Nginx as Reverse Proxy - Double Proxy Pass ? is this possible? - apache

I have common problem anyone can encounter when you run nginx as a reverse proxy server for apache, i want to add double proxy_pass variables to the nginx conf. file but this doesn't seems to be allowed by nginx.
For example situations i have is
In my website i have chat engine runs by openfire, which runs on port 5280 with Jetty and i have set the apache proxy pass directive set as
ProxyPass /member-chat http://xyx.com:5280/http-bind
ProxyPassreverse /member-chat http://xyx.com:5280/http-bind
ProxyRequests Off
but i want to pass anything that comes to the "/member-chat" send directly to the chat-server rather than the apache, because then what apache would do is again proxy pass that to the openfire (member-chat), which takes more time and useless loading for apache.
when i add the nginx as the proxy server i want to add like this below but this didn't work, for some reason, it cant find the location gives me 404 error.
location / {
proxy_pass http://85.xxx.yyy.2x2:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/member-chat {
proxy_pass http://85.xxx.yyy.2x2:5280;
proxy_connect_timeout 300;
}

I believe you missed out on specifying the URI for the Jetty service. With your current configuration, the request that will land up on Jetty port would be:
http://85.xxx.yyy.2x2:5280/member-chat
This is as per the proxy_pass documentation.
If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI
I don't think that is what you expect looking at your Apache configuration for the same. Try configuring the URI for proxy_pass directive as you have done for Apache.
location ~ ^/member-chat {
proxy_pass http://85.xxx.yyy.2x2:5280/http-bind;
proxy_connect_timeout 300;
}

Related

Can I make a proxy_pass to a service that is not enabled?

My doubt begins because I have an nginx and a number of dockerized apis in a virtual machine. In my nginx.conf file I have each api defined as follows:
location /items {
set $backend_server http://api-items:8080;
# Access swagger via proxy
location ~ ^(/items/).*\.(js|css|html|png|json)$ {
set $backend_server http://api-items:8080;
rewrite ^/items/(.*)$ /$1 break;
proxy_pass $backend_server;
}
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass $backend_server/items;
}
For nginx to build correctly I need to have all the APIs built in my virtual machine.
The question is if I can have this directive for a service (url) that is not working. I don't know if there is a way to mark a url so that if the proxy_pass doesn't work, nginx doesn't throw you down.
Conditionals in location directives for nginx configuration

NginX Server block on GitLab is ignored

I've installed GitLab on a virtual machine in Microsoft Azure in which I also have an Apache2 web server that should respond with some static websites.
Since GitLab has an embedded NGinX web server I thought that it would have been sufficient to just make these two changes:
Make apache listen to another port rather than 80 (I changed it to 8090)
Add a server block to GitLab's NGinX (firstly by adding this configuration to gitlab.rb nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;" and then by creating the following block in /etc/nginx/conf.d/serverblock.conf)
server {
root /var/www/;
server_name .notgitlabdomain.com;
access_log /etc/nginx/logs/notgitlabdomain_access.log;
error_log /etc/nginx/logs/notgitlabdomain_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass 127.0.0.1:8090;
add_header X-Upstream $upstream_addr;
add_header NLC_S "s";
}
}
The problem is that this is not working so far. I opened and checked whether the nginx.conf (in /var/opt/gitlab/nginx/conf/) file is actually reading the server block I added and it is. But when I follow a link in my notgitlabdomain.com domain it redirects me to notgitlabdomain.com/users/sign_in with a Sass error that couldn't import a some css files.
Open develop tools and check the request.
I guess this issue is related about the configuration of gitlab (domain url)

nginx and DNS subdomain, too many redirects

I just installed nginx and set it to work over an apache installation. As a matter of fact, my rules are:
server {
listen 80;
server_name example.com;
location / {
proxy_set_header X-Readl-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://example.com:8080;
}
location ~ /\.ht {
deny all;
}
}
and I wanted to configure a subdomain by:
server {
listen 80;
server_name sub.example.com;
location / {
proxy_pass http://example.com:8080/sub;
}
location ~/\.ht {
deny all;
}
}
And configuring my DNS like so:
NAME | TYPE | TARGET
//empty A 45.23.67.89
sub CNAME example.com
I waited for propagation, but i'm getting "too many redirects" in chrome...
The response is always 301, and redirected to the IP:80, I'm guessing that this is caused because of the A line in DNS... howver domain.com does redirect to apache and I do get the "it works" we all know so well...
Can anyone one point me to the right direction please?
Thanks!
UPDATE:
I added another subdowmain, sub-sub, following EXACTLY the same procedure, but it magically works... need help!
Put
ProxyRequests off
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http:/127.0.0.1:2368/
</VirtualHost>
This config was taken from Apache2 not sure if this will work on Nginx but this fixes it on Apache2. Obviously change the port of the localhost. That config is for Ghost Blog.
This will redirect the visitor to a specific port, this is good if you have HTTPS or SSL enabled and it's getting too many redirect requests. You can set the port to 443 (SSL port).
Ok Solved,
I added headers to the proxy_pass directive and it worked
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
However, it's still adding me a slash (/) at the end of the url, meaning that when i go to sub.example.com i get sub.exmaple.com//

Simple reverse proxy with Nginx (equivalent to Apache)

With Apache, I can make reverse proxy working with this VirtualHost configuration.
I have executed nanoc view -p 8080to use 8080 port for nanoc web app.
With this setup, http://scalatra.prosseek is mapped to the nanoc.
<VirtualHost *:80>
ProxyPreserveHost On
ServerName scalatra.prosseek
ProxyPass /excluded !
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
I need to have the same setup with Nginx, with some trial and error, I could make it work with this configuration.
upstream aha { # ??? (1)
server 127.0.0.1:8080;
keepalive 8;
}
# the nginx server instance
server {
listen 0.0.0.0:80;
server_name scalatra.prosseek;
access_log /usr/local/etc/nginx/logs/error_prosseek.log;
location / {
# ??? (2)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://aha/; # ??? (1)
proxy_redirect off; # ??? (3)
}
}
It works, but I'm not sure if this is the best setup.
Here come my questions:
Is the setup OK for http://scalatra.prosseek to localhost:8080:
Are these correct setup of proxy_set_headers? Or did I miss something?
For the proxy_pass and upstream, is it just OK as long as two names are the same?
Do I need proxy_redirect off;?
Your configuration looks close.
Proxy headers should be fine. Normally Nginx passes headers through, so proxy_set_header is used when you want to modify those - for example forcing the Host header to be present even if the client does not provide one.
For the proxy_pass and upstream, yes the names need to match.
Consider leaving proxy_redirect on (default). This option modifies whether Nginx interferes with responses like 301 & 302 redirects including the port number. Turning it off means that your upsteam application must take responsibility for passing the correct public domain name and port in any redirect responses. Leaving it set to default means that if you accidentally try to direct the client to port 8080, Nginx would in some cases correct it to be port 80 instead.
You also did not include the /excluded path in your nginx config. Add that in with
location /excluded {
return 403;
}

nginx HttpProxyModule configuration help

I am trying to use nginx to enforce basic authentication before allowing access to the H2 database web console. This console is running on https://localhost:8084
In my nginx.conf, I have:
location /h2 {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass https://localhost:8084/;
}
What I want it to do is proxy requests for /h2 to H2's webserver. This configuration works for the first request, however the H2 server immediately sends a HTTP redirect for "/login.jsp" which is getting sent to my browser as "/login.jsp" and not "/h2/login.jsp". This means that when my browser requests the page, the request fails because only urls at location "/h2" get passed to the H2 webserver.
How can I append "/h2" to any redirects returned by the H2 webserver? I tried the following:
proxy_redirect https://localhost:8084/ https://$host/h2;
but it didnt do anything.
This seems to be a nginx config problem. Try location /h2/ (with trailing slash) instead of location /h2 in the nginx.conf. And then connect to http://localhost/h2/. You don't need any reverse-proxy config, as the H2 Console tool doesn't use absolute URLs (it redirects goes to "login.jsp" and not to "/login.jsp"). The problem is that http://localhost:/h2 is a 'file name', whereas http://localhost:/h2/ is a 'directory'.