English is not my native language, so I use a translator. My questions may be a little difficult to understand, I hope you can understand.
I want to access B.com, but B.com is blocked and I can't access it directly. So I set up a reverse proxy server.
A.com points to my reverse proxy server, while B.com points to the source server.
My reverse proxy server is configured like this.
server
{
listen 80;
listen 443 ssl http2;
server_name A.com;
location /
{
proxy_pass https://B.com;
proxy_set_header Host B.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
*other configurations*
}
However, some of the resources on the page are from www.B.com and are also blocked. So I added the following configuration.
sub_filter "B.com" "A.com";
sub_filter_types *;
sub_filter_once off;
proxy_set_header Accept-Encoding "";
This successfully replaced most of the content, but some of it did not. What should I do? Please help me ;(
Related
I use nginx for reverse proxy with domain name. I've some application publish on IIS and i want to proxy different location name for each application.
For example;
Domain name on nginx :
example.com.tr
application end points for app:
1.1.1.1:10
1.1.1.2:10
upstream for app in nginx.conf:
upstream app_1 {
least_conn;
server 1.1.1.1:10;
server 1.1.1.2:10;
}
server {
listen 443 ssl;
server_name example.com.tr;
proxy_set_header X-Forwarded-Port 443;
ssl_certificate /etc/cert.crt;
ssl_certificate_key /etc/cert.key;
location /app_1/ {
proxy_pass http://app_1/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-REAL-SCHEME $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /etc/nginx/log/access.log;
error_log /etc/nginx/log/error.log;
}
}
When I try to access example.com.tr/app_1/ , I can access application but not all data.
I inspected this site and so many requests of application were failed.
All requests sended to example.com.tr/uri instead of example.com.tr/app_1/uri. How can I fix this ?
thanks,
You need a transparent path proxy setup. Means NGINX should use the requested URI without removing the matched location from it.
proxy_pass http://app_1;
Remove the tailing slash to tell NGINX not to do so. Using an upstream definition is great but make sure you apply keepalive.
I need your help for a strange problem :)
I have Geoserver on my server :
it is a standalone daemon (not a WAR deployed in Tomcat)
it is listening on 127.0.0.1:8280
I have a PROXY_BASE_URL configured like this: https://geoserver.example.com/geoserver
the option "Use headers for Proxy URL" is checked at this moment but I tried by unchecking it
I have a Nginx in front of Geoserver to manage the SSL offloading.
The vhost is :
upstream backend-geoserver {
server 127.0.0.1:8280 weight=10 max_fails=3 fail_timeout=15s;
}
server {
server_name geoserver.example.com;
listen 443 ssl;
include snippets/ssl.conf;
access_log /var/log/nginx/access-geoserver.log;
error_log /var/log/nginx/error-geoserver.log;
location / {
rewrite ^ /geoserver;
}
location /geoserver {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://backend-geoserver/geoserver;
}
}
When I reach my server on https://geoserver.example.com it works: I see the home page of Geoserver
Important detail : the port 80 is closed and I can't open it myself: the Nginx server can only answer on 443
When I try to login, I have a connection timeout after X seconds and, at this moment, the URL in my browser (Firefox) is HTTP://geoserver.example.com/geoserver/ <--- please note the protocol is HTTP not HTTPS
If I replace http:// with https:// and press Enter: I reach the page
If I click on a link in Geoserver, same behavior: it switches on http:// and I have to force the URL manually.
Is anyone has an idea please ?!
Thank you very much :)
You really should have to get that port 80 open and configure nginx to redirect unsecure traffic over to https://
I have a godaddy A record pointing to my Digital Ocean IP address.
Here's the nginx configuration.
server {
listen 80 default_server;
server_name domain.com www.domain.com;
location / {
proxy_pass 'http://127.0.0.1:3004';
}
}
When I type in the domain.com it goes to the server, but the address bar shows the IP address.
How can it show the domain name?
It's most probably a redirection from proxy_pass. I'm not sure what you are running at backend but you could try to pass hostname.
proxy_set_header Host $host;
Add this line after proxy_pass to tell backend which domain is in the request headers.
The redirection to the IP address is most likely done by your backend in the proxy_pass.
You could try to add some header to help the backend understand the context of the request.
I would recommend as a starter the following configuration :
server {
listen 80 default_server;
server_name domain.com www.domain.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
location / {
proxy_pass 'http://127.0.0.1:3004';
}
}
If using Node.JS, you might need the following line as well :
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
Please also check the configuration of your backend. You may need to setup the access URL, context path, etc.
I want to use reverse proxy with nginx to redirect/translate IP and port to some other IP and port. I was able to do that using the following code snippet inside http block of nginx.conf:
server {
listen 80;
server_name 13.88.1.1;
location / {
proxy_pass http://13.68.1.1:8888/;
index index.html index.htm;
} # end location
} # end server
Now the problem is that this is only usable for http requests. I have a scenario where I need to run an executable like 'uw.exe 13.88.1.1:80'. This is getting translated to 'uw.exe http://13.68.1.1:8888' but I want it to get translated to 'uw.exe 13.68.1.1:8888'. That is without the http because my app won't work with http. Does anybody know any simple solution to do that, preferably with nginx itself?
Update: This is no longer needed and cannot test it anymore. Thanks guys for chiming in. :)
Try this nginx configuration:
server {
listen 80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection '';
proxy_redirect off;
proxy_pass http://13.88.1.1:8888/;
}
}
We have a situation where we need to serve the login page from server_A (NGINX), get the user authenticated from here and once authenticated route the request ta a page which resides in a different server i.e. Server_B. All subsequent requests will come to Server_A and it will first check the user and session validity and then route to Server_B. This way the session and security is maintained by server A and rest of the work is done by server B.
My question here is that can we acheive this from NGINX server ?
My question here is that can we acheive this from NGINX server ?
Yes, certainly.
How do you do that?
Taking for an example a modified Tomcat behind NGINX application config I have handy:
server {
listen 80;
server_name www.example.com;
location /{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://servera.example.com:8080/app;
client_max_body_size 10M;
}
location /login{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://serverb.example.com:8080/login;
client_max_body_size 10M;
}
}
This will both proxy requests to the TomCat server, and serve them like any HTTP server.
Same can be said for any application you may want to proxy to, just modify the proxy_pass line of the above config accordingly!