nginx reroute the passthrough request - nginx

On my server two types of services are running. some services are normal and need ssl certificate but one service should use pass through. I read the document and what I understood is that I need to create a stream on a new port. if I am using 443 for ssl then I can't use it for passthrough.so created a pass through stream on a new port 8443. Every thing works fine but for passthrough service I need to enter the port along with url e.g https://production-server:8443. I want it like
https://production-server:8443 -> https://production-server
so my question is can we reroute a request in nginx ? here is my configuration
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream unsecure{
server prod-exec:8040 ;
keepalive 64;
}
upstream secure {
server prod-exec:9001
keepalive 64;
}
server {
listen 80;
server_name ServerA;
access_log C:/nginx-1.20.1/logs/access.log upstreamlog;
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
proxy_pass http://unsecure/services;
}
location /services/countingservice {
proxy_pass http://unsecure;
}
}
location /services/balancingservice {
proxy_pass http://unsecure;
}
}
server {
listen 443 ssl;
server_name server-A:443;
access_log C:/software/nginx-1.20.1/logs/access.log upstreamlog;
ssl_certificate C:\\nginx-1.20.1\\ssl\\certificate.crt;
ssl_certificate_key C:\\nginx-1.20.1\\ssl\\certificate_key.key;
error_page 401 /test_401.html;
location = /test_401.html {
root /C:/nginx-1.20.1/html;
internal;
}
location / {
proxy_pass https://secure/services;
}
location /services/countingservice {
proxy_pass http://secure;
}
}
location /services/balancingservice {
proxy_pass http://secure;
}
}
stream {
access_log C:/nginx-1.20.1/logs/access.log main;
upstream passthrough_test {
server prod-exec:9001 max_fails=2 fail_timeout=180s ;
# Definition of Nginx server (URL + Port) for Application 1
server {
listen server A: 84443;
listen 84443;
proxy_pass passthrough_test;
proxy_next_upstream on;
}
}
I don't want to add port with URL for pass through. so if I config the passthrough on 443 can nginx filter the request by recognizing it's pattern?
or is there any other way?
Any help would be appreciated. Thanks in Advance.

Related

Nginx: How to redirect each http:port requests to HTTPS:port in the below config?

Here is my nginx.conf, works fine for https.
If someone types HTTP://dev.local.org:3002, how do I redirect to HTTPS://dev.local.org:3002 ?
This nginx is inside a docker-compose container.
worker_processes 1;
events {
worker_connections 1024;
}
#set $my_server_name _ #TODO global variable does not work?
http {
#DOCKER DNS - using this to resolve docker-compose hosts like 'appsearch', 'kibana' etc
resolver 127.0.0.11 ipv6=off;
#include mime.types;
default_type application/octet-stream;
#TO read external configuration
include sites-enabled/*.conf;
server { #DEFAULT SERVER
listen 443 ssl; # Security change
server_name _;
include common.conf;
include /etc/nginx/ssl.conf;
location / {
root html;
index index.html index.htm;
include common_location.conf;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# location /appsearch { #TODO this /appsearch did not forward. find how to do it.
# rewrite ^/appsearch(.*) /$1 break;
# resolver 127.0.0.11 valid=30s ;
# set $backend http://appsearch:3002;
# proxy_pass $backend; # Use variable To avoid upstream host not found error.
# }
}#server80
server {
listen 9200 ssl;
server_name _;
include common.conf;
include /etc/nginx/ssl.conf;
location / {
set $backend http://elasticsearch:9200;
proxy_pass $backend; # Use variable To avoid upstream host not found error.
include common_location.conf;
}
}#server
server {
listen 3002 ssl;
#server_name dev.local.org; #TODO yuck, bad to add server name!
server_name _;
include common.conf;
include /etc/nginx/ssl.conf;
location / {
set $backend http://appsearch:3002;
proxy_pass $backend; # Use variable To avoid upstream host not found error.
include common_location.conf;
}
}#server
server {
listen 5601;
server_name _;
include common.conf;
include /etc/nginx/ssl.conf;
location / {
set $backend http://kibana:5601;
proxy_pass $backend; # Use variable To avoid upstream host not found error.
include common_location.conf;
}
}#server
}
Use the 497 HTTP error to redirect: (source: https://meabed.com/http-497-status-code/)
In your conf you would add something like this:
listen 1234 ssl;
server_name your.site.tld;
ssl on;
error_page 497 https://$host:1234$request_uri;
}```

why nginx proxy_pass upstream would not work but proxy_pass https url works

1.conf
server {
listen 7070;
server_name localhost;
location / {
proxy_redirect off;
proxy_pass https://baidu;
}
}
upstream baidu {
server www.baidu.com;
}
2.conf
server {
listen 7070;
server_name localhost;
location / {
proxy_redirect off;
proxy_pass https://www.baidu.com;
}
}
why 2.conf works, but 1.conf can't proxy pass to https://baidu.com ?
it gets 502 Bad Gateway errors
If you are using SSL, you have to add port 443 to your server in your upstream directive:
https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/
server {
listen 7070;
server_name localhost;
location / {
proxy_redirect off;
proxy_pass https://baidu;
}
}
upstream baidu {
server www.baidu.com:443;
}

nginx status page configuration

As a test, I enabled the nginx status page as per these articles
server {
listen 80;
#listen on any host name
server_name _;
location /status {
stub_status on;
access_log off;
}
access_log /var/log/nginx/$host-access.log;
error_log /var/log/nginx/monitor-error.log;
}
I'm normally running a wordpress site, and redirecting any http request to an https request:
server {
server_name _;
listen 80;
return 301 https://$host$request_uri;
}
I have several https server blocks, one for each dns which has it's own server cert.
Is there some way of combining the two server blocks above, so that normally an http request will redirect to https, but if the /status url is used, it will activate the nginx status page?
You need do something like below
server {
server_name _;
listen 80;
location = /status {
stub_status on;
access_log off;
}
location / {
return 301 https://$host$request_uri;
}
access_log /var/log/nginx/$host-access.log;
error_log /var/log/nginx/monitor-error.log;
}
So in case of /status no redirection will happen. In rest cases it will just do the https redirect

How do you configure NGINX so that it handles 50x errors from upstream server B that upstream server A cannot?

I have recently started learning NGINX and encountered some problems. I am still getting and error 500, even if I have configured NGINX (1.4.6) with an error_page directive. The config works ( I get the woops.html as expected ) if I try not to send error 500 from the second upstream server. Here's my configuration file:
server {
listen 80 default_server;
root /srv/www;
index index.html index.htm;
server_name test.dev;
location / {
proxy_pass http://localhost:8080;
proxy_intercept_errors on;
error_page 500 #retry;
}
location #retry {
proxy_pass http://localhost:8081;
proxy_intercept_errors on;
error_page 500 /woops.html;
}
location = /woops.html {
root /srv/www;
}
}
server {
listen 8080;
listen localhost:8080;
server_name localhost;
root /srv/www;
location / {
return 500;
}
}
server {
listen 8081;
listen localhost:8081;
server_name localhost;
root /srv/www/app;
location / {
return 500;
}
}

Nginx upstream with http & https

I have some problem about nginx with http and https bypass, In upstream block
upstream block:
upstream bypass{
server 192.168.99.1:80; #http
server 192.168.99.2:443 backup; #https
}
When http 80 have a problem (server down, etc), I want to redirect to https 443,
This block does not work for me.
location block:
location / {
proxy_pass https://bypass;
proxy_redirect off;
}
How can I resolve this?
This works well: Create server config section for each backend on different port and forward to both ports internally without ssl.
In this example, you can see how the first server acts as main server with cached content (available via https) and if cache content is not available, use the second server (via http).
(using nginx 1.19.6, just for reference)
upstream backends {
server 127.0.0.1:8082;
server 127.0.0.1:8081 backup;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# ssl certs etc here
location / {
proxy_pass http://backends;
proxy_next_upstream error timeout http_404 http_403;
}
access_log /var/log/nginx/access.log upstreamlog;
}
server {
listen 8081;
location / {
add_header X-Cache MISS;
proxy_pass http://server1;
proxy_set_header Host server1;
}
}
server {
listen 8082;
location / {
add_header X-Cache HIT;
proxy_pass https://server2;
proxy_set_header Host server2;
}
}
Taking a shot in the dark. Assuming you were having issues mixing HTTP and HTTPS in the upstream, you could try this in the location block:
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass;
proxy_redirect off;
}
}
And if that didn't work, split the bypass upstream block into bypass1 and bypass2 and reference them accordingly in their corresponding location blocks:
upstream bypass1{
server 192.168.99.1:80; #http
}
upstream bypass2{
server 192.168.99.2:443; #https
}
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass1;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass2;
proxy_redirect off;
}
}
A third option would be reference them both on port 80, and ensure the second upstream server redirects HTTP requests to HTTPS.

Resources