Nginx How To

How to use map for rewriting urls in nginx

map $uri $redirect_uri {
    ~^/issue1/?$    http://example.com/shop/issues/custom_isse_name1;
    ~^/issue2/?$    http://example.com/shop/issues/custom_isse_name2;
    ~^/issue3/?$    http://example.com/shop/issues/custom_isse_name3;
    # ... or put these in an included file
}
location / {
    try_files $uri $uri/ @redirect-map;
}
location @redirect-map {
    if ($redirect_uri) {  # redirect if the variable is defined
        return 301 $redirect_uri;
    }
}

or replace the two locations with one:
location ~ ^(.*)$ {
if ($redirect_uri) { # redirect if the variable is defined
return 301 $redirect_uri;
}
try_files $uri $uri/ /index.php?p=$uri&$args;
}

How to share 443 between nginx and openvpn

A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.

stream{
upstream backend {
hash $remote_addr consistent;
server 10.50.40.1:8443;
}
server {
listen 10.50.39.123:443 so_keealive=on;
proxy_connect_timeout 300s;
proxy_timeout 300s;
proxy_pass backend;
}
}

the problem must be that a vpn request is not sending a vpn (ssl) SNI hostname, check the logfiles because the SNI names are in there when detected.
If this is the case ssl_preread may need a patch to handle vpn names.

map $ssl_preread_server_name $name {
    backend.example.com      backend;
    default                  backend2;
}
upstream backend {
    server 192.168.0.1:12345;
    server 192.168.0.2:12345;
}

upstream backend2 {
    server 192.168.0.3:12345;
    server 192.168.0.4:12345;
}

server {
    listen      12346;
    proxy_pass  $name;
    ssl_preread on;
}

http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html

The other option is to have openvpn listen on 443 and forward SSL traffic to nginx

it’s not really “sharing” the port per se, but OpenVPN is deciphering between HTTP/S traffic and OpenVPN traffic and then forwarding web traffic over to another port, defined below. That’s crucial to understand. note this doesn’t have to be done on an SSL port, as I understand it. I’m just using that as an example because it seems to be the most logical way to make it work if this is your configuration (you know, an SSL VPN going to an SSL port).
It should also be noted in this configuration example that OpenVPN, using the port-share parameter, is actually doing the listening on TCP port 443 and acting as a proxy itself that forwards non-OpenVPN traffic to the NGINX SSL port which we’ll layout below. You cannot do this utilizing UDP, that I know of.

1) Set your NGINX or Apache listening ports. Set your NGINX standard http port 80 and SSL listening port to something OTHER than 443 … so, for arguments’ sake, let’s set it to 4443.
/etc/nginx/sites-available/defaults:

server {
        listen   4443;
        location / {
                root  /web/etc/blah;
        }
}

2) Next, you’re going to set your OpenVPN server parameters. Set your listening port to 443 from its standard 1194 and add the port-share parameter to point to the Apache or NGINX port created above. The config should look as follows now:

port 443
port-share 127.0.0.1 4443
proto tcp

Yet another option is to use 443 multiplexer that would route traffic according ot it's destination. http://www.rutschle.net/tech/sslh.shtml
slh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.
Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented,