Learn about Centmin Mod LEMP Stack today
Register Now

SSL Cloudflare may i use centminmod as reserve proxy ?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by TRINH AI QUOC, Feb 7, 2024.

  1. TRINH AI QUOC

    TRINH AI QUOC New Member

    13
    1
    3
    Dec 28, 2020
    Ratings:
    +1
    Local Time:
    3:34 PM
    1.17.3
    10
    hi , thank you @eva2000 ,
    i use CentinMod a long time.
    i have a question, may i use CentminMod as Reserve Proxy like this
    Hosting A use CentminMod as Reserve Proxy
    Hosting B use CenminMod
    i try with Wordpess everthing is ok but only problem when i go home page.
    its show error : ERR_TOO_MANY_REDIRECTS
    i create vhost with hosting A using nv -d domain.com -s yd
    hosting B using nv -d domain.com -s n
    Here my domain.conf. Please help me to fix it.
    Thanks you so much !!!


    HOST A CentminMod - RESERVE PROXY

    HOST B use CentminMod - code web
     
  2. eva2000

    eva2000 Administrator Staff Member

    51,209
    11,897
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,371
    Local Time:
    6:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    Centmin Mod Nginx is like regular Nginx. You just have to figure out how to configure nginx reverse proxy yourself. Maybe try proxy_pass to https version instead of non-https?

    But any reason why such a complicated setup when you can just use Centmin Mod and put Cloudflare in front
     
  3. brijendrasial

    brijendrasial Active Member

    198
    143
    43
    Mar 21, 2018
    Ratings:
    +225
    Local Time:
    2:04 PM
    1.13.9
    10.0.22-MariaDB
    we do use setup like this where a centminmod instance woks as reverse proxy to another centminmod instance :)
     
  4. TRINH AI QUOC

    TRINH AI QUOC New Member

    13
    1
    3
    Dec 28, 2020
    Ratings:
    +1
    Local Time:
    3:34 PM
    1.17.3
    10
     
  5. TRINH AI QUOC

    TRINH AI QUOC New Member

    13
    1
    3
    Dec 28, 2020
    Ratings:
    +1
    Local Time:
    3:34 PM
    1.17.3
    10
    i try this demo @eva2000
    when i use this ccc.congtyannhien.com or ccc.congtyannhien.com/1/ >>> everything is ok.
    but when i use this ccc.congtyannhien.com/1 (without / ) it redirrect to ccc.congtyanhien.com:10999/1/'

    upload_2024-2-8_6-40-25.png


    This my conf
    Reserve Proxy
    Code:
    # Centmin Mod Getting Started Guide
    # must read https://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read https://centminmod.com/letsencrypt-freessl.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
     
      server_name ccc.congtyannhien.com www.ccc.congtyannhien.com;
       return 302 https://$server_name$request_uri;
    }
    
    server {
      listen 443 ssl http2;
    
      server_name ccc.congtyannhien.com www.ccc.congtyannhien.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/ccc.congtyannhien.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/ccc.congtyannhien.com/ccc.congtyannhien.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/ccc.congtyannhien.com/ccc.congtyannhien.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/ccc.congtyannhien.com/origin.crt;
      #ssl_verify_client on;
     
     
     
      # mozilla recommended
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/ccc.congtyannhien.com/ccc.congtyannhien.com-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/ccc.congtyannhien.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/ccc.congtyannhien.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/ccc.congtyannhien.com/autoprotect-ccc.congtyannhien.com.conf;
     # root /home/nginx/domains/ccc.congtyannhien.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
    
    proxy_pass http://192.168.9.11:10999/;  #change to your internal server IP
     #proxy_redirect https://ccc.congtyannhien.com:10999 https://congtyannhien.com;
    
    
             proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Real-Port $server_port;
            proxy_set_header X-Real-Scheme $scheme;
    
    
    
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
     # try_files $uri $uri/ /;
    
      }
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/pre-staticfiles-local-ccc.congtyannhien.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    
    }
    
    This web host


    Code:
    # Centmin Mod Getting Started Guide
    # must read https://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read https://centminmod.com/letsencrypt-freessl.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
      # listen 10999;
      server_name ccc.congtyannhien.com www.ccc.congtyannhien.com;
    #  return 302 https://$server_name$request_uri;
    return 302 192.168.9.11;
     }
    
    server {
     listen 10999;
     # listen 443 ssl;
    #http2 on;
    #server_name ccc.congtyannhien.com www.ccc.congtyannhien.com;
    
     # ssl_dhparam /usr/local/nginx/conf/ssl/ccc.congtyannhien.com/dhparam.pem;
     # ssl_certificate      /usr/local/nginx/conf/ssl/ccc.congtyannhien.com/ccc.congtyannhien.com.crt;
     # ssl_certificate_key  /usr/local/nginx/conf/ssl/ccc.congtyannhien.com/ccc.congtyannhien.com.key;
     # include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/ccc.congtyannhien.com/origin.crt;
      #ssl_verify_client on;
     
     
     
      # mozilla recommended
      #ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
     # ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
     # add_header X-Xss-Protection "1; mode=block" always;
     # add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
      #spdy_headers_comp 5;
     # ssl_buffer_size 1369;
     # ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/ccc.congtyannhien.com/ccc.congtyannhien.com-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
     # access_log /home/nginx/domains/ccc.congtyannhien.com/log/access.log combined buffer=256k flush=5m;
     # error_log /home/nginx/domains/ccc.congtyannhien.com/log/error.log;
    
     # include /usr/local/nginx/conf/autoprotect/ccc.congtyannhien.com/autoprotect-ccc.congtyannhien.com.conf;
      root /home/nginx/domains/ccc.congtyannhien.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      #include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      # include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
     # include /usr/local/nginx/conf/php.conf;
     
     # include /usr/local/nginx/conf/pre-staticfiles-local-ccc.congtyannhien.com.conf;
     # include /usr/local/nginx/conf/pre-staticfiles-global.conf;
     # include /usr/local/nginx/conf/staticfiles.conf;
     # include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
     # include /usr/local/nginx/conf/vts_server.conf;
    }
    
     

    Attached Files:

    Last edited: Feb 8, 2024