Proxy reverso
Contents
$ apt install nginx-full
Luego de finalizada la instalación, verificamos que el servicio está funcionando.
$ systemctl status nginx
Salida
● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2021-09-17 04:23:45 UTC; 4min 23s ago Docs: man:nginx(8) Main PID: 3942 (nginx) Tasks: 3 (limit: 4719) Memory: 6.1M CGroup: /system.slice/nginx.service ├─3942 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; ├─3943 nginx: worker process └─3944 nginx: worker process As you can see above, the service appears to have started successfully. However, the best way to test this is to actually request a page from Nginx.
Para verificar que el software se está ejecutando correctamente navegamos a la dirección IP de nuestro servidor:
http://127.0.0.1
Deberías ver la página de inicio de Nginx:
Vamos a eliminar la configuración predeterminada
$ rm /etc/nginx/sites-available/default $ rm /etc/nginx/sites-enabled/default
Y ahora, crearemos una nueva
$ nano /etc/nginx/sites-available/jitsi.dominio.edu.ar.conf
Donde agregaremos los parámetros necesarios para nuestro jitsi
types {
application/wasm wasm;
}
server {
listen 80;
server_name jitsi.dominio.edu.ar;
server_tokens off;
# Don't show the nginx version number
include /etc/nginx/snippets/location-letsencrypt.conf;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name jitsi.dominio.edu.ar;
server_tokens off;
# Don't show the nginx version number
include /etc/nginx/snippets/location-letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/jitsi.dominio.edu.ar/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jitsi.dominio.edu.ar/privkey.pem;
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # about 40000 sessions
# Defining option to share SSL Connection with Passed Proxy
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000" always;
set $prefix "";
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_ecdh_curve secp384r1;
location / {
ssi on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://RANGO.IP.PRIVADO.120/;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ ^/(?!(http-bind|external_api\.|xmpp-websocket))([a-zA-Z0-9=_äÄöÖüÜß\?\-]+)$ {
rewrite ^/(.*)$ / break;
}
# BOSH
location /http-bind {
proxy_pass http://RANGO.IP.PRIVADO.120:5280/http-bind;
#IP servidor jitsi
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
tcp_nodelay on;
}
# xmpp websockets
location /xmpp-websocket {
proxy_pass http://RANGO.IP.PRIVADO.120:5280/xmpp-websocket;
#IP servidor jitsi
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
tcp_nodelay on;
}
access_log /var/log/nginx/jitsi.dominio.edu.ar/access.log;
error_log /var/log/nginx/jitsi.dominio.edu.ar/error.log;
}
Habilitamos esta configuración en nuestro servidor
$ ln -s /etc/nginx/sites-available/jitsi.dominio.edu.ar.conf /etc/nginx/sites-enabled/jitsi.dominio.edu.ar.conf
Para evitar un posible problema de memoria que puede surgir de la adición de nombres de servidores adicionales a nuestra configuración, es necesario ajustar un solo valor en el archivo /etc/nginx/nginx.conf. Abrí el archivo:
$ nano /etc/nginx/nginx.conf
Encontrá la directiva server_names_hash_bucket_size y descomentá la línea.
Guardamos los cambios y reiniciamos nginx
$ systemctl restart nginx