Alright, let's get your Nginx reverse proxy set up for those two PABX servers. I'll walk you through the exact URL routing rules and configuration you need to make this work smoothly.

First, let's define clear, user-friendly URL patterns to distinguish traffic between the two servers:

• When users visit https://your-public-domain/server1/ (and any subpaths like https://your-public-domain/server1/admin), traffic gets forwarded to your first PABX server at https://internal_FQDN_server1/ — the subpath maps directly, so /server1/admin becomes /admin on the backend.
• When users visit https://your-public-domain/server2/ (and its subpaths), traffic goes to your second PABX server at https://internal_FQDN_server2/, following the same path mapping logic.

Here's a complete, ready-to-use configuration. Just replace the placeholder values with your actual domain, paths, and internal FQDNs:

server {
    listen 443 ssl;
    server_name your-public-domain.com; # 替换为你的公网域名

    # SSL证书配置 - 换成你自己的证书和密钥路径
    ssl_certificate /etc/nginx/ssl/public_cert.pem;
    ssl_certificate_key /etc/nginx/ssl/private_key.pem;

    # 优化SSL安全性（可选但强烈推荐）
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # 转发到第一台PABX服务器
    location /server1/ {
        proxy_pass https://internal_FQDN_server1/;
        
        # 传递关键请求头给后端，确保PABX能正确识别请求来源
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # 处理HTTPS后端的SSL设置
        proxy_ssl_server_name on; # 启用SNI，适配后端的SSL证书
        # proxy_ssl_verify off; # 仅当后端使用自签名证书时取消注释！
    }

    # 转发到第二台PABX服务器
    location /server2/ {
        proxy_pass https://internal_FQDN_server2/;
        
        # 复制相同的请求头配置
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # SSL设置和上面保持一致
        proxy_ssl_server_name on;
        # proxy_ssl_verify off;
    }
}

• Slash Matters: Don't forget the trailing slash in proxy_pass https://internal_FQDN_server1/! Without it, Nginx would append the entire /server1 path to the backend URL (e.g., /server1/admin would become https://internal_FQDN_server1/server1/admin), which breaks your backend's URL structure.
• SSL Verification: If your internal PABX servers use self-signed SSL certificates, Nginx will reject the connection by default. Uncomment proxy_ssl_verify off; in that case, but try to use trusted internal certificates in production for security.
• Test & Reload: Always validate your config with nginx -t first to catch syntax errors. If it passes, reload Nginx with sudo systemctl reload nginx (or sudo service nginx reload depending on your OS) to apply changes.
• Alternative: Subdomains: If you prefer cleaner URLs (like server1.your-public-domain.com), you can create two separate server blocks, each with its own server_name pointing to the respective PABX backend. This works great if you want users to remember simpler addresses.

内容的提问来源于stack exchange，提问作者FredP