nginx proxy_pass doesn't work right when concatenating to variable - nginx

I have an NGINX server running as a reverse proxy for a service I host. I tried configuring it with this:
set $upstream_nzbget http://nzbget:6789;
location /nzbget/api/ {
proxy_pass $upstream_nzbget/;
}
But the proxy_pass doesn't work properly when I try to add the slash / to the end of $upstream_nzbget. If I change it to this, it works properly:
location /nzbget/api/ {
proxy_pass http://nzbget:6789/;
}
So I think it has something to do with variables in proxy_pass. In the first case (the one that isn't working), I'm not really sure what the URL ends up being. I haven't found a way to log the final URI that gets used by proxy_pass.
Can someone explain why the first case isn't working? What is the proper solution? Note that I need to keep the variable in proxy_pass so it uses the resolver.
Side note: I use a trailing slash in my location block because otherwise I get a 404 when I use this URL:
domain.com/nzbget/api/api:password/xmlrpc
This is why I use /nzbget/api/ instead of /nzbget/api.
EDIT 1
I played around with this some more, and I found that this also doesn't work:
location /nzbget/api/ {
set $upstream_nzbget http://nzbget:6789/;
proxy_pass $upstream_nzbget;
}
This one is really strange. It's the same string, the only difference is using a variable vs a string literal. I'm not doing any string concatenation here. I'm not sure why there's a behavioral difference.
EDIT 2
This SO question might be the same issue, but it has no helpful answers.

You need to pass $request_uri when using it with variable. It's there in the docs somewhere.
It'll be something like:
location /nzbget/api/ {
set $upstream_nzbget http://nzbget:6789$request_uri;
proxy_pass $upstream_nzbget;
}

Related

nginx location with wildcard to proxy_pass

I understand a few basic concepts of nginx, but this one is beyond me.
This directive below works perfectly fine
location /a/web/8b5d3df315/assets {
proxy_pass https://thisdomain.com/a/assets;
}
However, the 8b5d3df315 needs to be a wildcard (or 'any') since I have many different entities needing to point to the same uri https://thisdomain.com/a/assets
I have tried this which returns a 404.
location /a/web/([A-Za-z0-9]+)/assets {
proxy_pass https://thisdomain.com/a/assets;
}
As well as the one below, which returns a: "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except"
location ~ ^/a/web/([A-Za-z0-9]+)/assets {
proxy_pass https://thisdomain.com/a/assets;
}
This answer felt close to my problem https://stackoverflow.com/a/53354944/1864622 but I don't think is quite a match.
Does anyone know how to go about this?

Can Nginx substring the $request_uri?

I want to substring $request_uri
For example, The URL address is:https://example/surveyssl/survey
If I using $request_uri, it will get "surveyssl/survey"
Can I substring "surveyssl" so that I can get "survey" only?
location /surveyssl/survey{
proxy_pass http://ssldev/surveyssl/index.php/$request_uri;
#It will fail because the url output is
#http://ssldev/surveyssl/index.php/surveyssl/survey
#but I want to get this url:
#http://ssldev/surveyssl/index.php/survey
}
With your shown sample, could you please try following. Please make sure to clear your browser cache before testing your URLs. First ruleset is very specific one to catch only surveyssl; 2nd rules set it dynamic one where it will catch anything coming after surveyssl.
location ~ /surveyssl/(survey/?) {
proxy_pass http://ssldev/surveyssl/index.php/$1;
}
EDIT: To make it dynamic try following rules:
location ~ /surveyssl/([\w-]+/?) {
proxy_pass http://ssldev/surveyssl/index.php/$1;
}

How to block a specific URL in NGINX webserver

I want to block a specific URL but I am not able to do this.
The URL that should be blocked is example.com/clientarea/?dxx_g=dddd.
But the following url should still work - example.com/clientarea.
I tried the following:
location ^~ /clientarea/ {
return 444;
}
But if I do this it will block all connections to /clientarea.
I hope you can help me or advise me how to make this possible.
The location and rewrite statements test a normalized URI which does not include the ? and anything following it.
The $request_uri variable contains the entire URI. Test this variable using an if or map directive.
For example:
if ($request_uri = /clientarea/?dxx_g=dddd) {
return 444;
}
You can also use regular expressions. See this document for more. See this caution on the use of if.
If you have a number of URIs to block, you should consider using a map instead.

Rewrites in Nginx

I need to enter a bunch or rewrites in my conf file in Nginx. I am not very experienced so I copied what I found before, example.
location = /index.php/blog/blog/xxx/yyy/ {
return 301 /index.php/blog/xxx/yyy/;
}
However I was told that the best way is the following:
location ^~ /index.php/blog/blog/xxx/yyy/ {
rewrite ^/index.php/blog/xxx/yyy/;
}
Which one id the correct one?
The first one is more correct, both location as well as the return -wise, and it'll work faster.
FWIIW, your second snippet looks like it's missing a space in the rewrite after ^, and it's also less efficient, both location as well as rewrite-wise.
References:
http://nginx.org/r/location
http://nginx.org/r/return
http://nginx.org/r/rewrite

How to do this without using if?

I have a list of blacklisted URLs that I would like to check to see if they are the http_referer for a particular request. If they are I am trying to set a cookie. I had tried doing it with the code below:
set $blackListUrls "www.somesite.com,www.anothersite.com,www.yetanother.com";
location / {
if($blackListUrls ~* $http_referer){...}
}
But while reading more about the if statement in nginx it sounds like I shouldn't use it. How can I do what I am talking about above without using an if statement?
Also - I have no experience with nginx so if you see a different way I should be checking this feel free to point it out.
If you want to add a cookie based on Referer, something like this should work:
map $http_referer $setcookie {
default "";
http://some.exact.url "cookiename=cookievalue";
~*example\.com "cookiename=cookievalue";
...
}
server {
...
location / {
add_header Set-Cookie $setcookie;
...
}
}
It will map the $http_referer variable (i.e. Referer header) into the $setcookie variable, empty by default (and not empty if referer is listed in the map). The add_header directive is used to add Set-Cookie header with the $setcookie value. The header will not be added if $addcookie evaluates to an empty string.
In the map you may use exact strings or regular expressions (with "~" or "~*" prefix).
See here for docs:
http://nginx.org/en/docs/http/ngx_http_map_module.html
http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
You may also want take a look at nginx referer module. It is designed to do a whitelisting of referrers though, not blacklisting, and approach using map would be easier for a blacklist.
If you read http://wiki.nginx.org/IfIsEvil carefully you'll notice that:
if's directly in the server block are OK
if's in a location block on the other hand are unsave unless they hold only a return or rewrite directive
So to following would actually be perfectly save:
server {
location / {
set blackListUrls "www.somesite.com,www.anothersite.com,www.yetanother.com";
if($blackListUrls ~* $http_referer){return 403;}
}
}
In other words you don't need to get rid of all ifs
Please note: nginx has referer module.

Resources