DavoudTeimouri/Nginx Reverse Proxy For Linux Repositories.txt

## Nginx Reverse Proxy For Linux Repositories.txt
#Add to hosts file on Ubuntu server
/etc/hosts
Nginx_IP_Address archive.ubuntu.com
Nginx_IP_Address security.ubuntu.com

#Add to hosts file on Oracle Linux server
/etc/hosts
Nginx_IP_Address yum.oracle.com

#Create SSL certificate on Nginx server
openssl req -new -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/yum.oracle.com.key -out /etc/nginx/ssl/yum.oracle.com.csr
openssl x509 -req -days 3650 -in /etc/nginx/ssl/yum.oracle.com.csr -signkey /etc/nginx/ssl/yum.oracle.com.key -out /etc/nginx/ssl/yum.oracle.com.crt

#YUM Nginx configuration
server {
        listen 443 ssl;
        server_name yum.oracle.com;

        ssl_certificate /etc/nginx/ssl/yum.oracle.com.crt;
        ssl_certificate_key /etc/nginx/ssl/yum.oracle.com.key;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
                proxy_pass http://RepoServer_IP_Address:8081/repository/Oracle_Linux/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
}
#Ubuntu Nginx configuration
server {
        listen 80;
        server_name archive.ubuntu.com;
        location / {
                proxy_pass http://RepoServer_IP_Address:8081/repository/Ubuntu_Archive/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
}
server {
        listen 80;
        server_name security.ubuntu.com;
        location / {
                proxy_pass http://RepoServer_IP_Address:8081/repository/Ubuntu_Security/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
}

#Create site-enabled configuration
ln -s /etc/nginx/sites-available/oracle.conf /etc/nginx/sites-enabled/oracle.com
ln -s /etc/nginx/sites-available/ubuntu.conf /etc/nginx/sites-enabled/ubuntu.conf

#Move certificate file to client
scp /etc/nginx/ssl/yum.oracle.com.crt Client_IP_Address:/tmp
#Install certificate on client
mv /tmp/yum.oracle.com.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust

# 1) Then as a quick fix, we disabled sslverify in the configuration file /etc/yum.conf
sslverify=false

# 2) Run command to disable
yum-config-manager --save --setopt=sslverify=false
	#Add to hosts file on Ubuntu server
	/etc/hosts
	Nginx_IP_Address archive.ubuntu.com
	Nginx_IP_Address security.ubuntu.com

	#Add to hosts file on Oracle Linux server
	/etc/hosts
	Nginx_IP_Address yum.oracle.com

	#Create SSL certificate on Nginx server
	openssl req -new -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/yum.oracle.com.key -out /etc/nginx/ssl/yum.oracle.com.csr
	openssl x509 -req -days 3650 -in /etc/nginx/ssl/yum.oracle.com.csr -signkey /etc/nginx/ssl/yum.oracle.com.key -out /etc/nginx/ssl/yum.oracle.com.crt

	#YUM Nginx configuration
	server {
	listen 443 ssl;
	server_name yum.oracle.com;

	ssl_certificate /etc/nginx/ssl/yum.oracle.com.crt;
	ssl_certificate_key /etc/nginx/ssl/yum.oracle.com.key;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers HIGH:!aNULL:!MD5;

	location / {
	proxy_pass http://RepoServer_IP_Address:8081/repository/Oracle_Linux/;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}
	#Ubuntu Nginx configuration
	server {
	listen 80;
	server_name archive.ubuntu.com;
	location / {
	proxy_pass http://RepoServer_IP_Address:8081/repository/Ubuntu_Archive/;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}
	server {
	listen 80;
	server_name security.ubuntu.com;
	location / {
	proxy_pass http://RepoServer_IP_Address:8081/repository/Ubuntu_Security/;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}

	#Create site-enabled configuration
	ln -s /etc/nginx/sites-available/oracle.conf /etc/nginx/sites-enabled/oracle.com
	ln -s /etc/nginx/sites-available/ubuntu.conf /etc/nginx/sites-enabled/ubuntu.conf

	#Move certificate file to client
	scp /etc/nginx/ssl/yum.oracle.com.crt Client_IP_Address:/tmp
	#Install certificate on client
	mv /tmp/yum.oracle.com.crt /etc/pki/ca-trust/source/anchors/
	update-ca-trust

	# 1) Then as a quick fix, we disabled sslverify in the configuration file /etc/yum.conf
	sslverify=false

	# 2) Run command to disable
	yum-config-manager --save --setopt=sslverify=false
No results found