Develop Reference

NGINX Reverse Proxy target dynamic host

I am using nginx plus and need to pass the host as header variable , if no value is passed in header the default host should be used. Below my nginx.conf, Can anybody help me with the config
http {
resolver 172.10.0.10 valid=10s ipv6=off;
upstream demo {
zone demoservers 64k;
server demo-server.com:443 resolve;
}
server {
listen 443 ssl;
location / {
proxy_pass https://demo-server.com;
proxy_ssl_server_name off;
}
}
server {
listen 8080;
location /api {
api write=off;
# directives limiting access to the API
}
location = /test.html {
root /usr/share/nginx/html;
}
# Redirect requests made to the pre-NGINX Plus API dashboard
location = /test1.html {
return 301 /test.html;
}
}
}

map $host $destination {
host1.com 192.168.1.1;
host2.com 192.168.1.2;
default 192.168.1.254;
}
Then you can use it in proxy_pass
location / {
proxy_pass https://$destination;
proxy_ssl_server_name off;
}

nginx reroute the passthrough request

On my server two types of services are running. some services are normal and need ssl certificate but one service should use pass through. I read the document and what I understood is that I need to create a stream on a new port. if I am using 443 for ssl then I can't use it for passthrough.so created a pass through stream on a new port 8443. Every thing works fine but for passthrough service I need to enter the port along with url e.g https://production-server:8443. I want it like
https://production-server:8443 -> https://production-server
so my question is can we reroute a request in nginx ? here is my configuration
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream unsecure{
server prod-exec:8040 ;
keepalive 64;
}
upstream secure {
server prod-exec:9001
keepalive 64;
}
server {
listen 80;
server_name ServerA;
access_log C:/nginx-1.20.1/logs/access.log upstreamlog;
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
proxy_pass http://unsecure/services;
}
location /services/countingservice {
proxy_pass http://unsecure;
}
}
location /services/balancingservice {
proxy_pass http://unsecure;
}
}
server {
listen 443 ssl;
server_name server-A:443;
access_log C:/software/nginx-1.20.1/logs/access.log upstreamlog;
ssl_certificate C:\\nginx-1.20.1\\ssl\\certificate.crt;
ssl_certificate_key C:\\nginx-1.20.1\\ssl\\certificate_key.key;
error_page 401 /test_401.html;
location = /test_401.html {
root /C:/nginx-1.20.1/html;
internal;
}
location / {
proxy_pass https://secure/services;
}
location /services/countingservice {
proxy_pass http://secure;
}
}
location /services/balancingservice {
proxy_pass http://secure;
}
}
stream {
access_log C:/nginx-1.20.1/logs/access.log main;
upstream passthrough_test {
server prod-exec:9001 max_fails=2 fail_timeout=180s ;
# Definition of Nginx server (URL + Port) for Application 1
server {
listen server A: 84443;
listen 84443;
proxy_pass passthrough_test;
proxy_next_upstream on;
}
}
I don't want to add port with URL for pass through. so if I config the passthrough on 443 can nginx filter the request by recognizing it's pattern?
or is there any other way?
Any help would be appreciated. Thanks in Advance.

nginx keepalive and dns resolver

I have a nginx instance in AWS that has upstream Application layer.
There are two requirements for nginx
- keepalive
- use resolver to dynamically resolve the upstream
I am able to make either of them work.
Here is the config for making keepalive work:
upstream "backend" {
server "appserver.example.com:443";
keepalive 250;
}
server {
resolver 10.0.0.2 valid=60s;
server_name _;
location / {
proxy_http_version 1.1;
proxy_pass https://backend;
}
}
Here is the config for DNS resolver to work:
server {
resolver 10.0.0.2 valid=60s;
server_name _;
set $backend appserver.example.com:443;
location / {
proxy_http_version 1.1;
proxy_pass https://$backend;
}
}
How can I get both DNS resolver and keepalive to work without using a third-party plugin in open source NGinx

According to this Nginx wiki page
there seems to be the jdomain Plugin
http {
resolver 8.8.8.8;
resolver_timeout 10s;
upstream backend {
jdomain www.baidu.com;
# keepalive 10;
}
server {
listen 8080;
location / {
proxy_pass http://backend;
}
}
}

Nginx upstream with http & https

I have some problem about nginx with http and https bypass, In upstream block
upstream block:
upstream bypass{
server 192.168.99.1:80; #http
server 192.168.99.2:443 backup; #https
}
When http 80 have a problem (server down, etc), I want to redirect to https 443,
This block does not work for me.
location block:
location / {
proxy_pass https://bypass;
proxy_redirect off;
}
How can I resolve this?

This works well: Create server config section for each backend on different port and forward to both ports internally without ssl.
In this example, you can see how the first server acts as main server with cached content (available via https) and if cache content is not available, use the second server (via http).
(using nginx 1.19.6, just for reference)
upstream backends {
server 127.0.0.1:8082;
server 127.0.0.1:8081 backup;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# ssl certs etc here
location / {
proxy_pass http://backends;
proxy_next_upstream error timeout http_404 http_403;
}
access_log /var/log/nginx/access.log upstreamlog;
}
server {
listen 8081;
location / {
add_header X-Cache MISS;
proxy_pass http://server1;
proxy_set_header Host server1;
}
}
server {
listen 8082;
location / {
add_header X-Cache HIT;
proxy_pass https://server2;
proxy_set_header Host server2;
}
}

Taking a shot in the dark. Assuming you were having issues mixing HTTP and HTTPS in the upstream, you could try this in the location block:
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass;
proxy_redirect off;
}
}
And if that didn't work, split the bypass upstream block into bypass1 and bypass2 and reference them accordingly in their corresponding location blocks:
upstream bypass1{
server 192.168.99.1:80; #http
}
upstream bypass2{
server 192.168.99.2:443; #https
}
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass1;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass2;
proxy_redirect off;
}
}
A third option would be reference them both on port 80, and ensure the second upstream server redirects HTTP requests to HTTPS.

Nginx proxy_next_upstream doesn't work

I want nginx to search my local host for the file first and on a 404 error it should search server 1.1.1.1.
I am able to fetch the file that is located on local host, but not able to get from server 1.1.1.1.
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/access.log main;
location /products/ {
proxy_next_upstream http_404;
root /var/foo;
}
}
server {
listen 80;
server_name 1.1.1.1;
location /products/ {
#########
}
}
I guess proxy_next_upstream is not switching to the server.
Any help on this would be appreciated.

The proxy_next_upstream directive is a configuration directive to control re-request from a group of upstream servers by a proxy_pass if request to one of them fails. It doesn't make sense without proxy_pass and an upstream block defined. You may use it if you proxy to multiple upstream servers like this:
upstream backends {
server 192.2.0.1;
server 192.2.0.2;
...
}
server {
...
location / {
proxy_pass http://backends;
proxy_next_upstream error timeout http_404;
}
}
If you want nginx to search for a file on disk, and if it's not found - proxy request to another server, configure it e.g. using try_files fallback instead:
location / {
root /path/to/root;
try_files $uri #fallback;
}
location #fallback {
proxy_pass http://...
}
See http://nginx.org/r/try_files for more info about the try_files directive.