Redirect http and https for one domain

[GrooveXT]

Hey,
I'm new to reverse proxy topic, maybe my question is silly. So sorry for that.
I have some software that tries to get its own let's encrypt certificate and needs port 80 and 443 passthrough. Nginx Proxy Manager let me only redirect either http or https from one domain to my host but not both.
How do I force it to redirect both protocols respectively ports? Or am I totally wrong with what a reverse proxy is doing?

Thx

[jc21]

You are correct, only one upstream can be configured. This kind of advanced idea could be implemented in future versions.

[GrooveXT]

Thx for reply.
Is there a workaround?

[Cerothen]

If I understand correctly you are looking to let a back end application perform the letsencrypt challenge and verification.

Unfortunately this is not possible since nginx performs SSL offloading on the 443 port. This means that while it is possible to direct port 80 to back end 80 and 443 to back end 443 when a client connects via HTTPS then nginx will offload that using whatever certificate it has and setup a new HTTPS connection to the backend.

Anywho if your looking to align the front ports with the back ports you can use the following, just stick it in your "advanced" section:

location / {
	proxy_pass       https://$server:$server_port;
	include conf.d/include/proxy.conf;
}

Alternatively you can use the port option indicated on the first page as the default destination for https incoming traffic and direct port 80 to an arbitrary alternate port with:

location / {
	# Proxy!
	if ($server_port = 80) {
		proxy_pass       https://$server:8080;
	}
	include conf.d/include/proxy.conf; # If not port 80 then go to whatever port is specified on the first tab
}

As an alternative to all of the above you could look at this ISSUE #44 which is to add GUI support for hostnames in the streams section. An extension of that would be that we would need it to also run on 443 transparently (eg non matched stream hostnames go to the standard reverse proxy logic while matched traffic goes to the indicated stream destination

[geelenbert]

I think i want to achieve something similar.

I have 2 domains: domain1.com and domain2.com.

I want domain1.com to function with Nginx reverse proxy as designed.
So creating proxy host like:

• website.domain1.com -> 192.168.1.30:80
• download.domain1.com -> 192.168.1.35:8000
• app.domain1.com -> 192.168.1.60:9999

The second domain should point to one server, which handles the SSL offloaing by itself:

• domain2.com -> 192.168.1.100 Port 80 and Port 443

How should this be done ?

[Cerothen]

At the time this is not natively possible by this project, this can't be achieved by the "proxy host" area since that would offload the SSL request. Since it would need to be handled by the "streams" area you would need to have more support in that area for SSL PREREAD.

Basically you want the following:

HTTP(S) -> STREAMS HOST WITH SSL PREREAD -|-> NORMAL NGINX FUNCTION -> Backend Hosts
                                          |
          Only if hostname matches (443)  |-> Backend hosts

This has other issues though since it effectively replaces the client IP with 127.0.0.1 (or whatever you used), which leads into also wanting something like transparent proxying. Is there a particular reason you don't want to let NGINX handle the SSL offloading (or setting up a new HTTPS connection between the proxy and the backend)?

I would think it would be possible if you entered developed the configs and just left them in the appropriate folders in the data directory but you wouldn't be able to get the transparent part working and you wouldn't be able to manage it or reload it in the webui. YMMV

[geelenbert]

I have VM that is completely self providing. It has its own Reverse proxy. This vm can run on a VPS, but i want to move it to a local server with better resources.

[sanderlv]

I would like this:

HTTP sub1.domain.com:80 --> 192.168.1.142:8123
HTTPS sub1.domain.com:443 with letsencrypt --> 192.168.1.142:8123
HTTPS sub2.domain.com:443 with letsencrypt --> 192.168.1.254:443
HTTP sub3.domain.com:80 --> 192.168.1.99:80
HTTPS sub3.domain.com:443 with letsencrypt --> 192.168.1.99.443

Is this possible? I can get all traffic via HTTPS to several backend servers this way but if I have an HTTPS server with letsencrypt configured nothing happens from initiating browser side.
I also cannot seem to find any logging in the interface.

[chaptergy]

These setups could be achieved if with ssl forwarding. The feature is currently under review, see #853.

[george-viaud]

I have the same need as the OP (both http and https forwarding for the same domain) for the same reason - Lets Encrypt is needed by my email server which is behind nginx proxy. It needs to be able to generate its own cert, but I want nginx manager to handle the front-end's cert. Forwarding of https and http to 443 and 80 respectively would solve my problem.

[Bluscream]

Is this still not implemented? How hard can it be to listen on 2 ports on the same domain? Nginx and apache can do it

[ueukxvj]

Unbelievable that this still not implemented. Deleting this stupid docker and installing nginx