NGINX Reverse Proxy target dynamic host - nginx

I am using nginx plus and need to pass the host as header variable , if no value is passed in header the default host should be used. Below my nginx.conf, Can anybody help me with the config
http {
resolver 172.10.0.10 valid=10s ipv6=off;
upstream demo {
zone demoservers 64k;
server demo-server.com:443 resolve;
}
server {
listen 443 ssl;
location / {
proxy_pass https://demo-server.com;
proxy_ssl_server_name off;
}
}
server {
listen 8080;
location /api {
api write=off;
# directives limiting access to the API
}
location = /test.html {
root /usr/share/nginx/html;
}
# Redirect requests made to the pre-NGINX Plus API dashboard
location = /test1.html {
return 301 /test.html;
}
}
}

map $host $destination {
host1.com 192.168.1.1;
host2.com 192.168.1.2;
default 192.168.1.254;
}
Then you can use it in proxy_pass
location / {
proxy_pass https://$destination;
proxy_ssl_server_name off;
}

Related

nginx proxy_pass external services via locations instead of subdomains

I have setup a docker environment for testing nginx reverse proxy.
Instead of setting up a subdomain for every backend, i would like to have 1 subdomain with a location pointing to the individual backend:
while this works as expected:
server {
listen 80;
server_name dashboard.test.lan;
location / {
proxy_pass http://172.17.0.1:82;
}
}
server {
listen 80;
server_name gitlab.test.lan;
location / {
proxy_pass http://172.17.0.1:83;
}
}
server {
listen 80;
server_name portainer.test.lan;
location / {
proxy_pass https://172.17.0.1:9443;
}
}
...this does not work:
server {
listen 80;
server_name proxy.test.lan;
location /dashboard {
proxy_pass http://172.17.0.1:82;
}
location /gitlab {
proxy_pass http://172.17.0.1:83;
}
location /portainer {
proxy_pass https://172.17.0.1:9443;
}
}
Maybe you guys can give me a hint or explanation why this does not work.

nginx reroute the passthrough request

On my server two types of services are running. some services are normal and need ssl certificate but one service should use pass through. I read the document and what I understood is that I need to create a stream on a new port. if I am using 443 for ssl then I can't use it for passthrough.so created a pass through stream on a new port 8443. Every thing works fine but for passthrough service I need to enter the port along with url e.g https://production-server:8443. I want it like
https://production-server:8443 -> https://production-server
so my question is can we reroute a request in nginx ? here is my configuration
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream unsecure{
server prod-exec:8040 ;
keepalive 64;
}
upstream secure {
server prod-exec:9001
keepalive 64;
}
server {
listen 80;
server_name ServerA;
access_log C:/nginx-1.20.1/logs/access.log upstreamlog;
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
proxy_pass http://unsecure/services;
}
location /services/countingservice {
proxy_pass http://unsecure;
}
}
location /services/balancingservice {
proxy_pass http://unsecure;
}
}
server {
listen 443 ssl;
server_name server-A:443;
access_log C:/software/nginx-1.20.1/logs/access.log upstreamlog;
ssl_certificate C:\\nginx-1.20.1\\ssl\\certificate.crt;
ssl_certificate_key C:\\nginx-1.20.1\\ssl\\certificate_key.key;
error_page 401 /test_401.html;
location = /test_401.html {
root /C:/nginx-1.20.1/html;
internal;
}
location / {
proxy_pass https://secure/services;
}
location /services/countingservice {
proxy_pass http://secure;
}
}
location /services/balancingservice {
proxy_pass http://secure;
}
}
stream {
access_log C:/nginx-1.20.1/logs/access.log main;
upstream passthrough_test {
server prod-exec:9001 max_fails=2 fail_timeout=180s ;
# Definition of Nginx server (URL + Port) for Application 1
server {
listen server A: 84443;
listen 84443;
proxy_pass passthrough_test;
proxy_next_upstream on;
}
}
I don't want to add port with URL for pass through. so if I config the passthrough on 443 can nginx filter the request by recognizing it's pattern?
or is there any other way?
Any help would be appreciated. Thanks in Advance.

NGINX as reverse proxy for http and ssh

I'm trying to set up NGINX as a reverse proxy for HTTP and SSL.
Here is a configuration in /etc/nginx/conf.d/default.conf:
upstream sample-client {
server sample-client:3006;
}
upstream sample-server {
server sample-server:3000;
}
upstream ssh {
server sample-server:22;
}
server {
listen 80;
location / {
proxy_pass http://sample-client;
}
location /api {
rewrite /api/(.*) /$1 break;
proxy_pass http://sample-server;
client_max_body_size 100M;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
error_page 405 =200 #405;
location #405 {
root /usr/share/nginx/html;
proxy_pass http://sample-client;
}
}
server {
listen 22;
proxy_pass ssh;
}
But it throws the next error:
nginx: [emerg] "proxy_pass" directive is not allowed here in /etc/nginx/conf.d/default.conf:60
What's going wrong?
proxy_pass directive should be inside location block
described in https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
To pass a request to an HTTP proxied server, the
proxy_pass directive is specified inside a
location .
this means that the second server location must include a location block
probably similar to
location / {
proxy_pass ssh;
}

Nginx upstream with http & https

I have some problem about nginx with http and https bypass, In upstream block
upstream block:
upstream bypass{
server 192.168.99.1:80; #http
server 192.168.99.2:443 backup; #https
}
When http 80 have a problem (server down, etc), I want to redirect to https 443,
This block does not work for me.
location block:
location / {
proxy_pass https://bypass;
proxy_redirect off;
}
How can I resolve this?
This works well: Create server config section for each backend on different port and forward to both ports internally without ssl.
In this example, you can see how the first server acts as main server with cached content (available via https) and if cache content is not available, use the second server (via http).
(using nginx 1.19.6, just for reference)
upstream backends {
server 127.0.0.1:8082;
server 127.0.0.1:8081 backup;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# ssl certs etc here
location / {
proxy_pass http://backends;
proxy_next_upstream error timeout http_404 http_403;
}
access_log /var/log/nginx/access.log upstreamlog;
}
server {
listen 8081;
location / {
add_header X-Cache MISS;
proxy_pass http://server1;
proxy_set_header Host server1;
}
}
server {
listen 8082;
location / {
add_header X-Cache HIT;
proxy_pass https://server2;
proxy_set_header Host server2;
}
}
Taking a shot in the dark. Assuming you were having issues mixing HTTP and HTTPS in the upstream, you could try this in the location block:
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass;
proxy_redirect off;
}
}
And if that didn't work, split the bypass upstream block into bypass1 and bypass2 and reference them accordingly in their corresponding location blocks:
upstream bypass1{
server 192.168.99.1:80; #http
}
upstream bypass2{
server 192.168.99.2:443; #https
}
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass1;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass2;
proxy_redirect off;
}
}
A third option would be reference them both on port 80, and ensure the second upstream server redirects HTTP requests to HTTPS.

NGinx config for redirecting domain

I have 2 servers on my network:
one linux machine (192.168.0.2) with a website listening on port 8181 for service1.domain.com
one windows machine (192.168.0.3) with a website listening on port 8080 for service2.domain.com
I want to set up an nginx reverse proxy so that I can route requests like so:
service1.domain.com --> 192.168.0.2:8181 with host header service1.domain.com
service2.domain.com --> 192.168.0.3:8080 with host header service2.domain.com
I have tried with the following config:
### General Server Settings ###
worker_processes 1;
events {
worker_connections 1024;
}
### Reverse Proxy Listener Definition ###
http {
server {
listen 80;
server_name service1.domain.com;
location / {
proxy_pass http://192.168.0.2:8181;
proxy_set_header host service1.domain.com;
}
}
server {
listen 80;
server_name service2.domain.com;
location / {
proxy_pass http://192.168.0.3:8080;
proxy_set_header host service2.domain.com;
}
}
}
But that doesn't seem to work?
Is there anything blindingly obvious that I might be doing wrong here?
this works fine for me:
http {
server {
listen 80;
server_name service1.domain.com;
location / {
proxy_pass http://192.168.0.2:8181;
proxy_set_header host service1.domain.com
}
}
server {
listen 80;
server_name service2.domain.com;
location / {
proxy_pass http://192.168.0.3:8080;
proxy_set_header host service2.domain.com;
}
}
}
have a try?

Resources