Never like when you set something up and it's working and then suddently stops working. Only changes are traditional windows updates on my servers.
My setup. I have two servers that need access to port 443 from the internet so I have setup NGINX in front of it to act as a reverse proxy. I also have Windows Server 2016 Essentials using they Remote Web Access or RD Gateway. I can still access the Essentials website. I can still access my other server that is part of the process. All certs are still valid. When I try to connect to any of my internal computers with RD Gateway it says it can't connect. I do get as far as it popping up my credential ask and entering them and that works but then it chokes. To be honest it worked 8 months ago and since being home because of the pandemic couldn't use it. Now at a remote location and finding it doesn't work. i went to my house and restarted the essentials server but didn't do anything.
NGINX is running on my Ubiquiti EdgeRouter Lite and apparently is still running. I am using upstream for my 443 connections. Below is what I have setup in the conf file:
######--------------BEGIN of the script server {
listen 80;
server_name remote.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://192.168.0.1;
}
}
server {
listen 80;
server_name smart.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://192.168.0.50;
}
}
upstream essentials {
server 192.168.0.1:443;
keepalive 32;
}
upstream assistant {
server 192.168.0.50:8123;
keepalive 32;
}
server {
listen 443 ssl http2;
server_name remote.*;
ssl_certificate /config/user-data/ssl_chain_essentials.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_essentials.pem;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://essentials;
}
}
server {
listen 443 ssl http2;
server_name smart.*;
ssl_certificate /config/user-data/ssl_chain_smart.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_smart.pem;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://assistant;
}
}
#######-----------------end of script----------------------------
Note I tweaked a few settings above for security so hopefully it all still makes sense.
Thoughts? Note I'm remote right now so can't physically check the NGINX logs so hoping someone knows what would have caused this like an http_version requirement change or something.
Thanks.
JR
My setup. I have two servers that need access to port 443 from the internet so I have setup NGINX in front of it to act as a reverse proxy. I also have Windows Server 2016 Essentials using they Remote Web Access or RD Gateway. I can still access the Essentials website. I can still access my other server that is part of the process. All certs are still valid. When I try to connect to any of my internal computers with RD Gateway it says it can't connect. I do get as far as it popping up my credential ask and entering them and that works but then it chokes. To be honest it worked 8 months ago and since being home because of the pandemic couldn't use it. Now at a remote location and finding it doesn't work. i went to my house and restarted the essentials server but didn't do anything.
NGINX is running on my Ubiquiti EdgeRouter Lite and apparently is still running. I am using upstream for my 443 connections. Below is what I have setup in the conf file:
######--------------BEGIN of the script server {
listen 80;
server_name remote.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://192.168.0.1;
}
}
server {
listen 80;
server_name smart.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://192.168.0.50;
}
}
upstream essentials {
server 192.168.0.1:443;
keepalive 32;
}
upstream assistant {
server 192.168.0.50:8123;
keepalive 32;
}
server {
listen 443 ssl http2;
server_name remote.*;
ssl_certificate /config/user-data/ssl_chain_essentials.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_essentials.pem;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://essentials;
}
}
server {
listen 443 ssl http2;
server_name smart.*;
ssl_certificate /config/user-data/ssl_chain_smart.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_smart.pem;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://assistant;
}
}
#######-----------------end of script----------------------------
Note I tweaked a few settings above for security so hopefully it all still makes sense.
Thoughts? Note I'm remote right now so can't physically check the NGINX logs so hoping someone knows what would have caused this like an http_version requirement change or something.
Thanks.
JR