I have 3 apps that are located in 3 different sites:
auth (localhost:59500)
manage (localhost:59501)
files (localhost:59502)
Manage and files are accessed from a menu in auth
I can access them individually. However, I am unsure of how to set this up in nginx.
This is what I have currently in my nginx conf:
upstream auth {
server auth.web;
}
upstream manage {
server manage.web;
}
upstream files {
server files.web;
}
server {
listen 80;
server_name localhost;
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
location /{
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://auth/;
}
location /auth/{
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://auth/;
}
location /manage/{
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://manage/;
}
location /files/{
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://files/;
}
}
My nginx is configured to run on http://localhost:9190
Currently, when I run http://localhost:9190, I get to auth without any issue and am able to login.
However, if I try to access http://localhost:9190/manage/Home, I am able to load the page but all my css shows the error 404. If any error appears, it doesnt go back to http://localhost:9190/manage/Home. Instead, it kicks me back to http://localhost:9190/Home
EDIT:
I have tried this but my css and js scripts still aren't loading. However, I am able to navigate to the manage app
location ^~ /manage{
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://manage/manage;
}
location ^~ /manage/{
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://manage/manage/;
}
EDIT2:
I realized that the error css and js files had a Content-Type of text/html
The files that managed to load somehow had application/javascript or text/css
Not sure how to change that.
I managed to find out the answer. There were two changes that needed to happen.
In my webapp, I needed to set a Pathbase in my Startup
app.UsePathBase("/manage");
Then in Nginx,
I needed to set the name in the location like this:
location /Manage/{
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_pass http://manage_svr/Manage/;
}
Related
I'm in the unfortunate situation that I need to extend my react application with an iframe containing an external application.
My application is hosted by a nginx reverse proxy that handles /api and signalr communication.
Unfortunately it also handles the outbout iframe src url.
in this example my site is on the url https://example.com
The iframe src url is in this case "https://external-site.com/someapp/session?token=1234"
When i see the requests in the browser the url has changed to https://example.com/esternal-site.com/someapp/session?token=1234, which needless to say is not working out of the box.
I've been toying with the nginx configuration but has been unable to just pass the request through without modification.
The iframe/destination works as expected when running locally.
I've attempted with a few different configuations inspired by stackoverflow and medium etc. but they've all returned various error codes.
the server runs on port 80, but https is handled by ingress on azure.
This is what i have currently:
upstream bff_service {
server ${BFF_HOST}:${BFF_PORT};
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 75s;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header Set-Cookie "msal_client_id=${BFF_MSAL_CLIENT_ID};Path=/;Secure";
}
location /api {
proxy_read_timeout 300s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host ${BFF_HOST};
proxy_set_header X-NginX-Proxy true;
proxy_pass ${BFF_PROTOCOL}://bff_service;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
}
location ^~ /external-site.com {
add_header Content-Security-Policy "frame-src 'self' https://external-site.com";
proxy_pass https://external-site.com/$request_uri;
}
}
I've also tried adding the lines below to the location:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
I'm looking for a configuration that allows me to embed an iframe with an external location. Perhaps even avoid nginx proxying it at all?
Basically, I have the same problem as
Proxying site via nginx results in blank page and https://serverfault.com/questions/850923/nginx-proxy-wix-site-shows-only-blank-page-in-browser-or-not-found, however there are no "real" solutions provided and I still have the problem of a blank page
This is my location block
location /compliance {
proxy_set_header Accept-Encoding "";
sub_filter 'wixdomain.wixsite.com' '$host';
sub_filter_once off;
proxy_pass http://wixdomain.wixsite.com/compliance;
}
However, I still see the blank page, I tried multiple other things, such as
sub_filter_types text/html text/javascript application/x-javascript or adding proxy_pass_request_headers on; or adding proxy_set_header Host $host but none of them worked.
Does anyone have an idea why this is happening? no css is loaded, every js is loaded without error (200). I'm not sure what I can do anymore to fix this issue. Could this be related that I'm on localhost:{PORT} and wix somehow disables it anyway for localhost? Should I try it out with a domain or do you see something else what is already wrong here?
In my current company we have a purchase flow (wrote in PHP) to buy a product and landing pages built in wix. We use a proxy to all our landing pages are in the same domain that our purchase flow. Our nginx proxy configuration is the following.
server {
listen 443;
location / {
proxy_ssl_server_name on;
gzip off;
proxy_set_header Accept-Encoding "";
add_header Host mi-portal.wix.com;
proxy_pass_request_headers on;
proxy_http_version 1.1;
proxy_pass https://mi-portal.wix.com/;
}
// Location to use a backend as PHP
}
Adding onto Victor's answer, since it wasn't sufficient for us, as we have included a form on our landingpage.
To serve the wix content at OURDOMAIN.com/info, we used the following configuration:
server {
listen 443;
location ~ ^/info(\/.*)?$ {
resolver 8.8.8.8;
proxy_set_header Accept-Encoding "";
proxy_pass https://XYZ.wixsite.com/info$1;
sub_filter "XYZ.wixsite.com" "OURDOMAIN.com";
sub_filter_once off;
}
location ~ ^/_api(\/.*)?$ {
resolver 8.8.8.8;
proxy_pass https://XYZ.wixsite.com/_api$1;
}
# ...
}
We had to add a sub_filter and setup a proxy_pass back to the wix API.
I am using nginx as a single point of entry to my entire solution.
my goal is to send some url to be authenticated before continuing.
I have found a module named: ngx_http_auth_request_module which suits right in place to solve my problem.
http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
i am compiling my nginx like this: ./configure --with-http_auth_request_module
my code looks like this:
http {
server {
listen 8080 default_server;
server_name _;
location /api {
auth_request /auth;
proxy_pass http://localhost:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location = /auth {
proxy_pass http://localhost:8000/auth/user;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
}
}
my problem is that if my server returns and error, like 401, then a default page gets shown. what i want is to be able to return the json that was returned from my authentication service. this is useless without this. what is the point of showing just a generic 401 page? i want to return my proxied json response.
please help.
auth_request is just for authentication. This little hack should work for you
error_page 401 /auth;
After auth error it'll go to /auth location again, this time as ordinary request.
I have 2 tornado applications and I am trying to use nginx as a proxy for them, but I need those applications to be served in the same address but different locations (Access app1 with URL http://myserver/app1, and app2 with URL http://myserver/app2).
My nginx configuration file /etc/nginx/conf.d/myserver.conf:
upstream app1 {
server 127.0.0.1:8081;
server 127.0.0.1:8082;
}
upstream app2 {
server 127.0.0.1:9081;
server 127.0.0.1:9082;
}
server {
listen 80;
access_log /var/log/nginx/myserver.access.log;
error_log /var/log/nginx/myserver.error.log;
location app1/static {
root /path/to/app1/;
if ($query_string) {
expires max;
}
}
location app2/static {
root /path/to/app2/;
if ($query_string) {
expires max;
}
}
location /app1/ {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://app1/;
}
location /app2/ {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://app2/;
}
}
When I access, for instance, app1 via tornado it works fine:
Via tornado: http://myserver:8081/ redirects to login http://myserver:8081/auth/login. Good.
Via nginx: http://myserver/app1 redirects to http://myserver/auth/login (it should redirect to http://myserver/app1/auth/login).
What is the correct nginx configuration to make it work?
This is controlled by the proxy_redirects setting. You've turned it off, so when the tornado server redirects to /auth/login that gets passed through as-is. You need to either make the tornado server aware of its urls as seen by the outside world (i.e. include /app1/ in all the routes and redirects even internally) or turn on proxy_redirects to have nginx remap them. I recommend the former, since proxy_redirects only works for redirects and you'll usually run into similar issues in other places (urls for static content, for submission, etc).
I tried to make custom 404 page for tornado and want to deploy it with nginx but failed.
here is my domain.conf(included by nginx.conf)
server {
listen 80;
server_name vm.tuzii.me;
client_max_body_size 50M;
location ^~ /app/static/ {
root ~/dev_blog;
if ($query_string) {
expires max;
}
}
location = /favicon.ico {
rewrite (.*) /static/favicon.ico;
}
location = /robots.txt {
rewrite (.*) /static/robots.txt;
}
error_page 404 /404.html;
location /404.html {
root /home/scenk;
internal;
}
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://frontends;
}
}
But after reload nginx, nothing happen. It seems like tornado catch the 404error before nginx.
I have no idea to solve this problem.
PS. I just want to make 404error by nginx. But not rewrite 'write_error' in tornado source.
Environment: Ubtuntu 12.04 Tornado2.4.1 runsite with supervisor by Nginx 4 process.
I ran into the same problem and what you actually need is this set:
proxy_intercept_errors on;
From nginx proxy module documentation:
proxy_intercept_errors
Syntax: proxy_intercept_errors on | off
Default: off
Context: http
This directive decides if nginx will intercept responses with HTTP status codes of 400 and higher.
By default all responses will be sent as-is from the proxied server.
If you set this to on then nginx will intercept status codes that are explicitly handled by an error_page directive. Responses with status codes that do not match an error_page directive will be sent as-is from the proxied server.
Finailly solve this problem. Because
proxy_pass_header Server;
So the real TornadoServer is sent. To hide real server, simply change
proxy_pass_header User-Agent;
That's all.