Sergio Ordaz
asked on
Remote desktop gateway behind NGINX
Hi!!
I'm implementing a new RDS deployment bihind a NGINX, I already made the RDWeb works, but I am having troubles with the gateway,
I am always getting this issue:
I made a test forwarding the traffic from the firewall directly to the gateway and it works perfectly. Here is it the configuration of the NGINX.
server {
listen 80;
server_name ##.#####.##;
return 301 https://$host$request_uri;
root /usr/share/nginx/html;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
upstream gateway.####.## {
server gateway.###.##:443;
}
server {
listen 443 ssl;
server_name gateway.##.##;
ssl_certificate "/etc/letsencrypt/live/##. ####.##/fu llchain.pe m";
ssl_certificate_key "/etc/letsencrypt/live/##. ###.##/pri vkey.pem";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:A ES256+EECD H:AES256+E DH';
ssl_prefer_server_ciphers on;
ssl on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.con f;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for ;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_pass $scheme://####.###.##$requ est_uri;
}
Please help!
I'm implementing a new RDS deployment bihind a NGINX, I already made the RDWeb works, but I am having troubles with the gateway,
I am always getting this issue:
I made a test forwarding the traffic from the firewall directly to the gateway and it works perfectly. Here is it the configuration of the NGINX.
server {
listen 80;
server_name ##.#####.##;
return 301 https://$host$request_uri;
root /usr/share/nginx/html;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
upstream gateway.####.## {
server gateway.###.##:443;
}
server {
listen 443 ssl;
server_name gateway.##.##;
ssl_certificate "/etc/letsencrypt/live/##.
ssl_certificate_key "/etc/letsencrypt/live/##.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:A
ssl_prefer_server_ciphers on;
ssl on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.con
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for
proxy_set_header host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
proxy_pass $scheme://####.###.##$requ
}
Please help!
RDGateway verifies traffic end to end. Configuring nginx to provide its own cert like you will break RDG, but web pages like rdweb wouldn't care.
ASKER
Can you help me how can I do that please?
ASKER
those not are the certificates ?
ssl_certificate "/etc/letsencrypt/live/##. ####.##/fu llchain.pe m";
ssl_certificate_key "/etc/letsencrypt/live/##. ###.##/pri vkey.pem";
ssl_certificate "/etc/letsencrypt/live/##.
ssl_certificate_key "/etc/letsencrypt/live/##.
Why are you trying to pass this through nginx? Knowing your goal will help provide a right sized solution.
ASKER
Becouse I wanna use one ip for RDWeb and Gateway.
Are both roles on the same server?
ASKER
No there are in diffrents host
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thx Cliff for the information, do you have the link where did you get it please?
ASKER
Thx