marlluslustosa/nginxdefault.conf

## nginxdefault.conf
upstream tunnel {
  server 127.0.0.1:5555;
}

upstream tunnel2 {
  server 127.0.0.1:5557;
}

server {
  listen 443;
  server_name sub.domain.tk *.sub.domain.tk;

  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://tunnel;
  }

    ssl on;
    ssl_certificate /etc/letsencrypt/live/domain.tk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.tk/privkey.pem; # managed by Certbot
}

}

server {
    if ($host = domain.tk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

}

## ssh tunnel without shell root interactive
#Included in amazon ec2 - Linux ami free

#Create ssh keypair amazon:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

$ adduser usera

#Enter in shell usera and 'keygen -y' in MyKeyPair.pem. Copy and paste to server.

#Change shell user:
vim /etc/passwd
usera:x:1009:1009::/home/usera:/bin/false

#Install nginx and php-fpm:
Configuring tunnel bypass reverse with nginx:
file: /etc/nginx/conf.d/default.conf

#Create certs ssl certs - LetsCrypt (open source) with certbot
https://certbot.eff.org/#pip-nginx
obs: remember to remove credentials from index.php when you first renew or create the certificates.
other solutions: websockets (wstunnel tool)!


#References:
https://blog.flowl.info/2011/ssh-tunnel-group-only-and-no-shell-please/
http://adrianorosa.com/blog/nginx/configurar-nginx-https-server-com-self-signed-ssl-certificado.html
https://serverfault.com/questions/355271/ssh-over-https-with-proxytunnel-and-nginx
	upstream tunnel {
	server 127.0.0.1:5555;
	}

	upstream tunnel2 {
	server 127.0.0.1:5557;
	}

	server {
	listen 443;
	server_name sub.domain.tk *.sub.domain.tk;

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;

	proxy_pass http://tunnel;
	}

	ssl on;
	ssl_certificate /etc/letsencrypt/live/domain.tk/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/domain.tk/privkey.pem; # managed by Certbot
	}

	}

	server {
	if ($host = domain.tk) {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	}
	#Included in amazon ec2 - Linux ami free

	#Create ssh keypair amazon:
	https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

	$ adduser usera

	#Enter in shell usera and 'keygen -y' in MyKeyPair.pem. Copy and paste to server.

	#Change shell user:
	vim /etc/passwd
	usera:x:1009:1009::/home/usera:/bin/false

	#Install nginx and php-fpm:
	Configuring tunnel bypass reverse with nginx:
	file: /etc/nginx/conf.d/default.conf

	#Create certs ssl certs - LetsCrypt (open source) with certbot
	https://certbot.eff.org/#pip-nginx
	obs: remember to remove credentials from index.php when you first renew or create the certificates.
	other solutions: websockets (wstunnel tool)!


	#References:
	https://blog.flowl.info/2011/ssh-tunnel-group-only-and-no-shell-please/
	http://adrianorosa.com/blog/nginx/configurar-nginx-https-server-com-self-signed-ssl-certificado.html
	https://serverfault.com/questions/355271/ssh-over-https-with-proxytunnel-and-nginx