Windows Home Server Behind NGINX Reverse Proxy
I recently install WHS 2011 on my ESXI machine. All web traffic goes through a NGINX server to reverse proxy all my domains hosted another server.
WHS requires SSL and therefore a records needs to be set within the nginx conf file.
First thing to do is install WHS 2011. To help things along, I configured my router to send all traffic to WHS so I can easily setup the remote access and domain name. During this process, a ssl cert is generated and installed into IIS. We will need to export this cert and key and load it onto the NGINX box.
Export WHS Certificate
- From IIS Manager, click on Server->Sites->Default Web Sites.
- In the right column, ‘Actions’, click Bindings.
- Select HTTPS *:433: record and Edit.
- Under SSL Certificate, your server name should appear, then click View.
- Click the Details tab, then click Copy to File button.
- Continue through the wizard and select “yes, export the private key” and check “Export all extended properties”.
- Give it a password you will remember, then save it as whs.pfx to your desktop.
Copy it to NGINX
FTP the pfx file to a hosted site or any accessible folder
On the NGINX server, cd /etc/nginx/ssl/
wget http://hostedsite.com/whm.pfx
Convert Certificate
From within the ssl folder, export the certificate:
openssl pkcs12 -in whs.pfx -nokeys -out whs.pem
Export the private key:
openssl pkcs12 -in whs.pfx -out whs.key -nocerts -nodes
Create NGINX WHS Conf
Create conf file
vi /etc/nginx/conf.d/whs.conf
Paste the following and replace INTERNALIP with your internal server IP and servername with your actual domainĀ :
server { listen 80; server_name servername.homeserver.com; location / { proxy_pass http://INTERNALIP:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; } } server { listen 443; server_name servername.homeserver.com; ssl on; ssl_certificate ssl/whs.pem; ssl_certificate_key ssl/whs.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:!ADH:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass https://INTERNALIP:443; proxy_set_header host servername.homeserver.com; } }
Reload NGINX
/etc/rc.d/init.d/nginx reload
Open a browser and navigate to your servers domain.