Wednesday, March 25, 2015

nginx as reverse ssl proxy (Apache + Varnish) skips its own configuration

I have a new Ubuntu 14.04 installation with the following steps taken:




  • Apache2 2.4.7

  • MariaDB last stable version

  • PHP 7.0.9 (and several modules)

  • Apache configured to work with PHP7-FPM *

  • mod_rpaf working with Apache2 **

  • PHPMyAdmin 4.6.3 working correctly with PHP7.0.9.

  • WordPress 4.6 ***


  • Varnish 4.0

  • NginX 1.10.1 with ssl certificate in /etc/nginx/ssl


  • and ** -> The issue happens before and after these configurations
    *** -> wp-config.php has code to force ssl login and ssl admin. Both work fine with only Apache/Varnish. Made an ssl certificate for Apache and everything worked fine if Apache set to listen to port 443.




This is my /etc/apache2/ports.conf:



#NameVirtualHost 192.168.1.86
ServerName 192.168.1.86

Listen 8080

#
# Listen 443
#


#
# Listen 443
#



# vim: syntax=apache ts=4 sw=4 sts=4 sr noet


This is my /etc/apache2/sites-available/000-default.conf:





AddHandler php7-fcgi-www-data .php
Action php7-fcgi-www-data /php7-fcgi-www-data
Alias /php7-fcgi-www-data /usr/lib/cgi-bin/php7-fcgi-www-data

FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-www-data -socket /run/php/php7.0-fpm.www-data.sock -pass-header Authorization


Require all granted



SetHandler php7-fcgi-www-data







ServerAdmin karls@192.168.1.86
DocumentRoot /var/www/html
ServerName 192.168.1.86


AllowOverride All



Alias /phpmyadmin "/usr/share/phpmyadmin/"

Order allow,deny
Allow from all
Require all granted


ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined



# vim: syntax=apache ts=4 sw=4 sts=4 sr noet


This is the 'backend' part in my /etc/varnish/default.vcl:



backend default {

.host = "192.168.1.86";
.port = "8080";
}


This is in my /etc/default/varnish:



DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \

-S /etc/varnish/secret \
-s malloc,256m"


This is my /etc/nginx/sites-available/default:



server {
listen 443 ssl;

server_name 192.168.1.86;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {
proxy_pass http://192.168.1.86:80;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;

proxy_set_header Host $host;
}
}



  • NO trace of port 80 in /etc/nginx/nginx.conf.

  • /etc/apache2/sites-available/000-default.conf matches the one in sites-enabled

  • /etc/nginx/sites-available/default matches the one in sites-enabled

  • Tried a lot of combination in /etc/nginx/sites-available/default with the 'listen 443', like:




    listen 443 ssl default_server;
    listen [::]:443 ssl default_server ipv6only=on;




THE PROBLEM



https://192.168.1.86/wp-admin (or https://192.168.1.86, etc) shows 'Unable to connect', no matter what I do in nginx conf files. Tried MANY things.



Nginx seems to be ok (syntax, configuration) but, when activated, doesn't work. Error log says:




2016/08/23 14:02:07 [emerg] 10857#10857: bind() to 0.0.0.0:80 failed (98: Address already in use)
2016/08/23 14:02:07 [emerg] 10857#10857: bind() to 0.0.0.0:80 failed (98: Address already in use)
2016/08/23 14:02:07 [emerg] 10857#10857: bind() to 0.0.0.0:80 failed (98: Address already in use)
2016/08/23 14:02:07 [emerg] 10857#10857: bind() to 0.0.0.0:80 failed (98: Address already in use)
2016/08/23 14:02:07 [emerg] 10857#10857: bind() to 0.0.0.0:80 failed (98: Address already in use)
2016/08/23 14:02:07 [emerg] 10857#10857: still could not bind()


For some reason, nginx is trying to take port 80, but it is supposed to be using 443.




I've seen other people having the same exact issue, for example:
nginx trying to bind on the wrong port



Just to be clear: I DO know there is one server using port 80. What I DON'T know is why nginx is trying to use port 80 when it should be using 443.



Anyone can help, please?
Thanks in advance

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...