Fixes for Reverse Proxy Go-Live (#6)

* Add new area for defining upstream systems.

* Example file for demonstration domain.

* Use the new upstream hosts section.

* Do the proxy directives in the main file.

* Commit any final changes.

* Fix example resource name.

* Mention the need to have ports specified in the upstream file, not server block.

* Adjust formatting.

.gitignore

@@ -10,6 +10,7 @@ logs/*
 # Ignore private reverse proxy configurations.
 Config/ReverseProxy/config/conf.d/*.*
 Config/ReverseProxy/config/html/*.*
+Config/ReverseProxy/config/hosts/*.*
 
 # Ignore MailServer Files
 Config/MailServer/setup.sh

Config/ReverseProxy/Dockerfile

@@ -18,3 +18,9 @@ RUN rm -rfv /etc/nginx/html
 # Add any static HTML websites.
 COPY ./config/html /etc/nginx/html
 RUN rm -rfv /etc/nginx/html/README*
+
+## Upstream Hosts ##
+RUN rm -rfv /etc/nginx/hosts
+COPY ./config/hosts /etc/nginx/hosts
+RUN rm -rfv /etc/nginx/hosts/README*
+

Config/ReverseProxy/config/conf.d/proxy.example.com

@@ -38,13 +38,6 @@ server {
 
     # Send traffic to upstream server
     location / {
-        proxy_set_header X-Forwarded-Proto https;
-
-        # These cause "400 Bad Request Request Header Or Cookie Too Large"?
-        #proxy_set_header Host $host;
-        #proxy_set_header X-Real-IP $remote_addr;
-        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
         ## General format is PROTOCOL://SERVER:PORT. For example:
         #
         # If using a domain name:
@@ -53,6 +46,9 @@ server {
         # If using an IP address:
         #proxy_pass http://192.168.1.80:8080;
         #
+        # If using an upstream server:
+        #proxy_pass http://example-proxy-site;
+        #
         # If forwarding to an external source:
         #proxy_pass https://website.name;
         #

Config/ReverseProxy/config/hosts/README.md

@@ -0,0 +1,3 @@
+# Upstream Host Configuration
+For systems which do not resolve well such as ignoring `/etc/hosts`.
+

Config/ReverseProxy/config/hosts/example.com

@@ -0,0 +1,8 @@
+# Local servers for everything related to `example.com`.
+# If specific ports are needed they will go here instead of the `conf.d` file(s).
+
+upstream example-proxy-site {
+    #server 127.0.0.1:8080;
+    server hyperling.com;
+}
+

Config/ReverseProxy/config/nginx.conf

@@ -14,7 +14,7 @@ http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
 
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+    log_format main '$remote_addr - $remote_user [$time_local] $host "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';
 
@@ -27,6 +27,27 @@ http {
 
     #gzip on;
 
+    ## Proxy Settings ##
+    proxy_redirect     off;
+    proxy_set_header   Host               $host;
+    proxy_set_header   X-Real-IP          $remote_addr;
+    proxy_set_header   X-Forwarded-For    $remote_addr;
+    proxy_set_header   X-Forwarded-Proto  $scheme;
+    proxy_set_header   HTTP_AUTHORIZATION $http_authorization;
+    proxy_hide_header                     X-Powered-By;
+    proxy_intercept_errors                on;
+    proxy_http_version                    1.1;
+    # Proxy Buffer settings - See http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size
+    proxy_buffer_size          4k;
+    proxy_buffers              4 32k;
+    proxy_busy_buffers_size    64k;
+    proxy_temp_file_write_size 64k;
+    # Timeouts, give up to 5 minutes for slow apps.
+    proxy_connect_timeout 600;
+    proxy_send_timeout    600;
+    proxy_read_timeout    600;
+    send_timeout          600;
+
     ## LetsEncrypt Certbot Setup ##
     # Allow nginx to fulfill LetsEncrypt Certbot challenges.
     server {
@@ -35,6 +56,9 @@ http {
         }
     }
 
+    ## Upstream Configuration ##
+    include /etc/nginx/hosts/*;
+
     ## Reverse Proxied Website Configurations ##
     include /etc/nginx/conf.d/*;
 }