I have an Openfire daemon running at http://192.168.2.33:9090
(no SSL) and I want to bind it via proxy to the host name https://openfire.example.com
(I have SSL certificate for it).
How would I do this? When I add SSL string to nginx config it shows an SSL error. Here is my current config without ssl support:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name openfire.example.com;
location / {
proxy_pass http://192.168.2.33:9090;
proxy_redirect http://192.168.2.33:9090/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
auth_basic "Private Property";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
This configuration produces an Error 502 Bad gateway.
A minor change (as seen below) leads to ERR_TOO_MANY_REDIRECTS.
server {
listen *:80;
listen *:443;
server_name openfire.example.com;
ssl on;
ssl_protocols SSLv3 TLSv1;
ssl_certificate /etc/letsencrypt/live/openfire.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/openfire.example.com/privkey.pem;
location / {
rewrite ^(.*)$ https://openfire.example.com$1 permanent;
proxy_pass http://192.168.2.33:9090;
proxy_redirect http://192.168.2.33:9090/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
}
}
Best Answer
I don't have enough reputation to add comment, so adding this as an answer. I was looking for similar thing, I was trying to pass traffic coming into my raspberry pi 4 to another pi (pi zero w). I followed the answer above, with some updates and I though to share with others (just for a reference for other users who might have come across to this answer after many years).
as the
$openfire_ip
and$openfire_port
was not used more than once, I think it's not needed to set it up as a variable.