reverse_proxy: split reverse proxy setup in 80/443 servers
This is more compatible with the redirect to HTTPS which is done by the backend (snikket) HTTP server.
This commit is contained in:
parent
eceebd4aba
commit
97586c08b6
|
@ -56,6 +56,18 @@ server {
|
|||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name chat.example.com;
|
||||
server_name groups.chat.example.com;
|
||||
server_name share.chat.example.com;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5080/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# Accept HTTPS connections
|
||||
listen [::]:443 ssl ipv6only=on;
|
||||
listen 443 ssl;
|
||||
|
@ -67,13 +79,22 @@ server {
|
|||
server_name share.chat.example.com;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5080/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass https://localhost:5080/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# REMOVE THIS IF YOU CHANGE `localhost` TO ANYTHING ELSE ABOVE
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_ssl_server_name on;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
**Note:** You may modify the first server block to include a redirect to HTTPS
|
||||
instead of proxying plain-text HTTP traffic. When doing that, take care to
|
||||
proxy `.well-known/acme-challenge` even in plain text to allow Snikket to
|
||||
obtain certificates.
|
||||
|
||||
### sslh
|
||||
|
||||
sslh is a little different to the other servers listed here, as it is not a web server. However it is able
|
||||
|
|
Loading…
Reference in New Issue