I cannot fix routing in nginx for different parts in URI . So if the request has URI starting with de it should pass the traffic to app_b. That does not happen and I'm getting error: invalid URL prefix in "http://"
Here's the config.
map $request_uri $resources_location {
"/" "app_a:1234/";
"^.*de.*$" "app_b:2345/";
}
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://$resources_location;
proxy_redirect off;
}
location ~ ^/(assets|public|favicon.ico) {
proxy_pass http://$resources_location;
}
}
How that can be solved (also with a help of map)?
Related
What I am trying to achive; is when the request coming from http://<ip>/vault/ui/ (referer in the request header) and it includes the http://<ip>/v1/* endpoint, to be rewriten or redirected to http://<ip>/vault/v1/
can someone please help me to solve this issue?
/etc/nginx/sites-enabled/reverse-proxy.conf
upstream command_center_vault {
server command-center-0.blinchik.io:28200;
}
server {
listen 80;
listen [::]:80;
location /vault/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_pass "http://command_center_vault/vault/";
proxy_redirect /ui/ /vault/ui/;
}
location /vault/v1/ {
proxy_pass "http://command_center_vault/v1/";
}
}
Headers
Update
A little bit more context, the overarching architecture looks as in the picture below.
the configuration of nginx server in the private subnet looks like this:
private subnet nginx
upstream consul_server {
server brain-consul-server-0.blinchik.io:8500;
server brain-consul-server-1.blinchik.io:8500;
server brain-consul-server-2.blinchik.io:8500;
}
upstream vault_server {
server brain-vault-server-0.blinchik.io:8200;
server brain-vault-server-1.blinchik.io:8200;
}
server {
listen 28500;
listen [::]:28500;
location /consul/ {
proxy_pass "http://consul_server";
sub_filter_once off;
sub_filter_types application/javascript text/html;
sub_filter "/v1/" "/consul_v1/";
}
location /consul_v1/ {
proxy_pass "http://consul_server/v1/";
}
}
server {
listen 28200;
listen [::]:28200;
location /vault/ {
proxy_pass "http://vault_server/";
port_in_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_redirect /ui/ /vault/ui/;
sub_filter_once off;
sub_filter '<head>' '<head><base href="/vault/">';
sub_filter '"/ui/' '"ui/';
#inspired by this repo https://github.com/Folcky/hashicorp-vault-and-nginx
}
location /v1/ {
proxy_pass "http://vault_server/v1/";
}
}
public subnet nginx
upstream command_center_vault {
server command-center-0.blinchik.io:28200;
}
server {
listen 80;
listen [::]:80;
location /vault/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_pass "http://command_center_vault/vault/";
proxy_redirect /ui/ /vault/ui/;
}
location /vault/v1/ {
proxy_pass "http://command_center_vault/v1/";
}
}
the consul part works fine. if I change in the public subnet configuration the location of /vault/v1/ to /v1/ then it works as well. But the problem that other products that I intend to add it to the reverse proxy (like Nomad) also uses the /v1/ path and in this case there will be a conflict.
I think this one should work (must be placed at the server context outside any locations:
if ($http_referer ~ /vault/ui) {
rewrite ^/v1(/.*) /vault/v1$1 last;
}
You can make regex pattern more strict including //<ip> or https?://<ip> parts.
i want to use nginx set directive to use a variable as argument of proxy_pass but doing so ends up in a endless 301 Moved Permanently error in chrome when accessing https://foo.de/myleaps with the code below:
example code
user "reverse-proxy" "reverse-proxy";
error_log stderr;
daemon off;
events {}
http {
server {
listen 80;
listen [::]:80;
server_name foo.de;
location /myleaps {
rewrite ^ https://$server_name$request_uri? permanent;
}
} server {
ssl on;
listen 443 ssl;
listen [::]:443 ssl;
server_name foo.de;
ssl_certificate /var/lib/nixcloud/TLS/foo.de/selfsigned/fullchain.pem;
ssl_certificate_key /var/lib/nixcloud/TLS/foo.de/selfsigned/key.pem;
location /myleaps {
set $tttt http://127.0.0.1:3031/myleaps;
# https default flags
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass $tttt;
}
location /myleaps/leaps/ws {
# https websocket default flags
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 36000s;
# required because of CORS
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3031/myleaps/leaps/ws;
}
}
}
using hardcoded values (no set)
when using this:
proxy_pass http://127.0.0.1:3031/myleaps;
instead of:
proxy_pass $tttt;
it works for my example.
so the question is: why does proxy_pass work with an hard coded string but not with using a variable?
motivation
in the reverse-proxy here https://github.com/nixcloud/nixcloud-webservices/blob/be57d526547c66db05595002682525ca62c8f068/modules/services/reverse-proxy/default.nix#L144 the code which generates the proxy_pass is basically hardcoded and if a user wishes to override this it is going to be really complicated. so the idea is to generate 3 variables: ip, port and path and put it into the location scope and let the user later use these. this way i could get rid of the hardcoded proxy_pass directive and the user would be much more flexible in modifying/generating the location record.
so the code could be like this:
set $targetIP = ${location.ip};
set $targetPort = ${toString location.port}
set $targetPath = ${removeSuffix "/" (toString (builtins.toPath (location.path)))};
and the 3 lines above would always be generated into that location record, no matter what. but the code below is dynamically generated and a default implementation could be this:
proxy_pass http://$targetIP:$targetPort$targetPath;
but the user could simply override it by:
nixcloud.reverse-proxy = {
enable = true;
extendEtcHosts = true;
extraMappings = [
{
domain = "example.com";
path = "/";
https = {
mode = "on";
basicAuth."joachim" = "foo";
record = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://$targetIP:$targetPort$targetPath
'';
};
}
];
};
it is working using $request_uri instead of hardcoding the proxy_pass path using $targetPath:
set $targetIP 127.0.0.1;
set $targetPort 3031;
proxy_pass http://$targetIP:$targetPort$request_uri;
this code will soon be in nixcloud-webservices!
thanks to irc.freenode.net#nginx#benbrown (Ben Brown) for this solution!
I have two websites, ineedbabypics.com and ineedtoclose.com
I have updated both domain names A record to point to my public IP address.
The problem is I followed various online settings for proxy and can't get the simple redirect to work. When I type in both domain names in my browser, it both goes to ineedbabypics.com.
I want ineedbabypics.com to go to 192.168.1.96 and ineedtoclose.com to go to 192.168.1.83. Here are my server block settings:
#nginx.conf
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
#ineedbabypics.conf
server {
server_name http://ineedbabypics.com www.ineedbabypics.com;
set $upstream 192.168.1.96;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$upstream;
}
}
#ineedtoclose.conf
server {
server_name http://ineedtoclose.com www.ineedtoclose.com;
set $upstream 192.168.1.83;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$upstream;
}
}
I would like to implement a reverse proxy which redirect request of http://www.dummy.com/foo/bar/test to http://127.0.0.1/hello/world. I have tried to add rewrite before the pass and it seems not working ...
server {
listen 80;
listen [::]:80;
server_name www.dummy.com;
# access_log /var/log/nginx/upstream_log.log
location / {
root /usr/share/nginx/html/dummy;
}
location /foo/bar/test {
rewrite ^/foo/bar/test /hello/world break;
proxy_pass http://127.0.0.1/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/upstream_log.log upstream_logging;
}
}
Is there something missing or wrongly configured?
The above config works as expected... The other server was misconfigured when I test the above configuration.
I have a URL as
https://test.rockon.me/Profiles/XYZ-ABC-PQRS/default.aspx
now using nginx i have to write rules for creating a subdomain which can make the URL as https://XYZ-ABC-PQRS/test.rockon.me/Profiles/default.aspx here XYZ-ABC-PQRS is the username of some user.
server
{
access_log /var/log/nginx/subcalls.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Access-Control-Allow-Origin *;
listen 80;
server_name ~^(?<subdomain>.+)\nithinveer\.com$;
location /
{
proxy_pass http://192.168.6.190/Profiles/$subdomain$request_uri/;
}
Yours not working, probably because you expect $request_uri = /default.aspx which is not, it is actually, everything after subdomain i.e., /Profiles/user/default.aspx
Try this,
server {
server_name test.rockon.me;
rewrite ^/Profiles/(.*)/default.aspx http://$1/test.rockon.me/Profiles/default.aspx permanent;
}
The other option using proxy_pass can be,
server{
server_name test.rockon.me;
location / {
rewrite /Profiles/(.*)/(.*) /Profiles/$1/$2 break;
proxy_pass http://192.168.6.190;
}
}
Hope it helps. :)