apt-get install nginx<\/pre>\nG\u00e9n\u00e9ration d’un certificat SSL autosign\u00e9 (ceci va permettre de ne pas avoir de connexion en clair,cela \u00e9vite de pouvoir r\u00e9cup\u00e9rer les identifiants\/password en clair sur votre r\u00e9seau) :<\/p>\n
sudo openssl genrsa -out \/etc\/nginx\/nginx.key 2048\r\nsudo openssl req -new -key nginx.key -out \/etc\/nginx\/nginx.csr\r\nsudo openssl x509 -req -days 3650 -in \/etc\/nginx\/nginx.csr -signkey \/etc\/nginx\/nginx.key -out \/etc\/nginx\/nginx.crt<\/pre>\n <\/p>\n
Les h\u00f4tes virtuels :<\/strong><\/p>\nImaginons que nous avons 4 services web sur 3 serveurs :<\/p>\n
-Serveur_01 : Service_01_HTTP\r\n\r\n-Serveur_02 : Service_02_HTTPS\r\n\r\n-Serveur_03 : Service_03_HTTP + Service_04_HTTPS<\/pre>\nNous allons donc cr\u00e9er 4 entr\u00e9es DNS sur notre nom de domaine :<\/p>\n
service01http.mondomaine.com\r\n\r\nservice02https.mondomaine.com\r\n\r\nservice03http.mondomaine.com\r\n\r\nservice04https.mondomaine.com<\/pre>\nImaginons maintenant que pour le service02https nous voulons y acc\u00e9der par deux adresses diff\u00e9rentes :<\/p>\n
service02https.mondomaine.com\r\nservice02httpsbis.mondomaine.com\r\n<\/pre>\nLe but est donc d’acc\u00e9der \u00e0 ces 4 services en HTTPS (peu importe que le service supporte ou non le SSL)<\/p>\n
<\/p>\n
Configuration des hosts :<\/strong><\/p>\nNous allons donc commencer par configurer Nginx :<\/p>\n
sudo nano \/etc\/nginx\/sites-available\/reverse<\/pre>\nCollez ensuite ceci :<\/p>\n
# Certificats SSL\r\nssl_certificate \/etc\/nginx\/nginx.crt;\r\nssl_certificate_key \/etc\/nginx\/nginx.key;\r\n\r\nserver {\r\n # Redirection des requetes en HTTP vers HTTPS\r\n # Port en entree\r\n listen 80;\r\n # Redirection vers\r\n return 301 https:\/\/$host$request_uri;\r\n}\r\n\r\nserver {\r\n # service01http\r\n listen 443;\r\n # J'active SSL\r\n ssl on;\r\n\r\n server_name service01http.mondomaine.com; # entree DNS\r\n location \/ { # pour le dossier racine (\/), on active le mode proxy vers l'adresse sp\u00e9cifi\u00e9e, sur le port sp\u00e9cifi\u00e9\r\n proxy_pass http:\/\/192.168.1.2:80\/;\r\n }\r\n}\r\n\r\nserver {\r\n # service02https et service02httpsbis\r\n listen 443;\r\n ssl on;\r\n\r\n # On peut sp\u00e9cifier 2 noms de domaine diff\u00e9rents qui auront le m\u00eame comportement\r\n server_name service02https.mondomaine.com;\r\n server_name service02httpsbis.mondomaine.com;\r\n location \/ {\r\n proxy_pass https:\/\/192.168.1.3:443\/;\r\n }\r\n}\r\n\r\nserver {\r\n # service03http\r\n listen 443;\r\n # J'active SSL\r\n ssl on;\r\n\r\n server_name service03http.mondomaine.com; # entree DNS\r\n location \/ { # pour le dossier racine (\/), on active le mode proxy vers l'adresse sp\u00e9cifi\u00e9e, sur le port sp\u00e9cifi\u00e9\r\n proxy_pass http:\/\/192.168.1.4:80\/;\r\n }\r\n}\r\n\r\nserver {\r\n # service04https\r\n listen 443;\r\n # J'active SSL\r\n ssl on;\r\n\r\n server_name service04https.mondomaine.com; # entree DNS\r\n location \/ { # pour le dossier racine (\/), on active le mode proxy vers l'adresse sp\u00e9cifi\u00e9e, sur le port sp\u00e9cifi\u00e9\r\n proxy_pass https:\/\/192.168.1.4:443\/;\r\n }\r\n}<\/pre>\n <\/p>\n
Maintenant un petit restart et votre reverse proxy est maintenant en ligne !<\/p>\n
sudo \/etc\/init.d\/nginx restart<\/pre>\n <\/p>\n
Petit ajout, si Nginx n’arrive pas a red\u00e9marrer, c’est peut \u00eatre \u00e0 cause de la longueur de votre entr\u00e9e DNS\u00a0(server_name)<\/p>\n
Pour y rem\u00e9dier faites :<\/p>\n
sudo nano \/etc\/nginx\/nginx.conf<\/pre>\nPuis cherchez la ligne :<\/p>\n
#server_names_hash_bucket_size 64;<\/pre>\nD\u00e9commentez l\u00e0 en enlevant le # :<\/p>\n
server_names_hash_bucket_size 64;<\/pre>\nEt vous pouvez maintenant red\u00e9marrer\u00a0Nginx :<\/p>\n
sudo \/etc\/init.d\/nginx restart<\/pre>\n <\/p>\n
<\/p>\n
<\/p>\n
Si vous avez des soucis ou des questions, n’h\u00e9sitez pas les commentaires sont fait pour \u00e7a :)<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Bonjour, Si comme moi, vous commencez \u00e0 avoir pas mal de services dispatch\u00e9 sur quelques serveurs et que vous en [&hellip<\/p>\n","protected":false},"author":1,"featured_media":461,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2,27,44,43,122,108,123],"tags":[88,100,110,85,111],"class_list":["post-455","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-projets","category-raspberry-projets","category-raspberry-arduino","category-raspbian","category-reseau","category-reverse-proxy","tag-mac","tag-o","tag-os","tag-raspberry-2","tag-x"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.jjtronics.com\/wordpress\/wp-content\/uploads\/2016\/03\/Shemas-Reverse-Proxy-NGINX-jjtronics.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6YUVZ-7l","jetpack-related-posts":[],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/posts\/455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/comments?post=455"}],"version-history":[{"count":13,"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/posts\/455\/revisions"}],"predecessor-version":[{"id":458,"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/posts\/455\/revisions\/458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/media\/461"}],"wp:attachment":[{"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/media?parent=455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/categories?post=455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jjtronics.com\/wordpress\/wp-json\/wp\/v2\/tags?post=455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Shemas](\"https:\/\/www.jjtronics.com\/wordpress\/wp-content\/uploads\/2016\/03\/Shemas-Reverse-Proxy-NGINX-jjtronics.jpg\")
<\/a><\/p>\n