I have 2 servers,
with IP xx.xx.xx.xx, situated in Germany ... (running frontend: nginx(static content), backend: Apache2)
with IP yy.yy.yy.yy, situated in Italy...
All requests at the moment is sending to server with IP xx.xx.xx.xx,
How can I proxy all traffic from xx.xx.xx.xx to yy.yy.yy.yy using nginx ...
request proxy, request
Internet -> xx.xx.xx.xx(nginx) -> yy.yy.yy.yy(nginx, Apache)
<- <-
response proxy, response
For others. Answer for subject is configure Nginx like:
server {
listen 80;
server_name mydomain.example;
location / {
access_log off;
proxy_pass http://mydomain.example:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
You can use upsteream like:
upstream xx.xx.xx.xx:8080{
#ip_hash;
server xx.xx.xx.xx:8080 max_fails=2 fail_timeout=2s;
server yy.yy.yy.yy:8181 max_fails=2 fail_timeout=2s;
}
then you can use the cookie or header to set the request like:
location /app {
if ($cookie_proxy_override = "proxy-target-A") {
rewrite . http://xx.xx.xx.xx:8080/app;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
break;
}
if ($cookie_proxy_override = "proxy-target-B") {
rewrite . http://yy.yy.yy.yy:8181/webreg;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
break;
}
proxy_pass http://xx.xx.xx.xx:8080/webreg;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Related
I have an auth_request in my /protected/ path. Everything works fine so far. But I want that every request that includes /protected/ for example /protected/application1 and /protected/application2 will be go first through the /protected/ location with the authentication and if this is passed go to the further location.
I have this so far but it doesn't seem that the authentication has any impact of the route.
So when I call /protected/ everything works as expected, when I call /protected/application1 it doesn't matter if the authentication succeeds or not.
This is part of my config:
location /protected/application1 {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:4501;
}
location /protected/application2 {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:4502;
}
location /protected/ {
auth_request /auth;
auth_request_set $auth_status $upstream_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:4500;
}
location = /auth {
internal;
proxy_pass http://localhost:8081/welcome;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
Do you have any suggestions?
Thank you very much!
I recently added websockets to my Nginx reverse proxy on GCP. However, nginx proxy gives me an error "Connection refused while connecting to upstream. upstream: "http://127.0.0.1:3000/apisocket.io/?EIO=4&transport=polling&t=NrYupkL", . Not sure what us wrong.
The Websocket works fine if I bypass Nginx.For some reason the error.og shows it as trying to connect to upstream on port 3000 instead of port 4000
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# Make site accessible from http://localhost/
server_name localhost www.localhost.com;
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_http_version 1.1;
gzip_types application/javascript application/json text/css text/xml;
gzip_comp_level 5;
gzip_min_length 256;
location / {
proxy_pass http://localhost:3000/api;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /api {
proxy_pass http://localhost:3000/api;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /api2 {
proxy_pass http://localhost:4000/api2;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# Websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
I've the following:
HTTPS access to a NAS or something like that.
NGINX as reserve proxy as container
Container with a Tomcat as appcontainer.
NAS forwards HTTPS request as HTTP to NGINX container. Then NGINX container forwards HTTP request to my appcontainer.
I can access to my appcontainer login page but after login a POST is made as follows
Nginx access.log
POST /foo/login.do HTTP/1.1" 302 0 "https://nas.dns.server/foo/login.do
In localhost_access.log in appcontainer tomcat shows
POST /foo/doLogin.do HTTP/1.0" 302
And request as HTTP to the NAS
It seems that is ignoring X-Forwarded-Proto header.
My nginx.conf is configured as follows:
server {
listen 80;
server_name $hostname;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
error_log /dev/stdout info;
access_log /dev/stdout;
client_max_body_size 100M;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
resolver 127.0.0.11 valid=30s;
sendfile on;
location /foo {
proxy_set_header Origin "";
set $appcontainer http://appcontainer:8080;
proxy_pass $appcontainer;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $https; #I’ve also tested with $scheme
}
}
Thanks
Having a look to the Developer Tool of Chrome in the Network tab in can see that for the call of login.do there is Request URL: https://entry.proxy.url/foo/doLogin.do but in the Response Headers I can see what is generating the problem Location: http://proxy.entry.url/foo/login.do that must be Location: https://proxy.entry.url/foo/login.do .
I've tried doing redirection as proxy_redirect http://entry.proxy.url/ https://csprocure.ciport.be/; in the location and it works.
So location is set as:
location /foo {
proxy_set_header Origin "";
set $appcontainer http://appcontainer:8080;
proxy_redirect http://proxy.entry.url/ https://proxy.entry.url/;
proxy_pass $appcontainer;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $https; #I’ve also tested with $scheme
}
I'm trying to host multiple Node JS servers proxied through Nginx, which is working correctly. One server is hosted at '/', with another hosted at, for example, '/one'. The relevant Nginx config for this setup is below.
upstream host_com {
server 127.0.0.1:3000;
keepalive 8;
}
upstream one_host_com {
server 127.0.0.1:3010;
keepalive 8;
}
server {
listen 80;
access_log /var/log/nginx/host.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://host_com/;
proxy_redirect off;
}
location /one {
rewrite ^(/one)+/(.*)$ /$2 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $proxy_host; #$http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://one_host_com/;
proxy_redirect off;
}
}
However, when I do an AJAX call from the '/one' testbed, like below:
$.getJSON( '/get_stuff', function(data) { .. });
The post goes to '/get_stuff' when I want it to go to '/one/get_stuff'. How can I get Nginx to direct to NodeJS but still maintain the location? Is there a better way to implement this?
Try removing the leading slash in your JavaScript, e.g. $.getJSON( 'get_stuff', function(data) { .. });. By including the leading slash you are asking for a path at the root of the domain but I think you want the path relative to the url you are presently at.
i am trying to configure nginx to proxy pass the request to another server,
only if the $request_body variable matches on a specific regular expression.
My problem now is, that I don't how to configure this behaviour exactly.
I am currently down to this one:
server {
listen 80 default;
server_name test.local;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
if ($request_body ~* ^(.*)\.test) {
proxy_pass http://www.google.de;
}
root /srv/http;
}
}
but the problem here is, that root has always the upperhand.
the proxy won't be passed either way.
any idea on how I could accomplish this?
thanks in advance
try this:
server {
listen 80 default;
server_name test.local;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
if ($request_body ~* ^(.*)\.test) {
proxy_pass http://www.google.de;
break;
}
root /srv/http;
}
}
Nginx routing is based on the location directive which matches on the Request URI. The solution is to temporarily modify this in order to forward the request to different endpoints.
server {
listen 80 default;
server_name test.local;
if ($request_body ~* ^(.*)\.test) {
rewrite ^(.*)$ /istest/$1;
}
location / {
root /srv/http;
}
location /istest/ {
rewrite ^/istest/(.*)$ $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://www.google.de;
}
}
The if condition can only safely be used in Nginx with the rewrite module which it is part of. In this example. The rewrite prefixes the Request URI with istest.
The location blocks give precedence to the closest match. Anything matching /istest/ will go to the second block which uses another rewrite to remove /istest/ from the Request URI before forwarding to the upstream proxy.