In the right side of picture above, we have bunch of webservers running on http and they require username/password to login (basic http authentication).
The requirement was to have password-less https connection. NGINX is perfect fit for such reverse proxy scenarios. Here is how to install NGINX on centos and configure it.
# yum install epel-release
# yum install nginx
Verify Installation
# nginx -v
nginx version: nginx/1.16.1
Note: Skip this if firewall is not running in your server
Open the ports on which NGINX should provide its service in the
firewall. For example, to open the default ports for HTTP (port 80) and
HTTPS (port 443) in firewalld, enter:
# firewall-cmd --permanent --add-port={80/tcp,443/tcp}
# firewall-cmd --reload
Verify
# firewall-cmd --list-ports
80/tcp 443/tcp
In default settings nginx service runs on port 80. If you already have something running on port 80, nginx will complain and fail.
For example to set port 90, edit nginx.conf server section :
start the nginx service
# systemctl start nginx
Enable the nginx service to start automatically when the system boots
# systemctl enable nginx
Create /etc/nginx/conf.d/reverse-proxy.conf
Edit file and add entry for each webserver redirection as follows: (ex:
port 1053)
and restart nginx
# systemctl restart nginx
At this stage http reverse proxy is configured and http://192.168.1.100:1053 should open webpage from http://192.168.1.110
Make directory for storing certificate
# sudo mkdir /etc/ssl/private
# sudo chmod 700 /etc/ssl/private
Generate certificate (Note:Use hostname in common Name field)
Add ssl certificate in config
Following line in config redirects http request from client to
https
error_page 497
https://$host:6443$request_uri;
Restart nginx
# sudo nginx -t
# systemctl restart nginx
So far we see that client is sending https request to NGINX, who then forwards this request to webserver on http. As my server needs authentication, it presents a webpage to client asking username/password.
If we add "proxy_set_header Authorization" in config, nginx will include username:password in all requests to webserver. The username:password should be base64 encoded. You can use online services like https://www.base64encode.org/ to encode in base64.
username=myuser
password=mypassword
Go to
https://www.base64encode.org/ and encode myuser:mypassword
we get "bXl1c2VyOm15cGFzc3dvcmQ="
Add following line in reverse-proxy.conf
proxy_set_header Authorization "Basic bXl1c2VyOm15cGFzc3dvcmQ=";
Restart nginx
# sudo nginx -t
# systemctl restart nginx
Now our NGINX reverse proxy setup is ready to handle traffic.
I am an IOT enthusiast with more than 20 years of experience in the IT sector. Specializing in telecom service's; follow me for some very innovative and best in class IOT products as I unfold my knowledge and passion for the subject.
Just me, myself and I, exploring the universe of uknownment. I have a heart of love and interests in technology, IOT and travel . And I want to share my world with you .