Hauptmenü

Einrichtung Reverse Proxy

Begonnen von Beatrice Müller, 17.06.2026 12:20:28

⏪ vorheriges - nächstes ⏩
Nach unten Seiten1

Beatrice Müller

17.06.2026 12:20:28
Hallo zusammen,

da es vermehrt Probleme mit einem vorgeschalteten Reverse Proxy gab, veröffentlichen wir hier eine, von uns empfohlene, Konfiguration:

Verwendung KIX-eigene Proxy-Konfiguration
Folgende Dateien müssen angepasst werden:
  • docker-compose.yml
  • ./proxy/non-ssl.conf
  • ./proxy/ssl.conf
  • ./proxy/ssl/ssl.conf

Anpassung der Datei docker-compose.yml 
Code Auswählen
ports:
  - 80:80
# all http_traffic, will be redirected to https
  - 443:443
# all https traffic, will be proxied to services based on server_name
#       - ${FRONTEND_PORT:-80}:80
#       - ${BACKEND_PORT:-8080}:8080
#       - ${SSP_PORT:-9080}:9080
#       - ${SSP_LEGACY_PORT:-10080}:10080
#       - ${FRONTEND_PORT_SSL:-443}:443
#       - ${BACKEND_PORT_SSL:-8443}:8443
#       - ${SSP_PORT_SSL:-9443}:9443
#       - ${SSP_LEGACY_PORT_SSL:-10443}:10443
Die Portangaben in der environment können damit, für jeden Container, auskommentiert werden.

Anpassung ./proxy/non-ssl.conf
  • Umleitung von http auf https einbauen
  • restliche Konfiguration auskommentieren 
Code Auswählen
server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}
# Restliche Konfiguration auskommentieren
Anpassung ./proxy/ssl.conf
  • listen anpassen
  • server_name ergänzen
  • Zertifikate hinterlegen, wenn kein allgemeines Zertifikat in ./proxy/ssl/ssl.conf hinterlegt wird
Code Auswählen
# --------------------------------
# Nginx configuration file for KIX
# --------------------------------
# !!! don't change any of the following if you do not know what you are doing !!!

server {
    listen 443 ssl;
    client_max_body_size 100m;

    server_name agent.kix18.com;

    ssl_certificate             /etc/nginx/conf.d/ssl/certs/server-agent.crt;
    ssl_certificate_key         /etc/nginx/conf.d/ssl/certs/server-agent.key;

    include error.inc;

    include /etc/nginx/conf.d/ssl/common.conf;
    include /etc/nginx/conf.d/ssl/ssl.conf;

    location / {
        proxy_pass http://upstream_frontend_ap;

        include /etc/nginx/conf.d/ssl/common_location.conf;

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
    }
}

server {
    listen 443 ssl ;
    client_max_body_size 100m;

    server_name api.kix18.com;

    ssl_certificate             /etc/nginx/conf.d/ssl/certs/server-api.crt;
    ssl_certificate_key         /etc/nginx/conf.d/ssl/certs/server-api.key;

    server_tokens off;
    include error.inc;
 
    include /etc/nginx/conf.d/ssl/common.conf;
    include /etc/nginx/conf.d/ssl/ssl.conf;
 
    # increase timeout for large ticket prints
    #  proxy_read_timeout 600;
    #  proxy_connect_timeout 600;
    #  proxy_send_timeout 600;

    location / {
        include /etc/nginx/conf.d/ssl/common_location.conf;

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://upstream_backend;
    }
}

server {
    listen 443 ssl;
    client_max_body_size 100m;
 
    server_name ssp.kix.com;

    ssl_certificate             /etc/nginx/conf.d/ssl/certs/server-ssp.crt;
    ssl_certificate_key         /etc/nginx/conf.d/ssl/certs/server-ssp.key;

    server_tokens off;
    include error.inc;
 
    include /etc/nginx/conf.d/ssl/common.conf;
    include /etc/nginx/conf.d/ssl/ssl.conf;

    location / {
        proxy_pass http://upstream_frontend_ssp;

        include /etc/nginx/conf.d/ssl/common_location.conf;

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
    }
}
Anpassung ./proxy/ssl/ssl.conf
  • Zertifikate auskommentieren, wenn Zertifikate bereits in ssl.conf hinterlegt wurden.
Code Auswählen
#ssl_certificate             /etc/nginx/conf.d/ssl/certs/server.crt;
#ssl_certificate_key         /etc/nginx/conf.d/ssl/certs/server.key;
Viele Grüße
Beatrice
Nach oben Seiten1