ngix/HA redirect https server port 443 to 8123

ninjadog · April 1, 2020, 2:23pm

Trying to get NGINX to accept incoming on 443 and redirect to 8123

This works

server {
    server_name ha.x.y.net;
    ssl_certificate /etc/letsencrypt/live/ha.x.y/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ha.x.y/privkey.pem;

    listen [::]:443  ssl default_server ipv6only=off;
    #listen [::]:8123  ssl default_server ipv6only=off;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl on; # Uncomment if you are using nginx < 1.15.0
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

    location / {
        proxy_pass http://10.19.49.2:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        }
}

But

This doesnt work (times out in browser)

#--DAZ 1-4-2020 Reverse proxy to HomeAssistant on VPN
server {
  listen [::]:443 ssl;
  server_name ha.x.y;
  ssl_certificate /etc/letsencrypt/live/ha.x.y/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/ha.x.y/privkey.pem;
  return 301 $scheme://ha.x.y:8123$request_uri;
}
server {
    server_name ha.x.y.net;
    ssl_certificate /etc/letsencrypt/live/ha.x.y/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ha.x.y/privkey.pem;
    #listen [::]:443  ssl default_server ipv6only=off;
    listen [::]:8123  ssl default_server ipv6only=off;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl on; # Uncomment if you are using nginx < 1.15.0
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

    location / {
        proxy_pass http://10.19.49.2:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        }
}

I tried adding the bump below to the first server but that didnt work either?

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl on; # Uncomment if you are using nginx < 1.15.0
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

What am I doing wrong?