nginx version: nginx/1.18.0 (Ubuntu)
109.88.89.61
nginx version: nginx/1.18.0 (Ubuntu)
109.88.89.61
Good news / bad news
Good news: You seem to be at the right IP
Name: captiveportal.secureinside.be
Address: 109.88.89.61
matches
Bad news: You are not on the system that the Internet sees responding on port 80.
Server: nginx/1.14.0 (Ubuntu)
does NOT match
So...
Do you have access to the router/firewall?
If so, can you see where the inbound TCP port 80 (HTTP) connections are being sent?
Yes I have access to the router.
The port 80 is redirecting to the 1st web server
I don't know what "1st web server" means.
I had previously asked:
to which you replied:
Now, I'm not so sure.
Can you draw a quick sketch of all the systems involved [and include their IPs]?
Ok that explains like one thousand words - LOL
[as most pictures do]
In this case, there is no local webroot in server one [WS1] that can reach server two [WS2]
So, webroot it out of the question.
That leaves us with the reverse proxy solution.
For that, you will have to modify the nginx
config on WS1 to handle the name for WS2 and keep the HTTP connections from being redirected to HTTPS (simplifies things in the long run).
Then on WS2, you will have to handle the HTTP connections (port 81 is OK) and run certbot
with the correct local webroot.
If you are good and ready for that, we first need to see the nginx -T
from WS1.
Thank you, I will take that into consideration.
What I will try to do is a configuration more specific on the router level so that the servers are more independent.
That way when the router sees "captiveportal.secureinside.be" with port 80, it redirects to a specific server.
Like setting up more rules so that it doesn't just read the port.
Because I don't have access to the WB1, it's managed by a 3rd party person in the company.
And if I don't succeed I will try and setting up the reverse proxy.
What do you think ?
I think you will be hard pressed to find such an intelligent (layer 4+) feature in a layer 3 router.
But if available, that would resolve this problem [by moving the SNI/reverse proxy requirement into the router].
I think if you control the router, then you can setup a reverse proxy on the .81 and do the same thing in the other direction [provided you can make such changes to the router].
I understand. Will see what I can do and again a huge thank you, really appreciate it for trying to resolve this issue, apologize in advance for any time wasted and it was a pleasure troubleshooting it with this community. Learned a lot !
Wish you and everybody a nice day and stay safe !
Time is never wasted when spent with friends or while learning/teaching.
And well spent when doing both
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.