% Infrastructure du réseau sur serveur Kimsufi OVH # Plan 1. installer un reverse-proxy nginx Aide: [Architecture de services avec Proxmox sur un serveur kimsufi - Vincent Dillenschneider](https://vdillenschneider.fr/architecture-de-services-avec-proxmox-sur-un-serveur-kimsufi) ## Adressage | Machine | Id | Adresse | |------------------|-------|----------------| | ecaz | NA | 10.1.0.1 | | reverse-proxy | 100 | 10.1.0.10 | | web-formation | 101 | 10.1.0.101 | | | | 10.1.0. | | yunohost nu | 103 | 10.1.0.14 | | | | 10.1.0. | | web-gestion | 104 | 10.1.0.22 | | bastion | 105 | 10.1.0.11 | | development-vm | 801 | 10.1.0.81 | # Reverse Proxy NGINX ## Certificats ``` client | nginx (https://example1.com) <-- certificats (https://example1.com) <-- certificats (https://example1.com) <-- certificats | +---------------------+------------------------------+ | | | | | | https://srv1.reseau.priv https://example2.reseau.priv https://example3.reseau.priv a.b.c.d e.f.g.h i.j.k.l ``` [Which ssl certificates go where on an reverse proxy? - nginx - Server Fault](https://serverfault.com/questions/975690/which-ssl-certificates-go-where-on-an-reverse-proxy-nginx) ## Installation antiX Configurer le réseau en 10.1.0.aaa/16 ![](images/configuration-19.png) # À étudier Utiliser les noms pour forwarder TCP sur certains hôtes (pour les connexions SSH ? ou alors bastion ?) [Nginx TCP forwarding based on hostname - Stack Overflow](https://stackoverflow.com/questions/34741571/nginx-tcp-forwarding-based-on-hostname/40135151#40135151) # VM reverse-proxy ``` sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.1.0.10:80 sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 10.1.0.10:443 sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.1.0.10:80 sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 10.1.0.10:443 sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.1.0.10:80 sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.1.0.10:443 ``` # Exemple ``` +---------------------+ +---------------------+ +---------------------+ | reverse proxy | | VM 10.1.0.22 | | Docker-Compose | | only redirects any | | | | | | request to the VM |--->| no nginx installed |--->| original nginx | | (see nginx conf | | | | from AppFlowy-Cloud | | above ) | | | | repos | +---------------------+ +---------------------+ +---------------------+ ```