1

I have a QNAP TS-253A with its admin interface exposed to the internet.

The qnap has it's own certificate installed by a dedicated tool (ie. I don't know exactly where to locate the certificate).

https://mydomain.myqnapcloud.com points to my static IP, and my router has a firewall rule, which forwards port 443 to 192.168.200.6 which is the internal address of my QNAP.

That all works as it should.

Now I have spun up a Docker container on 192.168.200.18, which I would like to expose to https://identity.someotherdomain.com.

My Idea was to spin up another container with an Nginx reverse proxy (192.168.200.8), and change the firewall rule to forward 443 (and 80) to the reverse proxy.

There are lots of guides to use nginx to sit in front of a http server and add SSL certificate thereby converting an existing http site to https. But my use case should be even simpler as the server i forward to, is already https.

I have tried this, which doesn't work:

upstream qnap {
  server        192.168.200.6:443;
}

server {
  listen        192.168.200.8:443;
  server_name   mydomainmyqnapcloud.com;

  location / {
    proxy_pass  https://qnap;
  }
}

How do I configure nginx to forward traffic intended for https://mydomain.myqnapcloud.com to https://192.168.200.6 and traffic intended for https://identity.someotherdomain.com to https://192.168.200.18

Improve this question

1 Answer 1

Reset to default
2

The way I got this working was to locate the certificate and key on the Qnap (in /etc/stunnel) and copy them to a folder shared into the reverse proxy docker image and include them in the nginx.conf:

server {
  listen 443 ssl;
  server_name mydomain.myqnapcloud.com;
  ssl_certificate /etc/ssl/private/backup.cert;
  ssl_certificate_key /etc/ssl/private/backup.key;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;
  access_log /var/log/nginx/access.log;
  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass https://192.168.200.6;
    proxy_read_timeout 90;
    proxy_redirect https://192.168.200.6 https://mydomain.myqnapcloud.com;
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.