There is a request to my server where I redirect it to another service
I noticed that my headers are not redirected with request.
Shouldn't they be automatically redirected along with the request?
Configuration example:
location / {
rewrite (/v2\/partner\/products/.*)$ https://example.app$1 redirect;
rewrite_log on;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://abm_module;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
I searched for information on the Internet and documentation and found nothing. I will be grateful for help.
Related
I recently successfully deployed a ShinyProxy + app using SSL with nginx and certbot in the following manner:
Dockerize ShinyProxy + app and launch on port 127.0.0.1:5001.
Create Nginx config and proxy_pass to 127.0.0.1:5001.
Secure using certbot.
This is the successful nginx.conf location section:
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 90s;
proxy_pass http://127.0.0.1:5001;
}
This nicely redirects me to https://app.myweb.com/login as I have set up a CNAME. Important to note, {ShinyProxy} redirects to the login at the end automatically. On successful login the url redirects to https://app.myweb.com/app/website.
What I really struggle with is the following: adding a location block or as I understand it, include my upstream block into my downstream (correct my terms if I am wrong). So, have my url go from https://app.myweb.com/login to https://app.myweb.com/dashboard/login using the following configuration in nginx:
location /dashboard/ { # THIS IS WHAT I WANT TO ADD
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 90s;
proxy_pass http://127.0.0.1:5001;
}
All that happens is, if I type https://app.myweb.com/dashboard/ it doesn't go to https://app.myweb.com/dashboard/login as I would expect, but redirects back to https://app.myweb.com/login which 404's.
Any advice on what I am doing wrong?
I configured my Nginx to locate /doc to one of my local servers, just like this:
location /doc {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
}
Then my server on 8000 port will make a redirect to /message/html
This is the problem...
The correct URL should be /doc/message/html
How can I config my Nginx to redirect the URL of /redirected_by_port_8000_server to /doc/redirected_by_port_8000_server in the location /doc block
You have to rewrite the URI. In nginx you will be able to pass /doc at the beginning of the URI by adding / at the end of the proxy_pass statement. It looks like below. Such that http://whatever/doc -> http://127.0.0.1:8000/doc
proxy_pass http://127.0.0.1:8000/;
However, the next proxy should rewrite by itself the /doc path and add it at its beginning. In nginx it would look like.
location /doc {
rewrite ^/(.*) /$1/message/html/ break;
proxy_pass http://127.0.0.1:8000/;
}
Many thanks to #Richard Smith.
I used curl -I checked the redirect location and changed my Nginx config file below:
location /doc {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8000;
proxy_redirect https://$http_host https://$http_host/doc; #this will rewrite the redirect Location header
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
}
I have a website running at https://mywebsite.com. I also install another application (Minio) on the same server running at port 9000.
NOTE: When access Minio via myServerIP:9000, it automatically goes to myServerIP:9000/minio/. If I haven't logged in yet, then I will be redirected to myServerIP:9000/minio/login. If I go to myServerIP:9000/minio/anyRandomPath, I will also be redirected to the login page or another default page (if I have already logged in)
Now I want to access Minio via address https://mywebsite.com/files, so I setup my nginx as below
location /files/ {
proxy_pass http://127.0.0.1:9000/minio/;
proxy_set_header URI_REQUEST_ORIGIN $request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
}
This doesn't work (it shows a blank page with title "Minio login"). When I check the browser's console, it says there's an error message Uncaught SyntaxError: Unexpected token < with a link to https://mywebsite.com/minio/index_bundle_xxx.js. So I try adding another location block in my nginx.conf:
location /minio/ {
proxy_pass http://127.0.0.1:9000/minio/;
proxy_set_header URI_REQUEST_ORIGIN $request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
After that, it works as expected. But the problem is that now I can access Minio via both /minio and /files
Now how can I block direct access to Minio via https://mywebsite.com/minio?
I tried some workaround like adding below location blocks:
location =/minio/ {
return 404;
}
location =/minio/login/ {
return 404;
}
But this is clearly a bad way and also not efficient, since I can just go to mywebsite.com/minio/typeAnythingHere to be redirected to the login page.
I've been trying to do rewrite in Nginx:
domain.com/one/two -> onetwo.domain.com. The URL that user sees should not be changed in address bar.
This code does not work correctly - it changes URL in address bar
rewrite ^/one/two/ http://onetwo.domain.com/ last;
What solution must be there?
Thanks.
This isn't possible, because you're changing hostnames. Browser security is tied to it, as is webserver configuration.
You can rewrite URLs within same hostname, but changing hostnames requires redirect or using a frame.
Use proxy pass:
location /one/two/ {
proxy_pass http://onetwo.domain.com/;
include proxy.conf;
}
Where proxy.conf is where you keep your proxy settings, stuff like:
proxy_ignore_client_abort off;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 120;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REQUEST_SCHEME $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header 'SERVER_PORT' $server_port;
I have two apps running on host1:7000 and host2:7000. I am fronting the two hosts by an nginx reverse proxy, where I want mydomain.com/admin to point to host1:7000/portal and mydomain.com/user to host2:7000/portal.
I have written the following config
listen 80;
server_name mydomain.com *.mydomain.com;
location ~ ^/admin/(.*)$ {
proxy_pass $scheme://<IP-ADDRESS>/$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
I can get to mydomain.com/admin to be redirected to host1:7000/portal but when the app redirects from host1:7000/portal on to host1:7000/login via relative path, in the browser I see mydomain.com/login. What do I need to do to get the second redirect go mydomain/admin/login?
Why do people use regexps for no reason and have all kind of problems with it?…
location /admin/ {
proxy_pass http://host1:7000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
This will automatically strip /admin/ from proxied request and prepend it in Location header (which is used in redirect).
See proxy_pass and proxy_redirect docs.