Powered by GitBook

HTTPS Proxy

server {
        server_name lily.domain.id;
        return 301 https://$server_name$request_uri;
}


server {
        listen 443;
        server_name lily.domain.id;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/lily.domain.id/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/lily.domain.id/privkey.pem;
        ssl_session_timeout 1d;
        ssl_protocols TLSv1.2;
        add_header Strict-Transport-Security max-age=15768000;

        location / {
                proxy_pass         http://192.168.212.103;
                proxy_redirect     off;
                proxy_set_header   Host $http_host;
                proxy_set_header   X-Real-IP $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header   X-Forwarded-Host $server_name;
                proxy_set_header   X-Forwarded-Proto $scheme;
        }    
}

server {
        server_name magnolia.domain.id;
        return 301 https://$server_name$request_uri;
}

server {
        listen 443;
        server_name magnolia.domain.id;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/magnolia.domain.id/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/magnolia.domain.id/privkey.pem;
        ssl_session_timeout 1d;
        ssl_protocols TLSv1.2;
        add_header Strict-Transport-Security max-age=15768000;

        location / {
                proxy_pass         http://192.168.212.108;
                proxy_redirect     off;
                proxy_set_header   Host $http_host;
                proxy_set_header   X-Real-IP $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header   X-Forwarded-Host $server_name;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }
}

server {
        server_name rose.domain.id;
        location / {
            proxy_pass http://192.168.212.110;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
}

server {
        server_name jasmine.domain.id;
        return 301 https://$server_name$request_uri;
}

server {
        listen 443;
        server_name jasmine.domain.id;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/jasmine.domain.id/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/jasmine.domain.id/privkey.pem;
        ssl_session_timeout 1d;
        ssl_protocols TLSv1.2;
        add_header Strict-Transport-Security max-age=15768000;

        location / {
            proxy_pass         http://192.168.212.112;
            proxy_redirect     off;
            proxy_set_header   Host $http_host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }
}

server {
        server_name orchid.domain.id;
        return 301 https://$server_name$request_uri;
}

server {
        listen 443;
        server_name orchid.domain.id;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/orchid.domain.id/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/orchid.domain.id/privkey.pem;
        ssl_session_timeout 1d;
        ssl_protocols TLSv1.2;
        add_header Strict-Transport-Security max-age=15768000;

        location / {
            proxy_pass         http://192.168.212.113;
            proxy_redirect     off;
            proxy_set_header   Host $http_host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }
}

Configure Nessus on Public.

        server {
                server_name nessus.domain.id;
                return 301 https://$server_name$request_uri;
        }


        server {
                listen 443;
                server_name nessus.domain.id;
                ssl on;
                ssl_certificate /etc/letsencrypt/live/nessus.domain.id/fullchain.pem;
                ssl_certificate_key /etc/letsencrypt/live/nessus.domain.id/privkey.pem;
                ssl_session_timeout 1d;
                ssl_protocols TLSv1.2;
                add_header Strict-Transport-Security max-age=15768000;

                location / {
                        # set max upload size
                        client_max_body_size 512M;
                        fastcgi_buffers 8 4K;                     # Please see note 1
                        fastcgi_ignore_headers X-Accel-Buffering; # Please see note 2
                        gzip off;
                        proxy_pass https://192.168.200.101:8834;
                        auth_basic "Restricted Content";
                        auth_basic_user_file /etc/nginx/.htpasswd;
                        proxy_ssl_trusted_certificate /usr/share/nessus/CA/servercert.pem;
                        proxy_ssl_verify   off;
                        proxy_ssl_server_name on;
                        proxy_redirect     off;
                        proxy_set_header   Host $http_host;
                        proxy_set_header   X-Real-IP $remote_addr;
                        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header   X-Forwarded-Host $server_name;
                        proxy_set_header   X-Forwarded-Proto $scheme;
                        proxy_read_timeout 600;
                }
        }

Finish.

Troubleshooting

If SSL error when configured, use proxy_ssl_trusted_certificate instead proxy_ssl_certificate.

results matching ""

No results matching ""