How to setup a static IP address for outbound connections from applications to corporate firewalls using Nginx as a reverse proxy?

nginx
reverse-proxy

(Dmitry Fedyuk) #1

Theory

My example with Ngrok

# 2018-08-26 https://gist.github.com/zaru/82c487c67ee25b55a3bd4c9ba926850c
upstream tbc_ngrok_io {server tbc.ngrok.io; keepalive 128;}
server {
	listen 80;
	server_name tbc.mage2.pro;
	return 301 https://$server_name$request_uri;
}
server {
	listen 443 ssl;
	server_name tbc.mage2.pro;
	ssl_certificate /etc/letsencrypt/live/tbc.mage2.pro/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/tbc.mage2.pro/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	proxy_set_header X-Forwarded-Proto $scheme;
	location ~ /.well-known {
		access_log off;
		# 2017-05-31 The directives order is not important: https://df.tips/t/224
		break;
		expires max;
		root /var/www/lets-encrypt/tbc.mage2.pro;
	}
	location ~ /\. {deny all;}
	location / {
		access_log off;
		proxy_http_version 1.1;
		proxy_redirect off;
		proxy_set_header Connection "";
		proxy_set_header Host tbc.ngrok.io;
		proxy_set_header X-CSRF-Token $http_x_csrf_token;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $http_host;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_pass http://tbc_ngrok_io;
	}
}