Friday, 5 September 2025

Nginx http server, terminate TLS, proxy http, Nginx TLS proxy

 docker-compose

networks:

  backend:

    ipam:

      driver: default

      config:

        - subnet: 169.254.6.0/28


services:

 go-service:

  ..............

    networks:

      backend:

        ipv4_address: 169.254.6.2

.................

  nginx:

    image: nginx:1.27-alpine

    restart: unless-stopped

    networks:

      backend:

        ipv4_address: 169.254.6.4

    ports:

      - "443:443"

      - "9586:9586"

    volumes:

      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro

      - ./nginx/certs/myserver:/etc/nginx/certs:ro

      - ./nginx/logs:/var/log/nginx

    extra_hosts:

      - test.com:169.254.6.2

!!!!!!!!!!!!!!! then whenever u use test.com in nginx container it will go to 169.254.6.2 the docker service


nginx.conf

# /etc/nginx/nginx.conf

worker_processes auto;

events { worker_connections 1024; }

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_tokens off;
    sendfile      on;
    access_log /var/log/nginx/access.log;
    error_log  /var/log/nginx/error.log;

    server {
        listen 443 ssl;
        http2 on;
        server_name site_a.com;

        ssl_certificate     /etc/nginx/certs/site_a.crt;
        ssl_certificate_key /etc/nginx/certs/site_a.key;

        root /usr/share/nginx/html;

        location = /docs {
            return 301 /docs/;
        }

        access_log /var/log/nginx/site_a-ssl.access.log;
        error_log  /var/log/nginx/site_a-ssl.error.log;
    }

#teminates TLS at nginx, reverse proxy http to go service 
    server {
        listen                  443 ssl;
        server_name             siteb.com;
        #charset koi8-r;
        access_log /var/log/nginx/siteb-ssl.access.log;
        error_log  /var/log/nginx/siteb-ssl.error.log;

        ssl_certificate     /etc/nginx/certs/siteb.crt;
        ssl_certificate_key /etc/nginx/certs/siteb.key;

        proxy_set_header    X-Real-IP        $remote_addr;
        proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;

#specified in docker
        location / {
            proxy_pass https:// test.com;
        }


        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }

}

// TCP reverse proxy
stream {
    server {
        listen 9888 reuseport;
        proxy_connect_timeout 10s;
        proxy_timeout 600s;

        proxy_pass test.com:9888;
        #log/inspect SNI if needed
        ssl_preread on;
    }
}


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)