K\u00fcrzlich erreichte uns eine Erfolgsmeldung: ein Administrator hat erfolgreich _VOR_ dem Access Portal einen NGINX-Reverse-Proxy in Betrieb genommen.<\/p>\n
<\/p>\n
Setup:<\/p>\n
F\u00fcr den NGINX wird das Modul “ngingx-extras” ben\u00f6tigt.<\/p>\n
Anbei noch der Config-Ausschnitt aus dem NGINX:<\/p>\n
server {\r\n listen *:80;\r\n server_name servername.firma.de;\r\n if ($host = servername.firma.de) {\r\n return 301 https:\/\/$host$request_uri\/;\r\n }\r\n return 404; # managed by Certbot\r\n}\r\n \r\nserver {\r\n server_name servername.firma.de;\r\n error_log \/var\/log\/nginx\/servername-error.log;\r\n access_log \/var\/log\/nginx\/servername-access.log;\r\n \r\n listen 443 ssl; # managed by Certbot\r\n ssl_certificate \/etc\/letsencrypt\/live\/firma.de\/fullchain.pem; # managed by Certbot\r\n ssl_certificate_key \/etc\/letsencrypt\/live\/firma.de\/privkey.pem; # managed by Certbot\r\n include \/etc\/letsencrypt\/options-ssl-nginx.conf; # managed by Certbot\r\n ssl_dhparam \/etc\/letsencrypt\/ssl-dhparams.pem; # managed by Certbot\r\n ssl_verify_client off;\r\n \r\n # Set global proxy settings\r\n proxy_read_timeout 360;\r\n \r\n proxy_http_version 1.1;\r\n proxy_pass_request_headers on;\r\n \r\n proxy_pass_header Date;\r\n proxy_pass_header Server;\r\n \r\n proxy_set_header Host $host;\r\n proxy_set_header X-Real-IP $remote_addr;\r\n proxy_set_header Accept-Encoding \"\";\r\n \r\n proxy_set_header Accept-Encoding \"\";\r\n more_set_headers -s 401 'WWW-Authenticate: Basic realm=\"192.168.1.89\"';\r\n \r\n location \/ {\r\n proxy_set_header Host $http_host;\r\n proxy_set_header X_FORWARDED_PROTO https;\r\n proxy_ssl_verify off;\r\n proxy_pass https:\/\/192.168.1.89:4443\/;\r\n }\r\n location \/websocket-tunnel {\r\n proxy_read_timeout 86400;\r\n proxy_pass https:\/\/192.168.1.89:4443;\r\n proxy_http_version 1.1;\r\n proxy_set_header Upgrade $http_upgrade;\r\n proxy_set_header Connection \"Upgrade\";\r\n }\r\n}\r\n<\/pre>\nHerzlichen Dank an Hr. Hildebrand f\u00fcr die Informationen zu diesem Artikel.<\/p>\n