Nginx dynamic proxy_pass with variable location and relative url - nginx

I used this Nginx configuration and everything went well.
server {
listen 80;
server_name 127.0.0.1;
ssl_client_certificate /etc/ssl/certs/server.crt;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options "nosniff";
location ^~ /api/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /js/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /services/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /payeewebv2/ {
rewrite /(.*) /proxy/$1;
}
location /proxy/ {
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://proxieddomain.com/;
proxy_ssl_server_name on;
proxy_set_header host $proxy_host;
}
}
Now I need to proxy to be determined by a COOKIE. I have updated the configuration and it looks like this:
server {
listen 80;
server_name 127.0.0.1;
ssl_client_certificate /etc/ssl/certs/server.crt;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options "nosniff";
location ^~ /api/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /js/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /services/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /payeewebv2/ {
rewrite /(.*) /proxy/$1;
}
location /proxy/ {
resolver 127.0.0.11;
set $proxy "to_be_replaced";
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set_by_lua_block $proxy {
return "https://proxieddomain.com/"
}
proxy_pass $proxy$request_uri;
proxy_ssl_server_name on;
proxy_set_header proxy $proxy$request_uri;
proxy_set_header host $proxy_host;
}
}
}
This is the changed part:
set_by_lua_block $proxy {
return "https://proxieddomain.com/"
}
proxy_pass $proxy$request_uri;
I can visit http://localhost/varicent/ and it proxies to https://proxieddomain.com/
But when its javascript requests /api/something etc. it returns content from $proxy (https://proxieddomain.com/) and not from $proxy/api/something (https://proxieddomain.com/api/something).
Do you know why the first non-dynamic solution works without problems?
What should i change to make it work it like before?
Thx

The problem has been in really the domain.
I looked it up through nslookup and changed configuration to use canonical name which is different from the https://proxieddommain.com.
Thank you #IvanShatsky for your tip.

Related

Nginx - location block misconfigured?

I have a location block inside of my sites-enabled example.conf that should be routing /testing to a 503 error html page but instead for some reason its hitting my app instead of nginx
[2020-06-30T20:36:13.821768 #6059] FATAL -- : [fc9cb972-f314-4a87-89d9-8334521767b3] ActionController::RoutingError (No route matches [GET] "/testing"):
that is a log line from my actual rails app - why is it even getting this far vs nginx routing to where I thought I told it to???
my nginx .conf
server { listen 443 ssl;
server_name status.* www.status.*;
# SSL
ssl_certificate_key /etc/nginx/ssl/server_example.com.key;
# logging
access_log /var/log/nginx/status.access.log;
error_log /var/log/nginx/status.error.log;
# security
include security.conf;
# reverse proxy
location / {
if (-f /opt/staytus/staytus/maint.on) {
return 503;
}
port_in_redirect off;
proxy_pass http://example.com:8787/;
}
error_page 503 #maintenance;
location #maintenance {
root /usr/share/nginx/html
rewrite ^(.*)$ /Performing-Maintenace.html;
}
location = /testing/ {
return 500;
}
}
server {
listen 80;
server_name www.status.* status.* 11.22.123.456;
root /opt/staytus/staytus/public;
client_max_body_size 50M;
# SSL
ssl_certificate_key /etc/nginx/ssl/example.com.key;
port_in_redirect off;
return 301 https://example.com$request_uri;
location #puma {
proxy_intercept_errors on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://example.com:8787;
}
}

How to rewrite the URL using nginx

I have a URL as
https://test.rockon.me/Profiles/XYZ-ABC-PQRS/default.aspx
now using nginx i have to write rules for creating a subdomain which can make the URL as https://XYZ-ABC-PQRS/test.rockon.me/Profiles/default.aspx here XYZ-ABC-PQRS is the username of some user.
server
{
access_log /var/log/nginx/subcalls.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Access-Control-Allow-Origin *;
listen 80;
server_name ~^(?<subdomain>.+)\nithinveer\.com$;
location /
{
proxy_pass http://192.168.6.190/Profiles/$subdomain$request_uri/;
}
Yours not working, probably because you expect $request_uri = /default.aspx which is not, it is actually, everything after subdomain i.e., /Profiles/user/default.aspx
Try this,
server {
server_name test.rockon.me;
rewrite ^/Profiles/(.*)/default.aspx http://$1/test.rockon.me/Profiles/default.aspx permanent;
}
The other option using proxy_pass can be,
server{
server_name test.rockon.me;
location / {
rewrite /Profiles/(.*)/(.*) /Profiles/$1/$2 break;
proxy_pass http://192.168.6.190;
}
}
Hope it helps. :)

nginx proxy_pass static assets

I have the following nginx configuration
rewrite_log on;
server {
server_name greymarmita.no-ip.org;
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
server {
server_name greymarmita.no-ip.org;
listen 443 ssl;
error_log /var/log/nginx/main.error;
access_log /var/log/nginx/main.access;
ssl on;
ssl_certificate /etc/ssl/localcerts/autosigned.crt;
ssl_certificate_key /etc/ssl/localcerts/autosigned.key;
root /srv/www;
index index.html /index.html;
location /rasp/ {
proxy_pass http://192.168.2.6:81/;
}
location /cam/ {
proxy_pass http://192.168.2.4:8081;
}
location ^~ /router/ {
proxy_pass http://192.168.2.1/;
}
location /nas/ {
proxy_pass http://192.168.2.13/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
However when I try to access http://192.168.2.6/nas although the html files are served correctly, files under /web/ are not
GET https://greymarmita.no-ip.org/web/images/login.png 404 (Not Found)
The correct path for these assets should be https://greymarmita.no-ip.org/nas/web/images/login.png
You don't have a location to match that file, try adding this
location / {
try_files $uri $uri/;
}

Nginx - reverse proxy a Ghost blog with /subfolder redirect

I have a working nginx instance with the rules below. But I'm having difficulties pointing all the requests to domain.com/ghost
I tried modifying the location / {} block to location /ghost/ {} but with no success. I just get a 404 from the ghost app. Any suggestions?
server {
listen 80;
server_name domain.com;
root /home//user/ghost/;
index index.php;
# if ($http_host != "domain.com") {
# rewrite ^ http://domain.com$request_uri permanent;
# }
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:2368;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
proxy_pass http://127.0.0.1:2368;
}
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /\.ht {
deny all;
}
}
I'm using a regexp location directive for a similar proxy setup. This is the minified configuration file:
worker_processes 1;
pid /path/to/file.pid;
worker_priority 15;
events {
worker_connections 512;
accept_mutex on;
}
http {
server {
error_log /path/to/log/error.log error;
listen 127.0.0.1:9000;
server_name example.com;
location ~* (/ghost) {
expires epoch;
proxy_no_cache 1;
proxy_pass http://localhost:1234;
}
location / {
proxy_pass http://localhost:1234;
}
}
}
Have solved similar problem with other apps which have no support for subfolders. Both apps are built on one platform, so they both tries to work in /fx dir. I had to place one of them in to subfolder /gpms .
The idea is to redirect requests with referer from subfolder to destinations which links outside of subfolder - i just add subfolder to beginning of such uris. It is not ideal, but it works.
Here is my nginx config:
server {
listen 80;
server_name mydomain.com;
location / {
rewrite ^/$ /fx/;
proxy_pass http://127.0.0.1:56943/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300;
}
error_log /var/log/nginx/debug.log debug;
set $if_and_hack "";
if ( $http_referer ~ '^http://mydomain.com/gpms/.*$' ) {
set $if_and_hack "refgpms";
}
if ( $uri !~ '^/gpms/.*$' ) {
set $if_and_hack "${if_and_hack}_urinogpms";
}
if ( $if_and_hack = "refgpms_urinogpms" ) {
rewrite ^/(.*)$ http://$host/gpms/$1;
}
location /gpms/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_path /fx /;
proxy_pass http://127.0.0.1:12788/fx/;
proxy_redirect default;
}
}
External links will be broken, but it is not critical for me and i guess it may be corrected.
$if_and_hack is for overcome nginx limitation on nested conditions.
By the way i have got a cookies issue, because they was set with path, and hit browser bug with not sending cookies for a new path after redirect, so i just remove path from cookies.
Note full link form in rewrite - this form of rewrite immediately redirects browser to new page, you should not change it to just "/gpms/$1".
As alternative, i guess, it may be possible to use nginx module to inspect html content and modify links. I have not tried this. Or consider to use subdomains instead of subfolders.
Good news! As of version 0.4.0 Ghost now supports subdirectory installation. And there are already people who've figured this out and created tutorials.

nginx proxy and backbone pushstate

I'm trying to set up nginx to work with my backbonejs application and api server.
The API server is external and being routed through https://website.com/api/...
Essentially, I want any non-matched urls to be routed to /index.html for the backbone app to handle.
I've tried using try_files, but that just overrides my API. I've tried setting up another location where I check if the request is a GET and also if it doesn't match register or login or api, but that also doesn't work. Here's my server so far:
server {
listen 80; ssl off;
listen 443 ssl;
server_name app.io;
ssl_certificate /etc/nginx/conf/ssl.crt;
ssl_certificate_key /etc/nginx/conf/app.key;
root /home/ubuntu/app/public;
access_log /var/log/nginx/app.access.log;
error_log /var/log/nginx/app.error.log;
index index.html;
location / {
if ($scheme = "http") {
rewrite ^ https://$http_host$request_uri? permanent;
}
}
location ~ ^/(api)|(auth).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://app.aws.af.cm;
}
location ~ ^(/(register)|(login)).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# GETs only
limit_except POST {
proxy_pass https://app.aws.af.cm;
}
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
Currently, try_files overrides the API and just redirects to index.html. Any idea how I can get everything to play nicely with one another?
Here's what I want:
if / - /index.html
else if /api/*|/auth/* - external proxy
else if /login|/register - POST - external proxy
else /* - /#$1
Figured it out:
Add try_files #uri #rewrites; to Location / and also add the #rewrites function below.
server {
listen 80; ssl off;
listen 443 ssl;
server_name app.io;
ssl_certificate /opt/nginx/conf/ssl.crt;
ssl_certificate_key /opt/nginx/conf/app.key;
root /home/ubuntu/app/public;
access_log /var/log/nginx/app.access.log;
error_log /var/log/nginx/app.error.log;
index index.html;
location / {
if ($scheme = "http") {
rewrite ^ https://$http_host$request_uri? permanent;
}
try_files $uri #rewrites;
}
location ~ ^/(api)|(auth)|(logout)|(register)|(login).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://app.cm;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location #rewrites {
rewrite ^/.+ /#$uri redirect;
}
}

Resources