sofuca 0 Posted December 23, 2015 Share Posted December 23, 2015 I just seem to get bad gateway all the time yet my OwnCloud server works just fine. All firewalls off and selinux also turned off... [root@nginx conf.d]# cat main.conf ssl_certificate /etc/ssl/ssl-unified.crt; ssl_certificate_key /etc/ssl/example.com.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/nginx/conf.d/dhparam.pem; # modern configuration. tweak to your needs. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_prefer_server_ciphers on; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; resolver 8.8.8.8; server { listen 80; server_name example.com; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 ssl; server_name example.com; client_max_body_size 100m; ssl on; location /owncloud { proxy_pass http://172.21.21.14:80; proxy_read_timeout 240; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } location /emby { proxy_pass http://172.21.21.16:8096; proxy_read_timeout 240; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } location /plex/ { proxy_pass http://172.21.21.15:32400/web/; proxy_read_timeout 240; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } } Link to comment Share on other sites More sharing options...
fc7 123 Posted December 23, 2015 Share Posted December 23, 2015 Did you search in the forum already? There are older posts covering the NGINX reverse-proxy configuration and users that got it working and posted it here. Link to comment Share on other sites More sharing options...
marcus2004 1 Posted December 24, 2015 Share Posted December 24, 2015 I'm not sure if this is quite what you're looking for, but I used this info on creating sub domains pointing to my different server ports. ie. emby.domain.com translates to domain.com:8096 https://whatididtodowhatidid.wordpress.com/2014/03/14/subdomains-for-ports-on-same-ubuntu-server-with-nginx-reverse-proxy/ 1 Link to comment Share on other sites More sharing options...
Delphi 83 Posted December 25, 2015 Share Posted December 25, 2015 (edited) location / {# Send traffic to the backendproxy_pass http://127.0.0.1:8096;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;proxy_set_header Host $host;proxy_set_header X-Forwarded-Proto $remote_addr;proxy_set_header X-Forwarded-Protocol $scheme;proxy_redirect off;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";} Edited December 25, 2015 by Delphi Link to comment Share on other sites More sharing options...
fc7 123 Posted December 25, 2015 Share Posted December 25, 2015 location / { # Send traffic to the backend proxy_pass http://127.0.0.1:8096; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";} Is this configuration working fine for you even on latest stable if you connect with the web client? I'm using apache instead of Nginx and since upgrading to the latest stable release (last weekend) I can't use the webclient through the proxy anymore. The login page doesn't load completely and I can't login. Another user running nginx reported the same problem. That's why I ask. If this config works I will try to mimic it in Apache or I will consider even switching to Nginx. Sent from my iPad using Tapatalk Link to comment Share on other sites More sharing options...
Delphi 83 Posted December 25, 2015 Share Posted December 25, 2015 this is the exact one im using with lastest stable on ubuntu working fine in nginx Link to comment Share on other sites More sharing options...
fc7 123 Posted December 25, 2015 Share Posted December 25, 2015 (edited) this is the exact one im using with lastest stable on ubuntu working fine in nginx I would assume you are not using authentication at nginx level (two layers auth 1-Proxy, 2-Emby). Only at Emby level, correct? Edited December 25, 2015 by fc7 Link to comment Share on other sites More sharing options...
jose 73 Posted December 25, 2015 Share Posted December 25, 2015 (edited) This is my config server { listen 8080; server_name _; return 444; } server { listen 8080; server_name mydomain.com; return 301 https://$host$request_uri; } server { listen 8080; server_name media.mydomain.com; return 301 https://$host$request_uri; } server { listen 8080; server_name www.mydomain.com; return 301 https://$host$request_uri; } server { listen 8443 ssl; server_name mydomain.com; if ($host = "mydomain.com") { set $test "pass"; } if ($host = "media.mydomain.com") { set $test "pass"; } if ($host = "www.mydomain.com") { set $test "pass"; } if ($test != "pass") { return 444; } ssl_certificate /mydomain.com.crt; ssl_certificate_key /mydomain.com_key.pem; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; access_log /var/log/nginx/emby.log main; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Fix the “It appears that your reverse proxy set up is broken" error. proxy_pass http://localhost:8096; proxy_read_timeout 90; proxy_redirect http://localhost:8096 https://mydomain.com; } } server { listen 8443; server_name _; return 444; } The only problem i have is when i use the chromecast from outside my LAN i need to access the server directly though mydomain.com:8920 that is a straight connection to emby Edited December 25, 2015 by jose Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now