NGINX as reverse proxy on non-standard ports


#1

I had a huge amount of issues trying to get this to work, and suddenly i could combine 2 different posts that helped me create my own answer. So in gratitude of the community, i hereby add something so others might be saved from the time it took me.

If you have an nginx server that serves a multitude of virtual hosts that are accessable on the outside via 80/443 but are different on the inside, then the following might be of help:

Create an include file

pi:/etc/nginx# cat letsencrypt-include.conf
#location ~ /.well-known/acme-challenge/ {
location = /.well-known/acme-challenge/ {
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}

Make sure the dirs .well-known/acme-challenge exists and are reachable from the internet after you finish the configuration steps
Do this by putting a file with some content in that dir and validate your configs!

in your virtual hosts create a part like this

server {
listen 180;
server_name <your_NAME>;
include /etc/nginx/letsencrypt-include.conf;

    location = / {                                                 
            return 301 https://<your_NAME>/;      
    } 

}

**The total for his virtual host will look something like this, **

server {
charset utf-8;
#charset_types mime_types *;
server_name <your_NAME>;

    client_max_body_size   12M;    
    client_body_buffer_size    128k;
    keepalive_requests    10;  
    keepalive_timeout     60 60;         
  
    location / {     
            proxy_pass http://192.168.1.4:4200;         

            proxy_set_header X-Real-IP $remote_addr;     
            proxy_set_header X-Scheme $scheme;    
 
            proxy_buffering off;                         
            proxy_request_buffering off;    
            tcp_nodelay      on;             
    } 


listen 1443 ssl; # managed by Certbot       
ssl_certificate /etc/letsencrypt/live/<your_NAME>-0002/fullchain.pem; # managed by Certbot      
ssl_certificate_key /etc/letsencrypt/live/<your_NAME>-0002/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot       
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot  

}
server {
listen 180;
server_name <your_NAME>;
include /etc/nginx/letsencrypt-include.conf;

    location = / {                                                                                                                                                
            #proxy_pass http://192.168.1.4:4200; 
            return 301 https://<your_NAME>/;     
    }                                                                                                                                                             

}

run command:

/opt/certbot/certbot-auto --nginx --http-01-port=180

and follow the steps, and you are done

My settings were:
inside ports 180 / 1443 , router on the outside port-mapped 80->180 and 443 ->1443
I setup my dns names to my ip address
configured all virtual hosts to have the right nginx settings (such as auth, buffering etc etc)
first letsencrypt setup was using dns auth, but that took too much time.