Proxy_passed nginx through the trailing path to api-server.com using rewrite.
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite ^/api(.*)$ $1?$args break;
proxy_pass http://api-server.com;
}
}
localhost/api/ -> api-server.com/
This URL worked fine.
However, in the code above, the trailing path was not passed and only a not_found error occurred.
localhost/api/goods/info?code=1234 -> api-server.com/goods/info?code=1234
I tried something like http://api-server.com/$args, but it only gave me a not_found error and couldn't pass it on.
(Find that trailing path localhost.)
I am very curious if there is a way to do it.
Related
I have 3 applications on one server
A: a bootstrap landing page, in /var/www/aaa
B: a react project, in /var/www/bbb
C: a h5 project, in /var/www/ccc
I want:
https://example.com goto A
https://example.com/home goto B (not https://example.com/home/xxx)
https://example.com/square goto C
I knew there are 3 way to do this:
One: by subdomain, but A,B,C are belong to a same big project, worry cross domain problem.
Two: by location, I did some search and tried, found it require url like https://example.com/home/index.xxx, but my project url will be https://example.com/home?event=xxx
Three: proxy_pass, I tried 3 days but failed, appreciate for any help.
main.conf
server {
listen 443 ssl http2;
server_name example.com localhost;
ssl_certificate /etc/ssl/certs/example.crt;
ssl_certificate_key /etc/ssl/example.key;
location /square/ {
proxy_pass http://localhost:83/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /home/ {
proxy_pass http://localhost:82/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass http://localhost:81/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
a.conf
server {
listen 81;
location / {
alias /var/www/aaa/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
b.conf
server {
listen 82;
location / {
alias /var/www/bbb/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
c.conf
server {
listen 83;
location / {
alias /var/www/ccc/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
I'm trying to setup a reverse proxy to a sentry relay using Nginx. Config file as follows:
events {
worker_connections 768;
}
http {
server {
listen 0.0.0.0:80;
location /sentry-relay {
proxy_pass http://127.0.0.1:3001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
Browsing directly to the relay server on port 3001 works fine:
However using the location path set in Nginx fails:
I've also put the redirect onto the default path: location / and it works fine. Why won't this custom path redirect properly?
I worked it out.
Nginx will append the location prefix to the proxy server request unless this prefix is replaced.
Thus to fix I changed:
proxy_pass http://127.0.0.1:3001;
to
proxy_pass http://127.0.0.1:3001/;
The extra slash is used to replace the sentry-relay path.
Nginx when I ask for my static file always returns 404, but with I understand what the reason is, if I'm wrong something that surely is so you can explain to me why it was wrong:
here are the configuration files:
default.conf
upstream apps {
server webapi:9000 fail_timeout=10s max_fails=5;
}
server {
listen 80 default_server;
large_client_header_buffers 4 16k;
location #apphost {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://apps;
proxy_redirect off;
}
}
Following two articles helped me:
.Net Core 3.0 Nginx not serving static files
https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/
I added following two blocks under my server block:
location /assets/ {
}
location ~ \.(css|js|lib|png) {
root /var/apps/dev/myapp/wwwroot;
}
This is the original nginx configuration I have here, working fine:
server {
listen 8080; # http
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
I want to add basic authentication to everything - EXCEPT for one single page... /mui/river
If I include the basic authentication lines in the server block, and put the auth_basic off inside location /mui block, it works as expected for this configuration (it requires authentication for / but not for /mui):
server {
listen 8080; # http
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic off;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
Almost perfect. Next step would be to make it request authentication for everything inside /mui, except for page /mui/river.
That's where my problem is... I tried the following, and when I reach /mui/river it still requires authentication...
server {
listen 8080; # http
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
location = /mui/river {
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic off;
}
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
How can I open access only for /mui/river?
Update:
This is my latest attempt, still not working - still blocking everything. Note that I also tried to change the rewrite line:
server {
listen 8080; # http
# Forward requests to our node app at port 8082
#
location = /mui/river {
rewrite ^/mui/river?(.*)$ /river$1; break;
auth_basic off;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
}
location / {
# The Java servlet is always assumed to be named 'server', so add that to the path.
#
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
Right now your basic auth is set at the server level (inside the server {...} block), so it will apply to all location blocks.
If you want to protect everything except /mui/river, move the following 2 lines inside the location /mui {...} and location / {...} you wish to protect:
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
I followed this tutorial to set up a secure version of Nifi registry: https://community.hortonworks.com/content/kbentry/170966/setting-up-a-secure-apache-nifi-registry.html
I am working on an ubuntu server. I do not have the possibility to generate the keychain and to access the graphical interface of nifi I use google chrome on my local machine (windows10). So I imported the p12 file in my browser. My nginx configuration file is as follows:
upstream container {
server 172.0.0.2:9000;
}
server {
listen 443 ssl;
ssl On;
ssl_certificate /etc/letsencrypt/live/sm/fullchain.pem; #/etc/nginx/ssl/fullchain.$
ssl_certificate_key /etc/letsencrypt/live/sm/privkey.pem; #/etc/nginx/ssl/privkey$
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent; # optional, to force use of$
}
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.php;
server_name workshop1.smart-mobility.alstom.com; # managed by Certbot
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location ~ /\.ht {
deny all; }
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
auth_basic "Restricted";auth_basic_user_file /etc/nginx/.htpasswd;
}
location /nifi-registry-api/ {
rewrite ^/nifi-registry-api/(.*) /nifi-registry-api/$1 break;
proxy_pass https://localhost:18443/nifi-registry;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /nifi-registry/ {
proxy_pass https://localhost:18443/nifi-registry;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-ProxyScheme "https";
proxy_set_header X-ProxyHost $proxy_host;
proxy_set_header X-ProxiedEntitiesChain "<%{SSL_CLIENT_S_DN}>";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
} }
When I log on to the nifi-registry page I have the following error: 502 Bad Gateway
can someone help me on this point please I do not find examples
Error log nginx :
*28739 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL hands