Urgent issue with reverse proxy in HestiaCP v1.8.12 (Debian 12.7)

English:

Issue with reverse proxy in HestiaCP v1.8.12 (Debian 12.7)

Hello everyone,

I’m having trouble with reverse proxying in Nginx for the domain crm.idired.com. Here’s what I have tried so far, without success:

1. Set up custom templates (.tpl and .stpl), with and without SSL.
2. Checked Nginx logs for errors related to Let’s Encrypt files.
3. Tried redirecting traffic to the backend at 192.168.10.30:8069, with and without /web.
4. Reloaded Hestia and Nginx multiple times, no success.
5. Verified backend connectivity (curl works fine).

The configuration still returns a 404 error.

.stpl file:

server {
    listen %ip%:%web_ssl_port%;
    server_name %domain_idn% %alias_idn%;

    ssl on;
    ssl_certificate %ssl_pem%;
    ssl_certificate_key %ssl_key%;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Port "443";
        proxy_set_header X-Forwarded-Proto "https";
        proxy_pass http://192.168.10.30:8069;
        proxy_redirect http:// https://;
    }

    include %home%/%user%/conf/web/snginx.%domain%.conf*;
}

.tpl file:

server {
    listen %ip%:%web_port%;
    server_name %domain_idn% %alias_idn%;

    location / {
        rewrite ^(.*) https://%domain_idn%$1 permanent;
    }

    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
}

Español:

Problema con proxy inverso en HestiaCP v1.8.12 (Debian 12.7)

Hola a todos,

Estoy teniendo problemas con el proxy inverso en Nginx para el dominio crm.idired.com. He intentado lo siguiente sin éxito:

1. Configurar plantillas personalizadas (.tpl y .stpl), con y sin SSL.
2. Comprobé los logs de Nginx, verificando errores relacionados con archivos de Let’s Encrypt.
3. Probé redirigir el tráfico al backend 192.168.10.30:8069, con y sin /web al final.
4. Recargué Hestia y Nginx varias veces sin éxito.
5. Verifiqué la conectividad con el backend (curl funciona correctamente).

La configuración sigue devolviendo un error 404. Agradecería cualquier ayuda o sugerencia para resolver esto.

Archivo .stpl:

server {
    listen %ip%:%web_ssl_port%;
    server_name %domain_idn% %alias_idn%;

    ssl on;
    ssl_certificate %ssl_pem%;
    ssl_certificate_key %ssl_key%;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Port "443";
        proxy_set_header X-Forwarded-Proto "https";
        proxy_pass http://192.168.10.30:8069;
        proxy_redirect http:// https://;
    }

    include %home%/%user%/conf/web/snginx.%domain%.conf*;
}

Archivo .tpl:

server {
    listen %ip%:%web_port%;
    server_name %domain_idn% %alias_idn%;

    location / {
        rewrite ^(.*) https://%domain_idn%$1 permanent;
    }

    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
}

Why? if you want to use https to connect to backend just do it on`

That’s wrong, in stpl template use this:

include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;

In tpl template use this include:

include %home%/%user%/conf/web/%domain%/nginx.conf_*;

So then I would have to go?

.stpl file:

server {
    listen %ip%:%web_ssl_port%;
    server_name %domain_idn% %alias_idn%;

    ssl on;
    ssl_certificate %ssl_pem%;
    ssl_certificate_key %ssl_key%;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Port "443";
        proxy_set_header X-Forwarded-Proto "https";
        proxy_pass http://192.168.10.30:8069;
        proxy_redirect http:// https://;
    }

include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

.tpl file:

server {
    listen %ip%:%web_port%;
    server_name %domain_idn% %alias_idn%;

    location / {
        rewrite ^(.*) https://%domain_idn%$1 permanent;
    }

include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

Error: nginx restart failed

Regarding include directives, yes.

Did you rebuild your web domain after modifying templates?

Also, did you check why nginx didn’t restart?

systemctl status nginx --no-pager -l

Yes

root@srv1:~# systemctl status nginx --no-pager -l

● nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: active (running) since Fri 2024-10-04 23:08:34 CEST; 35min ago
Docs: nginx documentation
Process: 611 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Process: 11450 ExecReload=/bin/sh -c /bin/kill -s HUP $(/bin/cat /var/run/nginx.pid) (code=exited, status=0/SUCCESS)
Main PID: 2005 (nginx)
Tasks: 6 (limit: 28784)
Memory: 63.7M
CPU: 4.891s
CGroup: /system.slice/nginx.service
├─ 2005 “nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf”
├─11728 “nginx: worker process”
├─11729 “nginx: worker process”
├─11730 “nginx: worker process”
├─11731 “nginx: worker process”
└─11732 “nginx: cache manager process”

Oct 04 23:08:32 srv1.dns-idired.com systemd[1]: Starting nginx.service - nginx - high performance web server…
Oct 04 23:08:34 srv1.dns-idired.com systemd[1]: Started nginx.service - nginx - high performance web server.
Oct 04 23:35:10 srv1.dns-idired.com systemd[1]: Reloading nginx.service - nginx - high performance web server…
Oct 04 23:35:10 srv1.dns-idired.com systemd[1]: Reloaded nginx.service - nginx - high performance web server.
Oct 04 23:36:14 srv1.dns-idired.com systemd[1]: Reloading nginx.service - nginx - high performance web server…
Oct 04 23:36:14 srv1.dns-idired.com systemd[1]: Reloaded nginx.service - nginx - high performance web server.
Oct 04 23:36:29 srv1.dns-idired.com systemd[1]: Reloading nginx.service - nginx - high performance web server…
Oct 04 23:36:29 srv1.dns-idired.com systemd[1]: Reloaded nginx.service - nginx - high performance web server.

I get the We’re working on it! window.
This site is currently under construction.

Please check back soon.

nginx is working fine, I don’t know the reason for the restart error,

nginx -t
cat /home/*/conf/web/crm.idired.com/nginx.ssl.conf

root@srv1:~# nginx -t
cat /home/*/conf/web/crm.idired.com/nginx.ssl.conf

nginx: [warn] protocol options redefined for 10.8.0.2:443 in /etc/nginx/conf.d/domains/crm.idired.com.ssl.conf:2
nginx: [emerg] unknown directive "ssl" in /etc/nginx/conf.d/domains/crm.idired.com.ssl.conf:5
nginx: configuration file /etc/nginx/nginx.conf test failed
server {
    listen 10.8.0.2:443;
    server_name crm.idired.com ;

    ssl on;
    ssl_certificate /home/idired.com/conf/web/crm.idired.com/ssl/crm.idired.com.pem;
    ssl_certificate_key /home/idired.com/conf/web/crm.idired.com/ssl/crm.idired.com.key;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Port "443";
        proxy_set_header X-Forwarded-Proto "https";
        proxy_pass https://192.168.10.30:8069;
        proxy_redirect http:// https://;
    }

include /home/idired.com/conf/web/crm.idired.com/nginx.ssl.conf_*;

Modify stpl like this:

server {
    listen %ip%:%web_ssl_port% ssl;
    server_name %domain_idn% %alias_idn%;

    ssl_certificate %ssl_pem%;
    ssl_certificate_key %ssl_key%;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Port "443";
        proxy_set_header X-Forwarded-Proto "https";
        proxy_pass http://192.168.10.30:8069;
        proxy_redirect http:// https://;
    }

include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

Thank you very much, it worked for me.

I’ll save it and see where the error is. Thank you very much.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.