I have a problem trying to run my ASP.NET Core 3 App behind a NGINX reverse proxy. I am following this guide: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-3.1
I am using Let's Encrypt for my SSL Certificate and proxy pass to a different machine in my local network. I do not really know how to fix this problem. I already tried to secure the connection between the reverse proxy and the Kestrel Server with SSL, but this still does not work. Any Help would be greatly appreciated. My NGINX Site.conf file is the following:
upstream dotnet {
zone dotnet 64k;
server 192.168.3.222:5000;
}
server {
server_name MyDomain.net *.MyDomain.net;
location / {
proxy_pass http://dotnet;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
access_log /var/log/nginx/MyDomain.access.log;
error_log /var/log/nginx/MyDomain.error.log;
}
location = /favicon.ico {
log_not_found off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = MyDomain.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name MyDomain.net;
return 404; # managed by Certbot
}
The ASP.NET Core App is running on a different machine (Local Ip: 192.168.3.222) than the NGINX reverse proxy (Local Ip: 192.168.3.111). If I set up a NGINX reverse proxy on the machine the ASP.NET Core App is running and proxy pass to 127.0.0.1:5000 I can access it over the local network without problems. I also configured the Startup.cs to accept my reverse proxy:
public void ConfigureServices(IServiceCollection services)
{
// Configure Headers. Required by Nginx RProxy
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.KnownProxies.Add(IPAddress.Parse("192.168.3.111"));
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("192.168.3.0"),24));
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IServiceProvider serviceProvider)
{
// Forward Headers required by Nginx RProxy
app.UseForwardedHeaders();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
}
If I try to access MyDomain.net I get a 502 Bad Gateway. So the Reverse Proxy cannot connect to the App. The Example in the Documentation uses a Reverse Proxy on the same Machine as the Kestrel Server. The NGINX Error Log is the following:
failed (111: Connection refused) while connecting to upstream, client: 0.0.0.0.1, server: mydomain.net, request: "GET / HTTP/1.1", upstream: "http://192.168.3.222:5000/$ , host: "mydomain.net"
The Machine with the Kestrel Server allows incoming traffic for Port 5000 and 5001.