IIS reverse proxy to erpnext server

I have a working erpnext site on hyper-v server, with dns multitenant setup and letsencrypt ssl

Recently i have deployed an rds server with ssl On another hyper v vm

I need to run both on port 443.

I have already tried nginx reverse proxy, with this setup rds web access page is accessible but somehow it doesn’t connect with remote gateway server.

When i try to reverse proxy on IIS i am unable to reach my erpnext website. It shows my modem page.

I think its not resolving in the latter setup.

Has any one tried this ?

Do i need to create a zone in dns in windows server or in ubuntu server ?

I have an nginx reverse proxy in front of my ERPNext server, and that works perfectly fine. The reverse proxy is providing the SSL cert, the connection then to the ERPNext server is using normal http.

That’s the config I use in nginx to point it to ERPNext.

server {
    server_name erpnext.domain.com;

    location / {
        proxy_redirect off;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        client_max_body_size 512M;

    access_log /var/log/nginx/erpnext.domain.com-access.log;
    error_log /var/log/nginx/erpnext.domain.com-error.log;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/erpnext.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/erpnext.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = erpnext.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name erpnext.domain.com;

    listen 80;
    return 404; # managed by Certbot

hi @matthkarl thanks for prompt reply.

I was already using the same configuration for reverse proxy, but it does not help my case.

I have a working erpnext website with dns multitenant on & lets encrypt ssl installed on it. I have created another .conf file for reverse proxy in /etc/nginx/conf.d/ directory along with frappe-bench.conf file (Same configuration you offered is already done in my setup)

I have set my erpnext server in dmz and now trying to reverse proxy a domain request other than erpnext domain to another server(Remote Desktop Services) in my local network.

in my configuration RDS web access is only accessible with proxy_pass value set to rather than

Also I am able to access RDS web access page with the mentioned server name property, but remote connections gives error “remote gateway in not available”.

When I point DMZ to my RDS server RDS works perfectly fine. So my guess is something is wrong in my config, I am unable to resolve.

Not sure about RDS, but a quick search came up with this. Have you seen this?



I have looked up the post you sent, but nothing seems to work with reverse proxying RDP services. Problem is RDS services rely on authentication protocol by Microsoft to work, which cannot be authenticated by proxying through Nginx.

Although I came up with a solution, I exposed my windows server to DMZ & used DNS server in Windows server to point to my ERPNEXT site. every thing seems to work now, at least in my case.

I think this case is closed now :smiley:

It sounds like you were able to get your RDP service working by exposing your Windows server to the DMZ and using a DNS server. Can you elaborate on how you did this? I’m still having some trouble getting my RDP service to work properly, and any insight would be greatly appreciated. In the meantime, I started to use the proxies from https://shiftproxy.io that allow me to have the proper connection to the DNS server I need. But anyway, I would like to solve this problem by using it traditionally how I used to.