hosts) and have the two IP and URL entries (app1.com and app2.com). Use a separate nginx on the host as a reverse proxy to redirect app1 traffic to the web app on the host and app2 traffic to 8443.

Questions:

  1. Can I avoid the extra nginx reverse proxy on the host while preserving the URL?
  2. Also what about ssl. Can I just set up https on the host and route it to port 80 on guest and avoid having two certs? Note: I am using NAT in Virtualbox, so there should not be any security issues I guess.
0
задан 23 May 2017 в 15:41
1 ответ

Это описано в документации Nginx или любое руководство по Nginx . Nginx будет связываться с любым требуемым портом, используя SNI, он будет отправлять запросы для разных доменов в разные серверные блоки / вышестоящие приложения, используя proxy_pass ( пример ). Просто определите блок сервера в Nginx для каждого домена.

Если вы хотите использовать SSL, попробуйте мой учебник по Let's Encrypt , но приложения должны быть общедоступными. для этого.

Чтобы ответить на ваши вопросы.

  1. Одного экземпляра Nginx должно быть достаточно. Он может прослушивать любой порт на предмет конкретных запросов домена и передавать запросы на любой порт.
  2. Да.

Пример конфигурации ниже. 

server {
  server_name app1.com;
  listen 80; // add other listeners required 
  location {
    // Insert proxy_pass and related statements
  }
}

server {
  server_name app2.com;
  listen 80; // add other listeners required 
  location {
    // Insert proxy_pass and related statements
  }
}

// Example of forwarding
server {
  server_name www.app1.com;
  listen 80;
  return 301 https://app1.com$request_uri;
}

// Example of SSL
server {
  listen 443 ssl;
  server_name app1.com;

  ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
  ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;

  // Insert a location here and remove the 301 to server on SSL
  return 301 https://www.example.com$request_uri;
}
2
ответ дан 4 December 2019 в 13:35

Теги

Похожие вопросы