nginx reverse proxy

Is there any possible way to do that with nginx  ?

We are forwarding all 80/443 port traffic to  192.168.1.8 nginx proxy server
We want to let it detect the real ip of the server and forward the traffic to the real ip without writing a config for each domain ?
FireBallITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gelonidaCommented:
I'm not sure I understand your question.

It seems, that you try to implement a forward proxy and not a reverse proxy.

What do you mean exactly with:
"We are forwarding all 80/443 port traffic to  192.168.1.8 nginx proxy server"
Is this a browser configuration, an iptables rule, something else?
Who is forwarding?



Up to my knowledge nginx is not intented to be used as a forward proxy.
You could use squid or privoxy

Here an old article (perhaps obsolete though) from 2009:
http://forum.nginx.org/read.php?2,15124,15256#msg-15256
FireBallITAuthor Commented:
our router.
We want to let the nginx find the real ip and resend the traffic to there
gelonidaCommented:
OK, so your router will redirect all http/https packets to nginx's address instead of sending it to the correct address you'd like to use nginx to act as reverse proxy and find the IP addresses automatically.

I don't know how to do this, but could imagine that there might be a trick for HTTP, which I don't know.
I'd be very suprised whether this would be possible for HTTPS.
Normally it's nginx who handles https and SNI detection. this means nginx would need the certificates and would decrypt all traffic.

Though I never had time to look at it personally I think that haproxy ( https://en.wikipedia.org/wiki/HAProxy ) might be a better match for what you try to achieve.

However not sure if it can do what you want.


Could  an alternative approach be to autogenerate the nginx config?

What is the motivation for this setup? Perhaps this might help to find alternative solutions.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

FireBallITAuthor Commented:
our aim is not about the handle 443  / https , we just want to let it catch and act like a reverse proxy without checking the names
gelonidaCommented:
To summarize:

I don't know how to autoforward HTTP traffic with a nginx with a wild card configuration.
Either there's a trick I don't know or you had to explicitely create a configuration for each potential http server.

If you know the server names up-front, then you could auto-generate this configuration periodically.


For HTTPS on the other hand I'm rather sure, that you will not be successful with nginx.
nginx can up to my knowledge NOT forward HTTPS traffic without decrypting it. haproxy on the other hand is supposed to be able to do this (though I never tried it)
but even for haproxy I can't say, whether this would work with an automatic wildcard connfiguration.

nginx and haproxy should have a lua scripting module. perhaps this would allow for parts of this dynamic functionality.
My knowledge ends about there.
Perhaps somebody else knows more (can confirm or 'unconfirm') my assumtions?

If you find out any way to get this (or parts of this) working, then I'd be very interested, though I don't have an immideate appliction for this use case.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FireBallITAuthor Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.