With Apache, I can make reverse proxy working with this VirtualHost configuration.
I have executed nanoc view -p 8080to use 8080 port for nanoc web app.
With this setup, http://scalatra.prosseek is mapped to the nanoc.
<VirtualHost *:80>
ProxyPreserveHost On
ServerName scalatra.prosseek
ProxyPass /excluded !
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
I need to have the same setup with Nginx, with some trial and error, I could make it work with this configuration.
upstream aha { # ??? (1)
server 127.0.0.1:8080;
keepalive 8;
}
# the nginx server instance
server {
listen 0.0.0.0:80;
server_name scalatra.prosseek;
access_log /usr/local/etc/nginx/logs/error_prosseek.log;
location / {
# ??? (2)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://aha/; # ??? (1)
proxy_redirect off; # ??? (3)
}
}
It works, but I'm not sure if this is the best setup.
Here come my questions:
Is the setup OK for http://scalatra.prosseek to localhost:8080:
Are these correct setup of proxy_set_headers? Or did I miss something?
For the proxy_pass and upstream, is it just OK as long as two names are the same?
Do I need proxy_redirect off;?
Your configuration looks close.
Proxy headers should be fine. Normally Nginx passes headers through, so proxy_set_header is used when you want to modify those - for example forcing the Host header to be present even if the client does not provide one.
For the proxy_pass and upstream, yes the names need to match.
Consider leaving proxy_redirect on (default). This option modifies whether Nginx interferes with responses like 301 & 302 redirects including the port number. Turning it off means that your upsteam application must take responsibility for passing the correct public domain name and port in any redirect responses. Leaving it set to default means that if you accidentally try to direct the client to port 8080, Nginx would in some cases correct it to be port 80 instead.
You also did not include the /excluded path in your nginx config. Add that in with
location /excluded {
return 403;
}
Related
I'm having a problem with a nginx configuration which I use as a reverse proxy for different containerized applications.
Basically Nginx is listening on port 80 and is redirecting every request to https. On different subdomains I'll then proxy pass to the port of the applications.
For example my gitlab config:
server {
listen 443 ssl; # managed by Certbot
server_name gitlab.foo.de www.gitlab.foo.de;
location /{
proxy_pass http://localhost:1080;
}
I'm redirecting to the gitlab http (not https) port. The systems nginx is taking care of SSL, I don't care if the traffic behind is encrypted or not.
This has been working for every app since yesterday.
I'd like to test https://github.com/bitnami/bitnami-docker-osclass for an honorary association. Same config as above but it is not working as intended.
Ressources are downloaded via https while the main page is getting a redirect to http.
Exmaple: https://osclass.foo.de --> redirect --> http://osclass.foo.de:1234/ (yes with the port in the domain which is very strange)
I don't get why? So I changed the config a little to:
server {
listen 443 ssl; # managed by Certbot
server_name osclass.foo.de www.osclass.foo.de;
location /{
proxy_pass http://localhost:1234;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Now the mainpage is loaded via https and I don't have the port in my domain anymore. But the whole page is broken because no ressources will be loaded due to
"mixed-content warning".
SEC7111: [Mixed-Content] Origin "https://osclass.foo.de" [...] "http://osclass.foo.de/oc-includes/osclass/assets/js/fineuploader/fineuploader.css"
Do I have a conflict with the integrated apache in the docker image or what am I doing wrong?
Any hints are appretiated!
Kind regards from Berlin!
I found a solution to fix the mixed content problem. I just edited the following line in
/opt/bitnami/osclass/config.php
# define('WEB_PATH', 'http://osclass.foo.de/');
define('WEB_PATH', 'https://osclass.foo.de/'); # with https
Is it possible to set up DNS records using CloudFlare that would allow me to have subdomains pointing to two different ports on my local machine?
For example, one application running on port 80, and another on port 8880? According to this link the ports should both be supported:
https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/
I'd like to have:
sub1.domain.com -> 1.2.3.4:80
sub2.domain.com -> 1.2.3.4:8880
I've looked at SRV records, but it doesn't seem to allow IP addresses as targets.
You can use a reverse proxy like nginx and use it along with Cloudflare for the purpose.
Check this link to learn about installing and configuring nginx as reverse proxy.
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-16-04
an example configuration looks like this
server {
listen 80;
server_name subdomain.example.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://local_ip:8081;
}
}
server {
listen 80;
server_name subdomain2.example.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://local_ip:port;
}
}
I have a prestashop instance and I want to be able to access it using multiple domains.
Lets say my domain is example.com and I've set prestashop main domain to be example.com.
I also have the domain example.net and I want to open the same shop, if I point example.net to the same location, the url will change from example.net to example.com
I want to have both domains without the url to change but I also don't want to use multiple shop(prestashop multistore functionality because it will be the exact same shop).
Is this possible somehow?
Creating a reverse proxy using Nginx (or Apache) for example can be another way to make this.
Here is a sample configuration for such one domain on Nginx :
server {
listen *:443 ssl;
listen *:80;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
server_name domain.tld domain2.tld domain3.tld;
access_log /var/log/nginx/domain.tld.access.log;
error_log /var/log/nginx/domain.tld.error.log;
root /srv/domain.tld/;
index index.html index.htm index.php;
location / {
proxy_pass http://prestashopdomain.tld;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS $https;
}
}
Sorry to says this but you can achieve this via Multishop Function (in backoffice, in Preferences > General, at the bottom of the page) and point multiple address, it will still be the same shop and work the same.
This is way simpler !
I just installed nginx and set it to work over an apache installation. As a matter of fact, my rules are:
server {
listen 80;
server_name example.com;
location / {
proxy_set_header X-Readl-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://example.com:8080;
}
location ~ /\.ht {
deny all;
}
}
and I wanted to configure a subdomain by:
server {
listen 80;
server_name sub.example.com;
location / {
proxy_pass http://example.com:8080/sub;
}
location ~/\.ht {
deny all;
}
}
And configuring my DNS like so:
NAME | TYPE | TARGET
//empty A 45.23.67.89
sub CNAME example.com
I waited for propagation, but i'm getting "too many redirects" in chrome...
The response is always 301, and redirected to the IP:80, I'm guessing that this is caused because of the A line in DNS... howver domain.com does redirect to apache and I do get the "it works" we all know so well...
Can anyone one point me to the right direction please?
Thanks!
UPDATE:
I added another subdowmain, sub-sub, following EXACTLY the same procedure, but it magically works... need help!
Put
ProxyRequests off
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http:/127.0.0.1:2368/
</VirtualHost>
This config was taken from Apache2 not sure if this will work on Nginx but this fixes it on Apache2. Obviously change the port of the localhost. That config is for Ghost Blog.
This will redirect the visitor to a specific port, this is good if you have HTTPS or SSL enabled and it's getting too many redirect requests. You can set the port to 443 (SSL port).
Ok Solved,
I added headers to the proxy_pass directive and it worked
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
However, it's still adding me a slash (/) at the end of the url, meaning that when i go to sub.example.com i get sub.exmaple.com//
I have common problem anyone can encounter when you run nginx as a reverse proxy server for apache, i want to add double proxy_pass variables to the nginx conf. file but this doesn't seems to be allowed by nginx.
For example situations i have is
In my website i have chat engine runs by openfire, which runs on port 5280 with Jetty and i have set the apache proxy pass directive set as
ProxyPass /member-chat http://xyx.com:5280/http-bind
ProxyPassreverse /member-chat http://xyx.com:5280/http-bind
ProxyRequests Off
but i want to pass anything that comes to the "/member-chat" send directly to the chat-server rather than the apache, because then what apache would do is again proxy pass that to the openfire (member-chat), which takes more time and useless loading for apache.
when i add the nginx as the proxy server i want to add like this below but this didn't work, for some reason, it cant find the location gives me 404 error.
location / {
proxy_pass http://85.xxx.yyy.2x2:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/member-chat {
proxy_pass http://85.xxx.yyy.2x2:5280;
proxy_connect_timeout 300;
}
I believe you missed out on specifying the URI for the Jetty service. With your current configuration, the request that will land up on Jetty port would be:
http://85.xxx.yyy.2x2:5280/member-chat
This is as per the proxy_pass documentation.
If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI
I don't think that is what you expect looking at your Apache configuration for the same. Try configuring the URI for proxy_pass directive as you have done for Apache.
location ~ ^/member-chat {
proxy_pass http://85.xxx.yyy.2x2:5280/http-bind;
proxy_connect_timeout 300;
}