1

Topic: Another Nginx reverse proxy question

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.2
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version: Ubuntu server 18.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?  No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I did quite a bit of searching on what I need, and found some broken links, so thought I would ask.  I have iRedMail up and running fine, no issues at all.

I was hoping I could setup a reverse proxy server block in the Nginx config.  I have another server that hosts a CCTV interface (shinobi) and was hoping I could reverse proxy to it from Nginx, so I only need to port forward to the iRedMail host.

From what I gathered on my searches, it appears I just need to add a server block to the nginx config, with something like this:


server {

       listen         443 ssl;
       server_name    mail.mydomain.com/cctv;

        location /cctv {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://192.168.1.245:8080;
}

I think a proxy.conf may be needed as well.
Do we add this server block to the 00-default-ssl.conf, or do I create a new .conf file and place it in the sites-available and Nginx will pick it up?   One user posted a link to another site giving the detail settings of reverse proxy, but the link went to some malware redirect, so I came to a dead end.  Any advice or where I can look for examples would be a huge help. Most of my load balancer/reverse proxy experience is with kemp appliances, so I am pretty green with Nginx.  Thanks in advance,  I have no errors to provide as iRedMail is working flawlessly.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Another Nginx reverse proxy question

- "server_name" must not contain URI parts. Please fix it.
- What's the error when you visit /cctv?

3

Re: Another Nginx reverse proxy question

ZhangHuangbin wrote:

- "server_name" must not contain URI parts. Please fix it.
- What's the error when you visit /cctv?

Thank you Zhang
Ok, I will try this later today and see what shakes out.

# Test server block
server {

       listen         443 ssl;
       server_name    www.mydomain.com/;
      
       proxy_pass http://192.168.1.245:8080;
}
location /cctv/ {

        proxy_pass http://192.168.1.245:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
}

I know I have to change the baseurl value in a json file within the shinobi server as well, so once I make these changes I will report back,  After I buy someone a coffee.

4

Re: Another Nginx reverse proxy question

I know this will cost me another coffee,  but just testing my logic as I dive into Nginx,  if we wanted to test loading a splash page (just the default Nginx page), from my digging, it looks like I can add a server block like this:

# HTTPS
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.mydomain.com;

    root /var/www/html;
    index.nginx-debian.html;
   
}

I plan to test this later today as well. This is really just to test my logic on using Nginx for web hosting,  not so much proxy needs, I plan to use this test webpage for using certbot. Thanks again for the support!

5

Re: Another Nginx reverse proxy question

Update,  I think I am struggling with the syntax,  no matter how simple I make my .conf file, it always fails the configtest. 

adm1@mail:/etc/nginx/sites-available# sudo service nginx configtest
* Testing nginx configuration                                           [fail]
adm1@mail:/etc/nginx/sites-available#

Fighting with syntax, I took another route, just a basic server block to try to load the default nginx splash page:

# HTTPS
server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name www.mydomain.com;

        root /var/www/html;
        index.nginx-debian.html;
}


With nginx -t I get:
adm1@mail:/etc/nginx/sites-available# nginx -t
nginx: [emerg] unknown directive "index.nginx-debian.html" in /etc/nginx/sites-enabled/03-default.conf:8

When I run that command on my original .conf file with just the proxy_pass to the shinobi server I get:

nginx: [warn] server name "www.mydomain.com/" has suspicious symbols in /etc/nginx/sites-enabled/03-default.conf:5
nginx: [emerg] "proxy_pass" directive is not allowed here in /etc/nginx/sites-enabled/03-default.conf:6
nginx: configuration file /etc/nginx/nginx.conf test failed

So I will keep at it, just going to try to write an extremely basic conf file and see if I can get anything to pass the config test.

6 (edited by derek1776 2021-12-05 02:08:59)

Re: Another Nginx reverse proxy question

Update 2:

I am making progress  (I think)

I managed to get a static page to load, and I think I am getting the syntax down, albeit slowly.

With this (see below) .conf file, I now get the static page to load when I enter in https://www.mydomain.com/index.nginx-debian.html this loads the default splash page. 


Testing the shinobi block, when I browse to https://mail.mydomain.com/cctv I just get a blank screen,  this feels like progress after only getting 404 errors when using 'www.mydomain.com;' for server name. 


Here is what I am working with at the moment.  Trying to get it to just load the static page, rather than have to enter in the html file to the url.

I may have to start all over with this, as now the mail.mydomain.com/mail no longer works, gives me a 404 error.  So I get the feeling my test .conf is messing up the iRedMail configuration. 

# Shinobi server
server {

        listen          443 ssl;
        server_name     mail.myserver.com;

location /cctv/ {

        proxy_pass http://192.168.1.245:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        }
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.mydomain.com;

location / {
    root /var/www/html;
#    index.nginx-debian.html;
   }
}


At the end of this I am hoping I can get nginx to serve up;

Roundcube webmail @ mail.mydomain.com/mail  (was working fine till I broke it!)
A static webpage @ www.mydomain.com
Shinobi web interface @ www.mydomain.com/cctv

At the moment trying to absorb http://nginx.org/en/docs/beginners_guide.html#static
as it has been a big help on syntax.

7

Re: Another Nginx reverse proxy question

I have the static page loading as expected now.  Needed to move the index.nginx-debian.html file to a new directory in /var/www/static and renamed it to index.html, loads as expected now.

On the shinobi proxy_pass, I need to change the conf.json file and add the baseurl value to get it to load with success I think. Right now I get an error "Cannot GET /cctv/" when I try to load mydomain.com/cctv.

Shinobi server
server {

        listen          443 ssl;
        server_name     mydomain.com;

location /cctv/ {

        proxy_pass http://192.168.1.245:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        }
}
# static page
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.mydomain.com;

location / {
    root /var/www/html/static;
   }
}