I have bunch of location directive in my Nginx config and most of them have same add_header, is there any way that I can introduce variable in nginx or any generator for all this config? specially for location directive.
is there any way to set default for add_header so stop repeating in each location directive?
here is 3 locations out of 50 directive in my config:
location ^~ /example/1/ {
proxy_buffering off;
proxy_pass http://10.10.10.113:8124/geoserver/ws/wms;
add_header Pragma no-cache;
add_header Cache-Control private;
add_header Cache-Control no-cache;
add_header Cache-Control no-store;
add_header Expires -1;
}
location ^~ /example-org {
proxy_buffering off;
proxy_pass http://10.10.10.199:9126/geoserver/wms;
add_header Pragma no-cache;
add_header Cache-Control private;
add_header Cache-Control no-cache;
add_header Cache-Control no-store;
add_header Expires -1;
}
location ^~ /example-org/1 {
proxy_buffering off;
proxy_pass http://10.10.10.199:18124/geoserver/wms;
add_header Pragma no-cache;
add_header Cache-Control private;
add_header Cache-Control no-cache;
add_header Cache-Control no-store;
add_header Expires -1;
}
edit #1 (after Richard Smith comment)
add_header Pragma no-cache;
add_header Cache-Control private;
add_header Cache-Control no-cache;
add_header Cache-Control no-store;
add_header Expires -1;
location ^~ /example/1/ {
proxy_buffering off;
proxy_pass http://10.10.10.113:8124/geoserver/ws/wms;
}
location ^~ /example-org {
proxy_buffering off;
proxy_pass http://10.10.10.199:9126/geoserver/wms;
}
location ^~ /example-org/1 {
proxy_buffering off;
proxy_pass http://10.10.10.199:18124/geoserver/wms;
}
Related
I have embedded by iframe my page in my other page, 2 page are same domain
First time accessing the site I get asked 1 time for the basic authentication
When I click button to open iframe, I get asked 1 more time for the basic authentication
Is there any way to cancel the 2nd authentication mistake?
My nginx conf file:
location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|js|css)$ {
add_header Pragma public;
add_header Cache-Control "public";
try_files $uri $uri/ #proxy;
}
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
auth_basic "Restricted";
auth_basic_user_file /app/.htpasswd;
add_header Content-Security-Policy "base-uri 'none'; child-src 'self' blob:;" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
try_files /$uri /index.html;
}
location /api {
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://backends;
proxy_cache_key $uri$is_args$args;
}
I am trying to make a dynamic CORS proxy using Nginx, so I can use multiple API's from my front-end code without any CORS errors. My current way is using multiple location blocks, one for each domain, which works, but I would rather have a dynamic solution. My idea is to use x-proxy-target to specify the upstream hostname, and pass on the pathname. Nginx is running in Docker containers on Kubernetes, hence 10.245.0.10 being the resolver.
This works perfectly, and sends the CORS headers that are set at the bottom using add_header
location / {
default_type application/json;
if ($http_x_proxy_target = "") {
return 400 '{"message": "No x-proxy-target header", "code": "PROXY_TARGET_NOT_SET"}';
}
resolver 10.245.0.10 [::1];
set $cors '*';
if ($http_origin != "") {
set $cors $http_origin;
}
if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $cors always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers * always;
return 204;
}
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Expose-Headers;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Origin;
proxy_set_header x-proxy-target '';
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Origin https://$http_x_proxy_target;
proxy_set_header Host $http_x_proxy_target;
proxy_set_header Referer https://$http_x_proxy_target/;
proxy_pass https://google.com/;
add_header Access-Control-Allow-Headers * always;
add_header Access-Control-Expose-Headers * always;
add_header Access-Control-Allow-Credentials true always;
add_header Access-Control-Allow-Origin $cors always;
}
But when I change the proxy_pass to use the supplied upstream:
location / {
default_type application/json;
if ($http_x_proxy_target = "") {
return 400 '{"message": "No x-proxy-target header", "code": "PROXY_TARGET_NOT_SET"}';
}
resolver 10.245.0.10 [::1];
set $cors '*';
if ($http_origin != "") {
set $cors $http_origin;
}
if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $cors always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers * always;
return 204;
}
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Expose-Headers;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Origin;
proxy_set_header x-proxy-target '';
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Origin https://$http_x_proxy_target;
proxy_set_header Host $http_x_proxy_target;
proxy_set_header Referer https://$http_x_proxy_target/;
proxy_pass $scheme://$http_x_proxy_target$uri$is_args$args;
add_header Access-Control-Allow-Headers * always;
add_header Access-Control-Expose-Headers * always;
add_header Access-Control-Allow-Credentials true always;
add_header Access-Control-Allow-Origin $cors always;
}
I get the correct response using Postman, but the CORS headers are not set. I have tried moving the add_header lines to above the proxy_pass, to no avail. To me, this seems like a possible bug in Nginx, although I might just be making an obvious mistake. I can't find any mention of this problem anywhere, although it is a very specific usecase.
I am a newbie in nginx and CORS and finding it challenging getting this right.
I have rest services hosted on a server which blocks CORS so installed nginx to proxy for rest call. What works:
rest api call (from angular code) to backend server after enabling CORS
rest api call (from chrome) to frontend nginx server which has cors enables
What doesn't work: rest api call (from angular code) to frontend nginx
I think the CORS part work as I do not see that error anymore but angular is getting a null response.
For above scenarios, I have tried using GET and POST methods. Response code is 200 OK even for failed scenario.
Here is the nginx conf:
upstream myserver {
server myserver.com:8443;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name myserver.com;
ssl_certificate /some.crt;
ssl_certificate_key /some.key;
location /rest-service/ {
# Simple requests
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" *;
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
proxy_pass_header Server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 5;
proxy_read_timeout 240;
proxy_intercept_errors on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass https://myserver/rest-service/;
proxy_ssl_trusted_certificate /some.pem;
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
}
}
Here is the angular/typescript code (running from loaclhost):
ngOnInit() {
let url='https://myserver.com/rest-service/login?login=admin&password=password';
this.http.get(this.url).subscribe((response) => {console.log(response); });
}
I think I figured out the issue and posting it here; hope it helps someone.
Following worked:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'http://localhost:4200' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin,Keep-Alive,User-Agent,Cache-Control,Content-Type,Accept' always;
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ( $request_method = 'GET' ) {
add_header 'Access-Control-Allow-Origin' 'http://localhost:4200' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin,Keep-Alive,User-Agent,Cache-Control,Content-Type,Accept' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ( $request_method = 'POST' ) {
add_header 'Access-Control-Allow-Origin' 'http://localhost:4200' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin,Keep-Alive,User-Agent,Cache-Control,Content-Type,Accept' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
I have a website with a couple of pages and images and I have setup an nginx server to handle the website. When I add a location directive to handle the images, the entire website does not show up and look broken.
The website looks perfect when the bottom of my nginx file looks like this:
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
location ~ /\. {
deny all;
}
#location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
# proxy_cache sinuscache;
# add_header Pragma public;
# add_header Cache-Control "public";
# expires 1d;
# log_not_found off;
#}
location ~* (\.bak|\.off|\.config|\.exe|\.sql|\.fla|\.psd|\.ini|\.log|\.sh|\.inc|\.swp|\.dist)$ {
deny all;
add_header Pragma public;
add_header Cache-Control "public";
expires -1d;
access_log off;
}
location / {
include /etc/nginx/sites-settings/denyips.conf;
proxy_pass http://127.0.0.1:9099;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache sinuscache;
}
}
When I un-comment
#location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
# proxy_cache sinuscache;
# add_header Pragma public;
# add_header Cache-Control "public";
# expires 1d;
# log_not_found off;
#}
The website breaks. If I do a
service nginx configtest
I receive no errors.
The new location block is incomplete - as a minimum you will want to include proxy_pass http://127.0.0.1:9099; and probably many of the other statements from the location / block. See how nginx processes a request.
Some of the statements can be placed into the server block to avoid replication. For example:
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache sinuscache;
location / {
include /etc/nginx/sites-settings/denyips.conf;
proxy_pass http://127.0.0.1:9099;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
include /etc/nginx/sites-settings/denyips.conf;
proxy_pass http://127.0.0.1:9099;
add_header Pragma public;
add_header Cache-Control "public";
expires 1d;
log_not_found off;
}
I use this code for add expires to static files:
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control “public”;
log_not_found off;
}
I have some random images in the virutual directory /image/. When the code above is in Nginx, the random images get a 404.
I dont need expires for the directory /image/. For this directory the code should not run. How is it possible to write something like this in Nginx language:
If not /image/
{
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$
{
expires 30d;
add_header Pragma public;
add_header Cache-Control “public”;
log_not_found off;
}
}
Try this
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$
{
if ($request_uri !~ ^/image/.*) {
expires 30d;
}
add_header Pragma public;
add_header Cache-Control "public";
log_not_found off;
}