Proxy reverso
Contents
$ apt install nginx-full
Luego de finalizada la instalación, verificamos que el servicio está funcionando.
$ systemctl status nginx
Salida
● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2021-09-17 04:23:45 UTC; 4min 23s ago Docs: man:nginx(8) Main PID: 3942 (nginx) Tasks: 3 (limit: 4719) Memory: 6.1M CGroup: /system.slice/nginx.service ├─3942 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; ├─3943 nginx: worker process └─3944 nginx: worker process As you can see above, the service appears to have started successfully. However, the best way to test this is to actually request a page from Nginx.
Para verificar que el software se está ejecutando correctamente navegamos a la dirección IP de nuestro servidor:
http://127.0.0.1
Deberías ver la página de inicio de Nginx:
Vamos a eliminar la configuración predeterminada
$ rm /etc/nginx/sites-available/default $ rm /etc/nginx/sites-enabled/default
Y ahora, crearemos una nueva
$ nano /etc/nginx/sites-available/jitsi.dominio.edu.ar.conf
Donde agregaremos los parámetros necesarios para nuestro jitsi
types { application/wasm wasm; } server { listen 80; server_name jitsi.dominio.edu.ar; server_tokens off; # Don't show the nginx version number include /etc/nginx/snippets/location-letsencrypt.conf; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name jitsi.dominio.edu.ar; server_tokens off; # Don't show the nginx version number include /etc/nginx/snippets/location-letsencrypt.conf; ssl_certificate /etc/letsencrypt/live/jitsi.dominio.edu.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/jitsi.dominio.edu.ar/privkey.pem; # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; # about 40000 sessions # Defining option to share SSL Connection with Passed Proxy ssl_session_tickets off; add_header Strict-Transport-Security "max-age=63072000" always; set $prefix ""; ssl_dhparam /etc/ssl/dhparams.pem; ssl_ecdh_curve secp384r1; location / { ssi on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass http://RANGO.IP.PRIVADO.120/; # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location ~ ^/(?!(http-bind|external_api\.|xmpp-websocket))([a-zA-Z0-9=_äÄöÖüÜß\?\-]+)$ { rewrite ^/(.*)$ / break; } # BOSH location /http-bind { proxy_pass http://RANGO.IP.PRIVADO.120:5280/http-bind; #IP servidor jitsi proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; tcp_nodelay on; } # xmpp websockets location /xmpp-websocket { proxy_pass http://RANGO.IP.PRIVADO.120:5280/xmpp-websocket; #IP servidor jitsi proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; tcp_nodelay on; } access_log /var/log/nginx/jitsi.dominio.edu.ar/access.log; error_log /var/log/nginx/jitsi.dominio.edu.ar/error.log; }
Habilitamos esta configuración en nuestro servidor
$ ln -s /etc/nginx/sites-available/jitsi.dominio.edu.ar.conf /etc/nginx/sites-enabled/jitsi.dominio.edu.ar.conf
Para evitar un posible problema de memoria que puede surgir de la adición de nombres de servidores adicionales a nuestra configuración, es necesario ajustar un solo valor en el archivo /etc/nginx/nginx.conf
. Abrí el archivo:
$ nano /etc/nginx/nginx.conf
Encontrá la directiva server_names_hash_bucket_size
y descomentá la línea.
Guardamos los cambios y reiniciamos nginx
$ systemctl restart nginx