1

Topic: Nginx -How to redirect HTTP to another server IP and HTTPS to iRedmail

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? iRedAdmin
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I just completed a working new iRedmail server and all working fine. I also got Let's encrypt working for Roundcube Webmail and IMAP/SMTP.

Before I had port 80 forwarded to another host IP and 433 to iRedmail server. But I had to forward port 80 to iRedmail server because Let's encrypt did not work without it.

Let's encrypt domain/host is set to mail.mydomain.com and it is working fine.

Now my question is that I want forward www.mydomain.com which comes to iRedmail to another server IP on the same LAN/IP subnet. How can I achieve this with the Nginx configurations?

I see currently Nginx forward all port 80 - HTTP traffic to HTTPS and I want forward HTTP to another server IP instead.

in 00-default.conf:

# HTTP
server {
    # Listen on ipv4
    listen 80;

    # Listen on ipv6.
    # Note: this setting listens on both ipv4 and ipv6 with Nginx release
    #       shipped in some Linux/BSD distributions.
    #listen [::]:80;

    server_name _;

    # Redirect all insecure http:// requests to https://
    return 301 https://$host$request_uri;

I want to change above to forward to another server IP.

Please help on this.

Mathew

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Nginx -How to redirect HTTP to another server IP and HTTPS to iRedmail

Do i understand correctly that the Nginx on iRedMail server acts as a load-balancer for http traffic?
In this case, you need the Nginx "upstream" directive.
http://nginx.org/en/docs/http/ngx_http_ … l#upstream

Sample code (Note: i didn't test it yet, so it may not work as expected. just give you an idea):

- Create file /etc/nginx/conf-available/http_forwarder.conf with content below:

upstream http_forwarder {
    server 192.168.1.2:80;
}

Replace "192.168.1.2:80" by the server IP and port in your LAN.

- Create symbol link /etc/nginx/conf-enabled/http_forwarder.conf to /etc/nginx/conf-available/http_forwarder.conf.
- Update /etc/nginx/sites-enabled/00-default.conf, replace "return 301 https://$host$request_uri;" line by:

location ^/ {
    proxy_pass http://http_forwarder;
}

You may want to replace http:// by https:// if the server in LAN accepts only https.

3

Re: Nginx -How to redirect HTTP to another server IP and HTTPS to iRedmail

Hi Zhang,

Thank you for the reply.

I think I was not very clear in my question.

I want to do two things and I do not mind using one configuration file "00-default.conf" for simplicity.

1. When we enter "mail.mydomain.com", it should go to https:/mail.mydomain.com/mail (I do not mind /mail at the end). Here HTTP redirects to HTTPS for this domain and I need this for "certbot" to auto-renew letsencrypt certificates - it needs port 80 to work.

2. When we enter "www.mydomain.com, it should forward the this URL to external webserver on the same LAN (iRedmail server on 192.168.1.1/24 and webserevr on 192.168.1.2/24). Here iRedmail sevrer listen to port 80 and firewall has port-forward both 80 and 443 to iRedmail server and iRedmail server should only re-direct "www.mydomain.com" to 192.168.1.2.

What should be the minimum and clean change on the file "00-default.conf"?

Please let me know and even if you have not tried, I can try your suggestions.

Thanks again your reply.

Mathew


ZhangHuangbin wrote:

Do i understand correctly that the Nginx on iRedMail server acts as a load-balancer for http traffic?
In this case, you need the Nginx "upstream" directive.
http://nginx.org/en/docs/http/ngx_http_ … l#upstream

Sample code (Note: i didn't test it yet, so it may not work as expected. just give you an idea):

- Create file /etc/nginx/conf-available/http_forwarder.conf with content below:

upstream http_forwarder {
    server 192.168.1.2:80;
}

Replace "192.168.1.2:80" by the server IP and port in your LAN.

- Create symbol link /etc/nginx/conf-enabled/http_forwarder.conf to /etc/nginx/conf-available/http_forwarder.conf.
- Update /etc/nginx/sites-enabled/00-default.conf, replace "return 301 https://$host$request_uri;" line by:

location ^/ {
    proxy_pass http://http_forwarder;
}

You may want to replace http:// by https:// if the server in LAN accepts only https.

4

Re: Nginx -How to redirect HTTP to another server IP and HTTPS to iRedmail

mathewfer wrote:

1. When we enter "mail.mydomain.com", it should go to https:/mail.mydomain.com/mail (I do not mind /mail at the end). Here HTTP redirects to HTTPS for this domain and I need this for "certbot" to auto-renew letsencrypt certificates - it needs port 80 to work.

certbot works fine even you use a self-signed ssl cert, so don't worry. It's recommended to be all https.

mathewfer wrote:

2. When we enter "www.mydomain.com, it should forward the this URL to external webserver on the same LAN (iRedmail server on 192.168.1.1/24 and webserevr on 192.168.1.2/24). Here iRedmail sevrer listen to port 80 and firewall has port-forward both 80 and 443 to iRedmail server and iRedmail server should only re-direct "www.mydomain.com" to 192.168.1.2.

Try this stackoverflow post:
https://stackoverflow.com/questions/483 … conditions

You need to do some tests to make sure it works as you expected.

5

Re: Nginx -How to redirect HTTP to another server IP and HTTPS to iRedmail

Hi Zhang,

The below NGINX configuration worked - tested for web access, iRedmail webmail and Let's encrypt cert renew.

Thanks for your support - great support forum.

#
# Nginx - file name - 00-default.conf in folder "/etc/nginx/sites-available"
#
# HTTP for www.mydomain.com
server {
    # Listen on ipv4
    listen 80;

   # Redirect www.mydomain.com to 192.168.1.2
    server_name www.mydomain.com;
        location / {
                proxy_pass http://192.168.1.2:80;

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
}

# HTTP for mail.mydomain.com
server {
    # Listen on ipv4
    listen 80;

    server_name mail.mydomain.com;
    # Redirect all insecure http:// requests to https://
        return 301 https://$host$request_uri;

}


Mathew


ZhangHuangbin wrote:
mathewfer wrote:

1. When we enter "mail.mydomain.com", it should go to https:/mail.mydomain.com/mail (I do not mind /mail at the end). Here HTTP redirects to HTTPS for this domain and I need this for "certbot" to auto-renew letsencrypt certificates - it needs port 80 to work.

certbot works fine even you use a self-signed ssl cert, so don't worry. It's recommended to be all https.

mathewfer wrote:

2. When we enter "www.mydomain.com, it should forward the this URL to external webserver on the same LAN (iRedmail server on 192.168.1.1/24 and webserevr on 192.168.1.2/24). Here iRedmail sevrer listen to port 80 and firewall has port-forward both 80 and 443 to iRedmail server and iRedmail server should only re-direct "www.mydomain.com" to 192.168.1.2.

Try this stackoverflow post:
https://stackoverflow.com/questions/483 … conditions

You need to do some tests to make sure it works as you expected.