Nginx proxying based on http_referrer - nginx

I'm trying to run awx(Ansible tower) behind a reverse proxy on a subpath like /awx.
So the way I want to access awx is http(s)://hostname/awx
But all the static assests in awx are hardcoded like /static/xyz.js which conflicts with my UI. Hence, I can't run awx on the root path /.
I'm not an nginx expert so I want to know if something like this can be done or is there a better way
server {
listen :80;
# if (referrer is http(s)://hostname/awx)
# rewrite urls to with prefix /awx/uri
location /awx/ {
proxy_pass http://internal-service:port/
}
}
As awx will always be accessed through UI /awx anything originating from this referrer I want to rewrite and proxy it to my internal service.

Related

Map local application behind public subresource

I'm running Joplin Server on my Raspi4 under http://127.0.0.1:23000 and on the Raspi I can successfully access the web app.
Since I don't want to publish the port 23000, I want Joplin Server to be accessible via https://myRaspi/joplinServer. Therefore I'm using Nginx.
I tried at first with:
location /joplinServer {
proxy_pass http://127.0.0.1:22300;
}
Now when calling https://myRaspi/joplinServer from any other machine, Nginx keeps the subresource /joplinServer, resulting in an "inner call" to http://127.0.0.1:22300/joplinServer - which does not exist, sure, because Joplin Server itself knows nothing about the subresource and seems to have troubles with handling it.
I also tried this:
location = /joplinServer {
rewrite ^/joplinServer?$ http://127.0.0.1:22300 break;
}
But now every external requests to https://myRaspi/joplinServer ends up as http://127.0.0.1:22300 on my machine which does obviously not work.
So what do I have to configure on Nginx to make my setting work?
Thanks in advance!
This post gave me the solution, which looks like this:
location /joplinServer/ {
proxy_redirect off;
rewrite ^/joplinServer/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:22300;
}

NGINX environment-based routing

I have a single application running in multiple K8s clusters; Let's say there is a frontend service, and two backend ones.
I use NGINX proxy the requests from the frontend to the backend services. Regular NGINX edition, not NGINX+.
Here is the nginx.conf:
server {
....
set $back1 "<k8s hostname for the backend1 service>";
set $back2 "<k8s hostname for the backend2 service>";
location /back1 {
rewrite ^/back1/(.*)$ /$1 break;
proxy_pass http://$back1;
}
<and same for the backend 2 service>
}
So basically, what happens is that in my frontend application, I set the backend service address to localhost/back1 and localhost/back2, the requests hit NGINX which strips off those back1 and back2 prefixes and call whatever endpoint I specify after in the actual backend services in K8s.
As I have multiple K8s clusters, the backend services hostnames differ, and I need to account for that in my NGINX conf.
The question is:
Is there a way for NGINX to differentiate between my K8s clusters?
Perhaps I can pass an environment variable to the container running my frontend service, and make an if statement in nginx.conf. Something like:
server {
if (${env} = "cluster1") {
set $back1 = "<cluster1 hostname>"
}
if (${env} = "cluster2") {
set $back1 = "<cluster2 hostname>"
}
}
Or if I can execute a shell command in the nginx conf to get the hostname and write similar if blocks.
I would appreciate any help on this matter!
I went a different route - via templates, environment variables, and envsubst utility which is shipping in the latest nginx docker images.
In template:
set $upstream_back1 "${BACK1}";
set $upstream_back2 "${BACK2}";
In Dockerfile
RUN envsubst < yourtemplate > /etc/nginx/nginx.conf

How to use rewrite rule for Node exporter under Nginx Reverse Proxy?

I have a usecase where node exporter is running under reverse proxy. Here is the snippet of my current configuration:
location /node_exporter {
proxy_pass http://127.0.0.1:9100/metrics;
}
This is running fine, but I want to implement it without metrics subpath, for which I did this change:
location /node_exporter {
proxy_pass http://127.0.0.1:9100/;
}
It is opening the initial page of node exporter with metrics button, but when clicked on it, redirects to /metrics instead of /node_exporter/metrics which inturn gives 404.
Please suggest on how to use the rewrite rule for this usecase.
The following site configuration should be enough
location /node_exporter {
proxy_pass http://127.0.0.1:9100/;
}
as long the telemetry path is changed when starting the node_exporter
./node_exporter/node_exporter --web.telemetry-path="/node_exporter/metrics"

reverse proxy mulitple ipython notebook servers

Currently we are running an Ipython notebook server behind a nginx proxy. This works well as it is a straightforward 1-to-1 mapping.
Now we want to run multipe notebook servers behind 1 proxy. Since these servers will be dynamically added, the proxying should be dynamic as well.
Ideally I'd like to proxy on a url subpath:
http://open.net/py1 -> http://secure1:8888
http://open.net/py2 -> http://secure2:8888
http://open.net/py3 -> http://secure3:8888
etc.
Problem with this approach is that Ipython doesn't use relative url's inside it's html. extract:
<script src="/static/.../promise.min.js"</script>
<script src="/static/.../require.js"</script>
<script> ...
So inside http://open.net/py2 require.js will be loaded via http://open.net/static/.../require.js which of course will result in a 502. It should be http://open.net/py2/static/.../require.js
Question: what's a good strategy to solve this?
Constraints:
I cannot touch the source html
I cannot use subdomains for each Ipython server (as they are dynamically added)
what's a good strategy to solve this?
Subdomains
I cannot use subdomains for each Ipython server (as they are dynamically added)
Not true.
# this will only py<some-digits> subdomain.
server {
listen 80;
server_name ~^(?<sub>py\d+)\.example\.com$;
# now you have $sub variable that contains subdomain
# and could be used to choose what server you want to connect
...
}
# catch all server block that simple shows 404 for any request
server {
listen 80 default_server;
return 404;
}

nginx on separate server proxy_pass to multiple rails apps with sub URI on passenger standalone in different boxes

I have this requirement, where there are multiple rails applications. Each application is deployed in two app servers, (app1 and app2) and they are load balanced through nginx on a separate server (lb).
The lb box contains plain vanilla nginx without passenger plugins.
The rails applications are deployed on passenger stand alone.
All the rails applications need to run on the same domain but with different sub_uri, like below
http://www.example.com/rails1
http://www.example.com/rails2
I have the lb box nginx configuration something like below.
http {
...
upstream rails1_cluster {
ip_hash;
server app1.server:3001;
server app2.server:3001;
}
upstream rails2_cluster {
ip_hash;
server app1.server:3002;
server app2.server:3002;
}
...
server {
server_name www.example.com;
...
...
location /rails1 {
proxy_pass http://rails1_cluster;
...
}
location /rails2 {
proxy_pass http://rails2_cluster;
...
}
....
}
}
With this setup, the app running on passenger standalone in app1 and app2 throws an error that it is unable to find any route /rails1/.
This article "How To Deploy Phusion Passenger To A Subdirectory, Routing Errors, And Restarting" tries to address the same problem, but it suggests changing the routes, which I don't wish to do. The Rails applications am dealing with are of same code base but customized for specific instances catering to specific client.
In passenger plugin for Nginx server, there is a passenger_base_uri which helps in setting a sub URI for the app. What is the equivalent of the same in case of passenger stand alone? Or am I missing something fundamental here? Any help, suggestions would help.
Give this a try, using the rewrite module:
location /rails2 {
rewrite "/rails2/" / break;
proxy_pass http://rails2_cluster;
}
It's a regex so might go on fire if the url actually contains that. Also this one does not yet work for addresses without the trailing slash, so check this.

Resources