Search code examples
nginxreverse-proxynginx-reverse-proxy

Nginx redirecting too many times with reverse proxy

I have a debian server with MySQL and Meilisearch, I want to use Nginx as a reverse proxy for future load balancing and also having TLS security.

I'm following Meilisearch's Documentation to set up Nginx with Meilisearch and Lets Encrypt with success, but they force Nginx to proxy everything to port 7700, I want to proxy to 3306 for MySQL, 7700 for Meilisearch, and 80 for an error page or a fallback web server. But after modifying /etc/nginx/nginx.conf, the website reloads too many times.

This is the configuration I'm trying at /etc/nginx/nginx.conf:

user www-data;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

stream {

    upstream mysql {
            server 127.0.0.1:3306;
    }

    upstream meilisearch {
            server 127.0.0.1:7700;
    }

    server {
            listen 6666;
            proxy_pass mysql;
    }

    server {
            listen 9999;
            proxy_pass meilisearch;
    }
}

http {

    server {
        listen 80 default_server;
        listen [::]:80 default_server;

        server_name example.com;

        return 301 https://\$server_name$request_uri;
  }

  server {
      server_name example.com;

      location / {
          proxy_pass  http://127.0.0.1:80;
      }

      listen [::]:443 ssl ipv6only=on;
      listen 443 ssl;

      # ssl_certificate managed by Certbot
      # ssl_certificate_key managed by Certbot
   }

}

The only difference is example.com is replaced by my domain, which has been already set to redirect to the server ip.

Solution

  • As ippi pointed out, it isn't necessary to reverse proxy MySQL in this particular case.

    I used proxy_pass http://127.0.0.1:7700 as Meilisearch docs suggest.

    For future DB load balancing, I'd use MySQL Clusters, and point out to them on another Nginx implementation that proxies everything (ie. HTTPS to web server, DB access to list of clusters, etc.).

    Also, in this particular case, I don't actually require encrypted connections to the DB, but if I needed them, I'd use a self signed certificate in MySQL, and a CA certificate for the website, since my front ends communicate with a "central" Nginx proxy that could encrypt communication between backend servers and the proxy.

    If I actually wanted to use the Let's Encrypt certificates for MySQL, I've found a good recipe, but instead of copy pasting the certificate (which is painful) I'd mount the Let's Encrypt certificates' directory into MySQL's and change the permissions to 600 with chown. But then again, this is probably bad practice and would be better to use self signed certificates for MySQL as it's own docs suggest.