How to create reverse proxy for multiple websites in nginx - nginx

I have many different technologies serving APIs and sites on my local machine. I want to be able to see them via human-readable names, rather than ports.
For example, I have:
localhost:8000 => laravel api for user panel
localhost:8001 => laravel api for admin panel
localhost:3000 => react client for user panel
localhost:3001 => nextjs client for site
localhost:3002 => react client for admin panel
And this list goes on.
Remembering all these ports is not possible of course. Thus I thought to setup a reverse proxy for them:
api.user.example.local
api.admin.example.local
example.local
user.example.local
admin.example.local
I know I have to add these host headers to /etc/hosts file. I also read about how to configure nginx as a reverse proxy for one domain.
I don't know how to do it for many sites. And only as a reverse proxy, not as a server.

Please note: I'm not considering myself as really super nginx expert, just starting to learn nginx, but I think I can help you with this task.
Here is my approach:
First, make sure your default nginx config (usually /etc/nginx/nginx.conf) has line include /etc/nginx/conf.d/*.conf; in its http block, so you may specify internal servers in separate config files for ease of use.
Create additional config file /etc/nginx/conf.d/local_domains.conf and add following server blocks in it:
server {
listen 80;
server_name api.user.example.local;
location / {
set $target http://localhost:8000;
proxy_pass $target;
}
}
server {
listen 80;
server_name api.admin.example.local;
location / {
set $target http://localhost:8001;
proxy_pass $target;
}
}
server {
listen 80;
server_name example.local;
location / {
set $target http://localhost:3000;
proxy_pass $target;
}
}
server {
listen 80;
server_name user.example.local;
location / {
set $target http://localhost:3001;
proxy_pass $target;
}
}
server {
listen 80;
server_name admin.example.local;
location / {
set $target http://localhost:3002;
proxy_pass $target;
}
}
On the client machine, add these records to the hosts file
192.168.1.1 api.user.example.local
192.168.1.1 api.admin.example.local
192.168.1.1 example.local
192.168.1.1 user.example.local
192.168.1.1 admin.example.local
Where 192.168.1.1 is the address of your nginx server.
That's it, it should work if your internal servers are using HTTP protocol.
But if you need to use HTTPS for internal servers and for the main nginx server, modify each server block as follows:
server {
listen 443 ssl http2;
server_name api.user.example.local;
ssl_certificate /usr/local/share/ca-certificates/example.local.crt;
ssl_certificate_key /usr/local/share/ca-certificates/example.local.key;
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
set $target https://api.user.example.local:8000;
proxy_pass $target;
}
}
and so on
ssl_certificate and ssl_certificate_key should point to correct certificate and key files for the domain.
If you would like nginx main server to listen port 80 and redirect all traffic to https, add additional server blocks for each server:
server {
server_name api.user.example.local;
listen 80;
# Force redirection to https on nginx side
location / {
return 301 https://$host$request_uri;
}
}
and so on
More information on NGINX Reverse Proxy
NGINX Reverse Proxy
Module ngx_http_proxy_module

Related

How can a request resolve to a different domain while keeping URI information?

I have 2 domains domain.xyz and domainxyz.com
I have the boilerplate for a dynamic routing service set up on domain.xyz which serves domain.xyz/example-uri.
I would like to make domainxyz.com/example-uri resolve to domain.xyz/example-uri
On the server I am using Nginx to direct requests on port 80 to the React app
instead of using a dns redirect to resolve the .com to the .xyz (which is what I was initially doing), direct both domains to the nginx server. Then configure the nginx server like this:
source/explanation: https://www.nginx.com/blog/creating-nginx-rewrite-rules/
server {
listen 80;
server_name www.domainxyz.com domainxyz.com;
location / {
return 301 $scheme://domain.xyz$request_uri;
proxy_pass http://localhost:3000;
}
}
server {
listen 80;
server_name www.domain.xyz domain.xyz;
location / {
proxy_pass http://localhost:3000;
}
}

Nginx proxy_pass rule Issue

So, I'm running some docker containers serving on ports 8090 and 8000. Now I want to setup Nginx reverse proxy to handle requests to both of these ports internally. The main URL http://milesblock.com changes automatically to http://milesblock.com/#/
I have setup a proxy_pass in nginx as follows-
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name milesblock.com;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://127.0.0.1:8090;
}
location /api {
rewrite ^/api(.*) $1 break;
proxy_pass http://127.0.0.1:8000;
}
}
Now, the issue is because of the automatic change of the URL to http://milesblock.com/#/ the redirect to both the ports is not working as intended. Only the /api proxy is working with the above config file.
How do i configure the proxy to handle the traffic on port 8090 and also the api calls on port 8000?

NGINX Proxy_pass : use proxy_host as the request header host

I am trying to proxy_pass to a website, But I want the request header host to be the same as the website I passed.
I have tried to use "proxy_set_header Host $proxy_host" (and tried change the value to $host, even the exact hostname I want. But when I use google chrome to check the request host, it is still the server IP that I used to set up the proxy_pass.
Below is my config, please help
location / {
proxy_pass https://example.com;
proxy_set_header Host $proxy_host;
proxy_set_header X-Original-URI $request_uri;
}
Thank you
Check the examples from the docs:
nginx first decides which server should process the request. Let’s start with a simple configuration where all three virtual servers listen on port *:80:
server {
listen 80;
server_name example.org www.example.org;
...
}
server {
listen 80;
server_name example.net www.example.net;
...
}
server {
listen 80;
server_name example.com www.example.com;
...
}
In this configuration, nginx tests only the request’s header field Host to determine which server the request should be routed to. If its value does not match any server name, or the request does not contain this header field at all, then nginx will route the request to the default server for this port. In the configuration above, the default server is the first one — which is nginx’s standard default behaviour. It can also be set explicitly which server should be default, with the default_server parameter in the listen directive:
server {
listen 80 default_server;
server_name example.net www.example.net;
...
}
Now keep in mind that $host is specifically the first server_name that is defined in the current server block. if you have multiple server_name's, only the first one will appear, but if want your backend to receive a fixed host name, use:
proxy_set_header Host "your.fixed.hostname";

Nginx setup between 2 servers

I have 2 servers,
The first one contains 2 websites (located in 2 separate directories):
https://example.com/site1
https://example.com/site2
The second server contains 1 website in root folder (React website).
Can you please help me to set up nginx on first server to make it point to the second server when user access to https://example.com.
Since nginx would be running in port 80, thus you need to run your web hosting content onto another port for example port 3000 from your first server.
In your nginx.config file, you would need to create an upstream where you list the server that nginx needs to re-route to: (before making changes to the file, i would recommend that you make a copy of it)
events {
worker_connections 768;
# multi_accept on;
}
upstream server_banks {
server localhost:3000; # if not localhost put the ip of the server
server second_server_ip:portNumber;
}
server { # nginx service will operate on port 80
listen 80;
server_name example.com
# it could your first server's ip or example.com if the domain is associated with that ip
location / {
proxy_pass http://server_banks;
}
}
After you save the config, reload service && restart
You need nginx running on both server2 and server2, then set nginx config as follow
On Server 1
#####server1####
server {
listen 443;
server_name example.com;
location / {
proxy_pass http://second_server_ip:80;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location /site1 {
alias /path/to_site1_dir/;
}
location /site2 {
alias /path/to_site2_dir/;
}
}
On server 2
###Server2#####
server {
listen 80;
server_name localhost;
root /path/to_site_dir_for-server2;
location / {
}
}

Yet another 502 error with nginx

I'm trying to put a server#home in place with some basic services. All services run into a dedicated VM. Each VM is hosted on vSphere 5.5. So far I have :
Debian wheezy with nginx used as a reverse proxy : 192.168.1.12
Debian wheezy with nodeJS used as a webapp server : 192.168.1.43
192.168.1.43:3000 => http web server that makes a redirection on 192.168.1.43:3001
192.168.1.43:3001 => https web server that makes provides the service
Debian wheezy with madsonic installed : 192.168.1.35
As said in documentation I put --https-port=443 in the config to enable https access
I use nginx to be able to have things like this :
myapp.mydomaine.com => go to nodejs # 192.168.1.43
music.mydomain.com => go to madsonic # 192.168.1.35
I followed a tutorial and edited the "default" file in /etc/nginx/sites-enabled. Here is how it looks like :
server {
listen 80;
server_name myapp.domaine.com;
location / {
proxy_pass http://192.168.1.43:3000;
}
}
server {
listen 443;
server_name myapp.domain.com;
ssl on;
ssl_certificate [...];
ssl_certificate_key [...];
location / {
proxy_pass https://192.168.1.43:3001;
}
}
server {
listen 80;
server_name music.domain.com;
location / {
proxy_pass http://192.168.1.35:4040;
}
}
server {
listen 443;
server_name music.domain.com;
ssl on;
ssl_certificate [...];
ssl_certificate_key [...];
location / {
proxy_pass https://192.168.1.35;
}
}
The first redirection on myapp works. The redirection on music works when I had only http on the madsonic server. When I activate https on madsonic server I get a 502 Bad gateway error (but the URL in Firefox is https://music.domain.com).
I also tryed some other methods like mentionned here :
How to redirect on the same port from http to https with nginx reverse proxy
Did not work either.
I also saw in /var/logs/nginx/error.log that the 502 error is due to a SSL_do_handshake error (SSl23_GET_SERVER_HELLO:tlsv1). No idea if it is related to the 502 error or not.
I'm a bit confused because other https services work fine. Someone has a suggestion ? Thanks very much.
Here is the answer of the user "desasteralex" that was posted for the same question on serverfault.com. It worked so I share his answer here (and big thx him btw :D).
First of all, Nginx is your SSL terminator here. That means that you don't need to run your app in both - HTTP and HTTPS mode. HTTP would be enough.
So, for your app the config could look like that:
server { listen 192.168.1.12:80; server_name myapp.domain.com; location / { rewrite ^ https://$server_name$request_uri? permanent; } }
The directive above will redirect all HTTP requests to HTTPS.
server { listen 192.168.1.12:443; server_name myapp.domain.com; ssl on; ssl_certificate [...]; ssl_certificate_key [...]; location / { proxy_pass https://192.168.1.43:3000; } }
I've chosen the port 3000 in the proxy_pass here to point to the HTTP version of your app. You would need to turn off the redrection of your app to port 3001.
Regarding your music.domain.com redirection - for HTTP you use the port 4040 in the proxy_pass parameter, in HTTPS you don't. I assume that the madsonic server only listens on port 4040, so a config could look like this:
server { listen 192.168.1.12:80; server_name music.domain.com; location / { rewrite ^ https://$server_name$request_uri? permanent; } }
server { listen 192.168.1.12:443; server_name music.domain.com; ssl on; ssl_certificate [...]; ssl_certificate_key [...]; location / { proxy_pass https://192.168.1.35:4040; } }
Hope this helps.

Resources