NGINX - passing HTTPS to HTTP proxy - nginx

I'm trying to find an solution for following problem:
I have an backend working on http://localhost:8080/api.
I want to expose this backend via NGINX.
The backend does not support HTTP but I need to pass the link with HTTPS to OAuth working on it.
So I have two solutions:
Have HTTPS server in NGINX and proxy for location to /api
Redirect from HTTPS URL to HTTP.
Unfortunately, noone of these is working.
I tried
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
location /api {
proxy_pass http://localhost:8080/api;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include /etc/nginx/snippets/self-signed.conf;
include /etc/nginx/snippets/ssl-params.conf;
server_name example.com;
return 301 http://$server_name$request_uri;
}
and
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name 149.156.43.57/p22;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location /api {
proxy_pass http://localhost:8080/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}

Related

Why kartoza/geoserver can't let me loggin in?

I have kartoza/geoserver that I start with this docker-compose:
version: "3.9"
services:
geoserver:
image: kartoza/geoserver
environment:
- GEOSERVER_ADMIN_USER
- GEOSERVER_ADMIN_PASSWORD
- GEOSERVER_CSRF_DISABLED=true
- JAVA_OPTS
#- PROXY_BASE_URL
running behind Nginx with these configurations:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name geos.mydomain.com;
ssl_certificate /etc/nginx/ssl/cert/geoserver/geoserver.crt;
ssl_certificate_key /etc/nginx/ssl/cert/geoserver/geoserver.rsa;
location /geoserver/ {
proxy_pass http://geoserver:8080/geoserver/;
proxy_pass_header Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I can see the geoserver page:
But when I try to login it fails:
Why? How can I solve it?
As mazano said:
Looks like you are running with HTTPS so you need to set the following env variables
HTTP_PROXY_NAME=foo.org HTTP_SCHEME=https
after setting these variables everything works fine!

How can i access my webpage with a subfolder path with nginx

This is my Nginx config
server {
server_name subdomain.mydomain.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/subdomain.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.mydomain.com/privkey.pem; # managed by Certbot
index index.html index.htm;
location / {
proxy_pass http://localhost:3000/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
When I type subdomain.mydomain.com everything works as expected and i can see grafana (which is hosted on that server)
What I want is to type in subdomain.mydomain.com/mysite and access the website, that is hosted in /var/www/html
What do I need to alter in my config to archive that?
Thanks

Nginx - Default server catches all - why?

I have got 2 different URLs that are correctly redirected by Proxy_Pass.
However as soon as I add the default_server (first server below), my 2 URLs are not redirected anymore. They fall into the catch all.
Why is that? I don't understand what is wrong in the default configuration. Thanks for your help!
# default server for this IP
server{
listen xx.xx.xx.xx:8443 default_server;
server_name _;
return 404;
}
server{
listen xx.xx.xx.xx:8443;
server_name *.staging1.yyyy.com staging1.yyyy.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/yyyy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yyyy.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:6981;
proxy_set_header Host $host;
}
}
server{
listen xx.xx.xx.xx:8443;
server_name *.staging2.yyyy.com .staging2.yyyy.com
ssl on;
ssl_certificate /etc/letsencrypt/live/yyyy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yyyy.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:6982;
proxy_set_header Host $host;
}
}

How do i get nginx to serve assets adjacent to index.html when using proxy_pass?

How do i get nginx to serve assets adjacent to index.html when using proxy_pass?
Context: I have a github repository that serves up content using github pages. When serving from a repository, GHP requires a url path that matches the repository name
rightisleft.github.io/repo_name/
Currently index.html and all subdirectories are working as expected. Loading assets from (css/*, images/*) return 200s.
However, assets like robots.txt and other files in the repository root return 404s.
Here's my domain .conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
location / {
proxy_set_header Host rightisleft.github.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://rightisleft.github.io/redacted/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name www.redacted.com,redacted.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://www.redacted.com$request_uri;
}
}
# subdomains redirect
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
return 301 https://www.redacted.com$request_uri;
}
EDIT
Nginx is used for certificate management to tie together a few different micro services.
Try this as it might work (if your css/assets are in github repo pages) and you do not need to setup many redirect unless you have a lot of domains/subdomains and I have also set redacted.com to server_name:
server {
listen 80 http2;
listen [::]:80 http2;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name redacted.com www.redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://rightisleft.github.io/redacted$request_uri;
proxy_buffering off;
proxy_redirect default; #or off
proxy_intercept_errors on;
# allow GitHub to pass caching headers instead of using your own
expires off;
}
}

Nginx reverse proxy for grafana using dashboard as subpath

I would like to use dashboard as my nginx location for my grafana install.
The problems is grafana uses dashboard in some of it url's like https://example.com/grafana/dashboard/new?orgId=1, where I would like it to be https://example.com/dashboard/dashboard/new?orgId=1 and I think my nginx location is rewriting to https://example.com/dashboard/new?orgId=1.
When I have it setup to use grafana as the subpath it all work as expected;
grafana.ini:
[server]
http_addr = 127.0.0.1
domain = example.com
root_url = %(protocol)s://%(domain)s/grafana/
nginx config:
# Upstream Servers
upstream grafana_server {
server localhost:3000;
}
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
root /var/www/example.com/html;
index index.html index.htm;
server_name example.com www.example.com;
location /grafana/ {
proxy_pass http://grafana_server/;
proxy_set_header Host $host;
}
}
But changing it to dashboard and navigating to https://example.com/dashboard/dashboard/new?orgId=1 results in the url been rewritten to https://example.com/dashboard/new?orgId=1
grafana.ini:
[server]
http_addr = 127.0.0.1
domain = example.com
root_url = %(protocol)s://%(domain)s/dashboard/
nginx config:
# Upstream Servers
upstream grafana_server {
server localhost:3000;
}
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
root /var/www/example.com/html;
index index.html index.htm;
server_name example.com www.example.com;
location /dashboard/ {
proxy_pass http://grafana_server/;
proxy_set_header Host $host;
}
}
so I have tried a to do a rewrite in the nginx location but can't get it to work as required (really have no clue what to do here)
location ~ (\/dashboard\/) {
proxy_pass http://grafana_server$1;
proxy_set_header Host $host;
}
location ~ /dashboard/ {
rewrite ^ /dashboard/$1;
proxy_pass http://grafana_server;
proxy_set_header Host $host;
}
Any help would be much appreciated.
Regards,
I know this is a bit late - but I stumbled upon the same issue and thought I'd going to share in case somebody else hits this thread:
This isn't an issue with nginx, but with grafana itself.
I could not solve it any other way but renaming the last part of the root_url in something different than /dashboard

Resources