I currently have the following Nginx configuration on my RabbitMQ server:
location ~* /rabbitmq/api/(.*?)/(.*) {
proxy_pass http://localhost:15672/api/$1/%2F/$2?$query_string;
}
location ~* /rabbitmq/(.*) {
rewrite ^/rabbitmq/(.*)$ /$1 break;
proxy_pass http://localhost:15672;
allow 185.96.158.10;
deny all;
}
The redirection seems to create mayhem with our firewall (pfSense) and we get plenty of alerts like this one:
Feb 7 10:20:35 snort 24797 [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [Priority: 3] {TCP} 185.X.X.X:36127 -> 46.X.X.X:80
Could someone explain what the problem is and how could i rewrite the Nginx configuration in order to avoid triggering the alert?
Related
First of all, I am so sorry if I broke any rules by making a thread / question.
And also I am sorry for my bad English.
I'm so stressed out to figure out the solution. I am learning about Reverse Proxy on Nginx.
So, I am making 2 servers (both are Centos), one using Apache Web Server and another using Nginx as Web Server. Both will run under an Nginx Reverse Proxy.
This is my configuration
server {
listen 80;
index index.html index.htm;
location / {
proxy_pass http://<apache-ip-address>;
}
location /demo {
proxy_pass http://<nginx-ip-address>;
}
}
And this seems working fine.
I can access the Apache Web Server using http://reverse-proxy-ip/ and access the Nginx Web Server using http://reverse-proxy-ip/demo
But, when I tried to change location / to nginx-ip-address , and /demo to apache-ip-address , I got error "Not Found. The requested URL /demo was not found on this server."
Here the configuration
server {
listen 80;
index index.html index.htm;
location / {
proxy_pass http://<nginx-ip-address>;
}
location /demo {
proxy_pass http://<apache-ip-address>;
}
}
So, my question is, why does this error occur after changing the destination server, and how to solve this problem?
Need some advice for a newbie like me.
Thank you.
I'm hosting VueJS at google cloud storage bucket, app works only when using domain name without subpath: www.domain.com when using URL like: www.domain.com/sub/path I'm getting 404 error as it seem that NGINX is looking for this path in the bucket instead of let VueJS router take over.
I tried to follow older thread but in my case would not help.
Any ideas how to fix this?
location = / {
proxy_pass https://gcs/mygoogle-cloud-bucket/main.html;
proxy_set_header Host storage.googleapis.com;
}
location / {
rewrite /(.*) /$1 break;
proxy_pass https://gcs/mygoogle-cloud-bucket/$1$is_args$args;
proxy_redirect off;
index main.html;
proxy_set_header Host storage.googleapis.com;
}
It seems like what you need to do is to create a Static Website using Cloud Storage and VueJS.
With this bieng the case, there are a few things that needs to be clarified:
Cloud Storage doesn't support HTTPs, so yo uneed to use a Load Balancer.
Make sure the objects in your bucket are public.
Build the Vue project With Relative Path.
It is also recomended to set the special pages, but this is not necessary.
Set up your load balancer and the SSL certificate as it is mentioned here.
Configure routing rules.
Make sure you have connected your custom domain to your load balancer
This should get you going with your site. If you would like to check a worknig example, you can take a look at this one.
Your code should look something like:
location / {
rewrite /$ $uri$index_name;
proxy_set_header Host storage.googleapis.com;
proxy_pass https://gs/$bucket_name$uri;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
We have a nginx and an apache2 server.
Apache2 is configured to manage Kerberos (Active Directory) authentication.
We have a website managed by nginx with a reserved area.
I would know if this is possible:
the user goes to main site managed by nginx
from main site, there is a link to "/login" mapped to apache2:
location /login/ {
proxy_pass http://apache2server/testlogin;
}
when the login is successful, apache2 is configured to go to another nginx webpage, using proxypass too:
ProxyPass /testlogin http://nginxserver/logindone.php
ProxyPassReverse /testlogin http://nginxserver/logindone.php
I wonder if this is the right solution to the problem.
The best way you can implement an external authentication to your NGiNX website is using auth_request directive.
Basically, you can protect any request doing a subrequest to any external web server. The subrequest must return HTTP code 2XX to allow proceeding to the content, and any other HTTP code returned will deny access.
To accomplish that, be sure you've NGiNX with auth_request enabled (compiled with --with-http_auth_request_module). To check that, use the following command at shell:
nginx -V 2>&1 | grep "http_auth_request_module"
Add the auth_request directive to the location you want to protect, specifying an internal location where the authorization subrequest will be forwarded to, using:
location /system/ {
auth_request /auth;
#...
}
So, when a request is made to /system/ location, the system will create a subrequest to /auth location. Now we need to create the internal /auth location. We can use the following example below:
location = /auth {
internal;
proxy_pass http://my.app.webserver/auth_endpoint;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
#...
}
Here, we created the /auth internal location. We used the internal directive to disable external NGiNX access (any external request to /auth will not be processed by this location). Also, we removed the request body content and set the request length to zero, removing any original request variable. We do a subrequest to http://my.app.webserver/auth_endpoint passing all requested cookies, so your backend application could determine if user has access or not.
If you need to know the original requested URI, you can add it on an extra HTTP header at subrequest adding:
proxy_set_header X-Original-URI $request_uri;
You can learn more about NGiNX auth_request directive here.
I have front proxy as apache and back proxy as nginx. back proxy config is like below
location /my-app {
proxy_pass http://localhost:18080/my-app/;
fastcgi_intercept_errors off;
}
The problem is whenever the request sent to upstream from back proxy then double slash added
to upstream --> /my-app//myappPath
I have tried to add slash at the end of location like below to avoid double slash but back proxy not receive any request from my front proxy. so no requests to upstream application.
Please kindly help me how to avoid this double slash situation in my back proxy.
location /my-app/ {
proxy_pass http://localhost:18080/my-app/;
fastcgi_intercept_errors off;
}
You are using this directive:
proxy_pass http://localhost:18080/my-app/
Remove the "/" at the end to:
proxy_pass http://localhost:18080/my-app
That will take care of the issue.
I am trying to force SSL for a single subdirectory on my server by placing a rewrite rule in my nginx config file.
So, for example, when a user goes to example.com/billing or example.com/billing/user they are taken to https://example.com/billing or https://example.com/billing/user.
I have an SSL certificate installed etc. Here is a rule in my server block for nginx:
#billing location
location /billing/ {
if (!-e $request_filename){
rewrite ^/billing/(.*)$ /billing/index.php?request=$1 last;
}
}
Is there a way I can modify this rule to include forcing https?
I hope you have two server blocks one for http and other of http SSL connection; in your http server block adding redirect to https inside /billing/ location block will solve the issue.
server {
listen 80;
location /billing/ {
# 301 for permanent redirect
return 301 https://$host$request_uri;
}
}