how to get nginx proxy_pass response header - nginx-reverse-proxy

This is my environment: client --> nginx --> server
I set the following settings in nginx,like this:
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_pass http://xxx.xxx.xx;
}
}
when nginx proxy_pass to the server ,and the server returns a response, status code is 302, it also adds a custom header
and the nginx how to gets the header returned by the server ,Need to do processing based on the response returned

Related

why do I have a error 404 with nginx reverse proxy?

I am trying to reverse proxy my muximux and sonarr apps
I started with a simple conf :
server {
listen 80;
listen [::]:80;
server_name media.mydomain.com;
location / {
# reverse to muximux
proxy_pass http://localhost:8010/;
}
location /sonarr {
# reverse to sonar
proxy_pass http://localhost:8989/;
}
}
It is working for muximux but for sonar I have an error 404 but the url seems to be correct http://media.mydomain.com/login?returnUrl=
So what am I doing wrong ?

Nginx reverse proxy for requesting HTTP backend on HTTPS frontend

I've been seeing a ton of info about reverse proxies and nginx but I'm a little lost on how to implement. I am running two separate EC2 instances (front and back end, with back end running pm2). I have SSL established on the front using LetsEncrypt, and it won't allow me to hit my backend because of Mixed Content. What should I do?
nginx.conf
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name domain;
location / {}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name localhost;
root /insert/root/here;
ssl_certificate "/path/to/cert";
ssl_certificate_key "/path/to/key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
It looks like browser complains at your html content because it has hard-coded "http://" references to external resources, like javascript, fonts etc.
It does not mean that it can't reach backend due to this "mixed-content" issue.
I see no proxy_pass (or fastcgi_pass) directives in your config (which should pass requests to your upstream backend server) so probably that is an real reason why you can't reach your backend.
Your configuration should look like this:
server {
listen 443 ssl;
root /here/are/your/static/files/; # here you can place static html, css, js etc files from your backend to offload backend from serving static files - nginx will take care of them.
...
location / {
#this means that nginx will forward requests to backend server in case request does not match local static file.
try_files $uri $uri/ #backend;
}
location #backend {
#....
proxy_pass http://backend-server-ip-address:backend-port
}
}

nginx: subdomains, map to 2nd host with multiple ports

I have been looking for an nginx reverse proxy config that can:
receive incoming traffic from my router on port 80, from mydomain.com;
from subdomains, say sd01, sd02, sd03.
i.e. sd01.mydomain.com - then must go via the nginx reverse proxy (host1), and point the request to host2 (all RPi's) behind my router, and be routed to a different port on this host2.
On host2 (ip address say 192.168.1.33), I have docker running several instances of node-red, each container pointing to a different port on host2:
- sd01.mydomain.com to point to 192.168.1.33:1101
- sd02.mydomain.com to point to 192.168.1.33:1102
- sd03.mydomain.com to point to 192.168.1.33:1103
I have seen so many options of doing this on the web, from using
map $subdomain $subdomain_port {
to others, but I cannot get it working. Could someone point me in the right direction please?
And yes, I have added the wildcard * directive on godaddy for the sub domains to point to the fixed ip of my router.
You should use the upstream directive in association with a proxy_pass in the location directive for this.
ie.
upstream sd01 {
server 192.168.1.33:1101;
}
upstream sd02 {
server 192.168.1.33:1102;
}
upstream sd03 {
server 192.168.1.33:1103;
}
server {
listen 80;
listen [::]:80;
root /var/www;
server_name sd01.mydomain.com;
location / {
proxy_pass http://sd01/;
}
}
server {
listen 80;
listen [::]:80;
root /var/www;
server_name sd02.mydomain.com;
location / {
proxy_pass http://sd02/;
}
}
server {
listen 80;
listen [::]:80;
root /var/www;
server_name sd03.mydomain.com;
location / {
proxy_pass http://sd03/;
}
}
Note that if you are using sockets you will need to upgrade the connection for that path:
location /socket/ {
proxy_pass http://socketserverupstream;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
}
This is a similar configuration that I use for all of my servers. You can however refer to the NGINX documentation.
In your nginx configuration file(nginx.conf) do these changes:
server
{
listen 80;
server_name sd01;
location / {
proxy_pass http://127.0.0.1:1101;
}
}
server
{
listen 80;
server_name sd02;
location / {
proxy_pass http://127.0.0.1:1102;
}
}

I cannot connect to Nginx port 443 ssl

I'm very new to nginx, trying to add SSL on my website with the magnificent letsencrypt, helped with this tutorial
I have my file: /etc/nginx/sites-available/staging.example.com.conf, which contains:
server {
listen 443 ssl;
server_name staging.example.com;
ssl_certificate /etc/letsencrypt/live/staging.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/staging.example.com/privkey.pem;
access_log /var/log/nginx/staging.example.com.access.log;
error_log /var/log/nginx/staging.example.com.error.log;
location ~ \.(css|js|gif|jpg|png|html|svg|gz|ttf|otf|eot|woff|ico)$ {
root /vagrant/www/current/public;
expires 10d;
gzip_static on;
gzip_vary on;
}
error_page 502 /502.html;
}
server {
listen 80;
server_name staging.example.com;
return 301 https://$host$request_uri;
}
In /vagrant/www/current/public, I have test.html.
If I cURL http://staging.example.com/test.html, I get:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.9.3</center>
</body>
</html>
But if I cURL https://staging.example.com/test.html I get curl: (7) Failed to connect to staging.mojjo.fr port 443: Connection timed out
Can't find any log or something (/var/log/nginx/staging.example.com.error.log doesn't contain anything). Any idea where I could find relevant information?
It feels like the port 80 rule works, but the listen 443 ssl won't.
Using nginx version: nginx/1.9.3
Can someone help? Thanks
Probably your port 443 isn't open. You can use single server definition for both HTTP and HTTPS:
server {
listen 80;
listen 443 ssl;
...
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
}

Overwrite Cache-Control: Private in Nginx

Just wonder if there is any way to overwrite / drop the response back Cache-Control: private from a proxied remote server. The setup architecture looks like this (yes, it's a reverse-proxy set up):
[my server] --> [remote server]
The setting for my server site-available/default:
server {
listen 80; ## listen for ipv4
listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name localhost;
location / {
if ($arg_AWSACCESSKEY) {
proxy_pass http://localhost:8088;
}
try_files $uri $uri/ /index.php /index.html /index.htm;
}
# other setting goes here
}
The setting for my server site-available/remote:
server {
listen 8088; ## listen for ipv4; this line is default and implied
# Make site accessible from http://localhost/
# server_name localhost;
location / {
proxy_pass http://remoteserver;
proxy_set_header Host remoteserverhostname.com;
proxy_ignore_headers Cache-Control Expires;
proxy_pass_header Set-Cookie;
}
}
But Firebug still report the header contains Cache-Control: private. Did I missed something?
Thanks.
You want proxy_hide_header instead of proxy_ignore_headers