Firstly, I am more of a dev than admin. I asked the same question here. But please let me know if there is a better place to ask this question.
Here's my situation. I have an application that is built to run on linux. It serves both https (on port 443 using nginx) and ssh (on port 22). But due to organizational restrictions, I am forced to run it on a windows host with a linux guest using virtual box. Also, there is another web application on the host box; both these web applications should be served based on the URL (example: app1.com, app2.com). URLs need to be preserved. All ssh traffic can default to guest.
One idea I have to make this work is below, and I would like to know if I am making this more complicated than it should be. Any help is appreciated.
Steps:
Questions:
- Can I avoid the extra nginx reverse proxy on the host while preserving the URL?
- Also what about ssl. Can I just set up https on the host and route it to port 80 on guest and avoid having two certs? Note: I am using NAT in Virtualbox, so there should not be any security issues I guess.
Это описано в документации Nginx или любое руководство по Nginx . Nginx будет связываться с любым требуемым портом, используя SNI, он будет отправлять запросы для разных доменов в разные серверные блоки / вышестоящие приложения, используя proxy_pass ( пример ). Просто определите блок сервера в Nginx для каждого домена.
Если вы хотите использовать SSL, попробуйте мой учебник по Let's Encrypt , но приложения должны быть общедоступными. для этого.
Чтобы ответить на ваши вопросы.
Пример конфигурации ниже.
server {
server_name app1.com;
listen 80; // add other listeners required
location {
// Insert proxy_pass and related statements
}
}
server {
server_name app2.com;
listen 80; // add other listeners required
location {
// Insert proxy_pass and related statements
}
}
// Example of forwarding
server {
server_name www.app1.com;
listen 80;
return 301 https://app1.com$request_uri;
}
// Example of SSL
server {
listen 443 ssl;
server_name app1.com;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
// Insert a location here and remove the 301 to server on SSL
return 301 https://www.example.com$request_uri;
}