I'm facing a challenge and need some help, please.emphasized text
It's quite simple, I need to set a custom header as a response from an http request to an internal app I have running on the same instance.
I have two applications running on docker in one instance.
I need to set a custom header on the APP 1 and the value of this header is an api call to APP 2.
NGINX config APP 1:
server {
server_name example.com;
location / {
proxy_pass http://localhost:6987;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header user-code 0.0.0.0:6500?code=$geoip2Lite_data_city_name;
}
APP 2 it's a simple app that has an end-point that returns a value accordingly to the code query parameter.
This app is running on docker on the same instance.
What I'm looking for, is that all requests that comes to APP 1 have the header user-code with the actual response of the Api call.
Example:
If a user access my app from Lisbon an GET request to http://0.0.0.0:9982?code=Lisbon will be made the response of of this request is 236578552 thus the header user-code will be 236578552
Is that possible to be done in NGINX?
Thank you all in advance, Cheers!
Related
I have the standalone version of GeoServer 2.21.0 running behind an NGINX reverse proxy. Whenever I attempt to do anything with the web UI, Wicket is redirecting me to HTTP when I need it to send me to HTTPS.
The server does serve up map tiles correctly. It's just that the web UI is completely dysfunctional as it's running over HTTPS and GeoServer redirects everything to HTTP for some reason.
I also have the CSRF whitelist set but I'm having problems before CSRF comes into play. If I do so much as go to https://myserver/geoserver it redirects me to http://myserver/geoserver/web/?0 which doesn't work.
I have a GeoServer instance running behind NGINX. NGINX is configured like this:
location / {
proxy_pass http://127.0.0.1:9191/; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
I have the Proxy Base URL configured to https://myserver/geoserver and Use headers for Proxy URL is enabled.
What might be causing this? A Google search wasn't very helpful.
The answer was proxy_redirect ~*http://[^/]+(/.*)$ $1;
This rules tells NGINX to remove everything from the beginning http all the way up through the hostname in the redirect so that the redirect sends the user to the reverse proxy's (i.e. NGINX) host.
relevant answer
I have Wildfly 24 behind a nginx webserver, acting as a reverse proxy with Basic Authentication. When I access my services with Insomnia I can send a POST (and that works) but the problem is that request.getRemoteUser() returns NULL, instead of the authenticated user from Basic Authentication, and I need that value in my application.
This is my nginx configuration
location / {
auth_basic "Application auth";
auth_basic_user_file /etc/nginx/htpasswd;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://wildfly/;
include snippets/services.conf;
return 404;
}
where snippets/services.conf contains just a lot of rewrites for legacy reasons.
I have experimented with adding proxy_set_header Authorization $http_authorization; and proxy_pass_header Authorization; but that has so far not yielded any results. Any ideas what I am missing?
It is possible to add a request logger to Wildfly and thus log requests with headers directly into server.log.
Create a custom filter for Undertow, using the RequestDumpingHandler
Add this filter to the default server
Start the CLI (bin/jboss-cli.sh -c) and enter the following commands
/subsystem=undertow/configuration=filter/custom-filter=request-logger:add(module=io.undertow.core, class-name=io.undertow.server.handlers.RequestDumpingHandler)
/subsystem=undertow/server=default-server/host=default-host/filter-ref=request-logger:add()
reload
Remove the logger with these commands:
/subsystem=undertow/server=default-server/host=default-host/filter-ref=request-logger:remove
/subsystem=undertow/configuration=filter/custom-filter=request-logger:remove
reload
Hope you can help me, here is the issue I have:
Both of my frontend and backend servers runs on the same AWS EC2 instance. Because of this I have created a NGINX config like this:
server {
server_name NAME;
listen 80 default_server;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
}
location /api/ {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
}
}
So any request to the "http://public_ip/api/" routed to the FastAPI backend server while every other request to another endpoint routed to the frontend SPA.
This works quite good mostly. However there is an issue if I try to access FastAPI "/api/docs" or "/api/redoc" routes. When I call the "/api/docs" endpoint for instance, there is a request to the "http://public_ip/openapi.json" address. And this isn't an endpoint starting with "/api" obviously. So NGINX blocks it and raises a bad request.
https://fastapi.tiangolo.com/advanced/behind-a-proxy/#about-proxies-with-a-stripped-path-prefix
I found this guide but it seems like this isn't related to my problem at all. At least I understand it that way.
Any help is appreciated. Thanks in advance.
Passing 'openapi_url' argument to the FastAPI() seems like good solution. Passed openapi_url= '/api/openapi.json' and it's fixed for both docs and redoc. Any other/better solution to handle all redirects that may occur is appreciated.
api = FastAPI(title="API_NAME",
description="API_DESC",
version="0.2.0",
docs_url='/api/docs',
redoc_url='/api/redoc',
openapi_url='/api/openapi.json')
I have an application running in Kubernetes with the following topology:
Some-ingress-controller--> nginx reverse proxy -->dynamically generated services.
I have set the NGINX reverse proxy with the following test configuration
location /mysite1/ {
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_pass http://myservice1.default.svc:9000/;
}
So far everything works fine - when I go to my website http://example.com/mysite1/ I see what I expect from the myservice1 application hosted at http://myservice1.default.svc:9000/. However, the application myservice1 issues requests to various internal (internal meaning they are part of the same container) resources on /get_resourceX. When the myservice1 application tries to access these resources they will be accessed at http://example.com/get_resourceX/ and not at http://example.com/mysite1/get_resourceX as they should - and that is my problem.
What could work is to simply reverse proxy all the relevant resource names as well. However, then I would need to do the same for http://example.com/mysite2, http://example.com/mysite3 etc. which is impractical since these are generated dynamically.
Another possible solution is to check the http Referrer header and see whether it originates from mysite1 - but that seems awfully hackish.
How can I easily have myservice1 requests issued to /get_resourceX served by itself? Is there a generic way to set the root path for the myservice1 application to myservice1?
Building a webapp behind a reverse proxy/load balancer, I need to get the correct original URL of the request (pre load balancer rewrite).
I have used getReference() (in the ServerResource) to add a self reference in the HATEAOS sense. However the doc says that the getReference() can be manipulated by the routing, and currently it does not include the correct scheme (http, instead of https - the load balancer terminates the https).
Here are the NGINX configs with regards to the headers forwarded.
location /api {
proxy_pass http://test-service;
proxy_pass_header X-Host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X_FORWARDED_PROTO $scheme;
}
Is the reverse proxy config incorrect, or should I use the getOriginalReference() method. Is there some documentation that explains how the "original" reference is constructed, which fields are used behind a revers proxy.
I think that the support of the X-Forwarded-For header must be explicitly enabled in Restlet due to potential security issues.
Here is the way to enable this feature as the server connector level:
Component c = new Component();
Server server = c.getServers().add(Protocol.HTTP, 8182);
server.getContext().getParameters().add("useForwardedForHeader", "true");
c.start();
See this page for more details: http://restlet.com/technical-resources/restlet-framework/guide/2.3/core/base/connectors.
Once done, the corresponding hints are available in the ClientInfo object:
List<String> forwardedAddresses
= request.getClientInfo().getForwardedAddresses();
See this page for the mapping between headers and Restlet API: http://restlet.com/technical-resources/restlet-framework/guide/2.2/core/http-headers-mapping.
Hope this helps you,
Thierry