I'm trying to setup nginx to reverse proxy to a port dynamically based on port found in path.
So https://my-nginx.uksouth.cloudapp.azure.com/58585/some/route goes to https://localhost:58585/some/route
And https://my-nginx.uksouth.cloudapp.azure.com/59595/some/route goes to
https://localhost:59595/some/route
I can hard code the config like this
server {
server_tokens off;
server_name my-nginx.uksouth.cloudapp.azure.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-nginx.uksouth.cloudapp.azure.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-nginx.uksouth.cloudapp.azure.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /58585 {
proxy_pass http://localhost:58585/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location /59595 {
proxy_pass http://localhost:59595/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
server {
if ($host = my-nginx.uksouth.cloudapp.azure.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-nginx.uksouth.cloudapp.azure.com;
return 404; # managed by Certbot
}
and reverse proxy like this
ssh -R 58585:localhost:58585 myuser#my-nginx.uksouth.cloudapp.azure.com
ssh -R 59595:localhost:59595 myuser#my-nginx.uksouth.cloudapp.azure.com
This works as expected; then I've tried to make this dynamic
So https://my-nginx.uksouth.cloudapp.azure.com/targetPort/some/route goes to https://localhost:$targetPort/some/route
The best I can come up with is the following but this keeps failing and with a 502 bad gateway.
location ~ /([0-9]+) {
set $targetPort $1;
proxy_pass http://localhost:$targetPort/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
Can someone guide me with the correct way to do this ?
Thanks!
According to documentation:
In some cases, the part of a request URI to be replaced cannot be determined:
When location is specified using a regular expression, and also inside named locations.
In these cases, proxy_pass should be specified without a URI.
I think you can try to use rewrite here to specify an URI:
location ~ ^/(\d+) {
set $targetPort $1;
rewrite /\d+(.*) $1 break;
proxy_pass http://localhost:$targetPort;
...
}
Maybe this can be optimized for one regex matching instead of two:
location ~ ^/(\d+)(.*) {
set $targetPort $1;
set $newuri $2;
rewrite . $newuri break;
proxy_pass http://localhost:$targetPort;
...
}
But it needs to be tested, nginx behavior is unpredictable sometimes.
Update
This is definitely can be optimized to
location ~ ^/(?<targetPort>\d+)(?<newURI>.*) {
rewrite . $newURI break;
proxy_pass http://localhost:$targetPort;
...
}
Related
I am trying to configure Nginx as reverse proxy keeping Uvicorn behind it.
When I try to access "example.com", it returns the home page but gives 404 for all static files.
When I try to access any other endpoint like "example.com/blog", it returns "404 not found" page.
Here is the Nginx config:
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream uvicorn {
server unix:/tmp/uvicorn.sock;
}
What changes should I do to make it work?
As per the suggestion given by #richard-smith in the comment, I tried commenting out this line
location / {
#try_files $uri $uri/ =404; <-- here
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
and it worked fine. It is now able to serve all the endpoints.
I'm having issues with nginx and proxy pass. I have setup an instance of JFrog Artifactory and pointed my domain to it successfully; however the port is still appearing in the "URL to file" (the image). Here is my nginx config
server {
server_name repo.hyperiamc.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://x.x.x.x:8082;
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://x.x.x.x:8081;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/repo.hyperiamc.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/repo.hyperiamc.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
Visiting the site the URL works, it appears that it's only the URL to file. I have set my Base URL inside of artifactory to match that of the proxy.
I believe it is due to the header value we are setting up in the config. Change the line.
From: proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
TO: proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
Hope this helps.
I have a website which performs proxy pass and I want to block some sub path access and not sure how can I do this. Following is the nginx conf file snippet:
server {
root /usr/share/nginx/html;
server_name testnginx.com www.testnginx.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testnginx.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testnginx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~* /ng\/f\?p {
return 404;
}
location / {
rewrite ^/$ /ng/testnginx/r/100/home permanent;
}
location /ng/ {
proxy_pass https://127.0.0.1:2000/ng/;
# set Origin to blank to avoid Chrome problems with CORS
proxy_set_header Origin "" ;
# pass along some header variables with the public host name/port/and so on
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I want to redirect all the subpath such as /ng/f?p to /ng/testnginx/r/100/home but it is not working for me.
Is it possible to mask a sub-domain to point to another sub-domain like so:
sub.domain.comto sub2.domain.com/example/example2.
I was able to sort of get this by using this nginx configuration:
server {
listen 443 ssl http2; # managed by Certbot
<!-- ssl_certificate goes here -->
server_name sub.domain.com;
rewrite ^/?$ https://sub2.domain.com/example/example2 permanent;
}
But the problem with this config is that when you go to sub.domain.com you are redirected to sub2.domain.com/example/example2 instead of just masking the URL.
And if I go to sub.domain.com/test instead of going to sub2.domain.com/example/example2/test it just shows 404 page.
Finally! I figured it out myself.
Instead of rewrite I had to use proxy_pass. And to extend the URL, I just needed to add a / to the end of URL:
location / {
proxy_pass https://sub2.domain.com/example/example2/; <-- Note the slash at the end
proxy_redirect off;
proxy_set_header X-Real-IP sub2.domain.com;
proxy_set_header X-Forwarded-For sub2.domain.com;
proxy_set_header Host sub2.domain.com;
}
Full code:
server {
listen 443 ssl http2; # managed by Certbot
<!-- ssl_certificate goes here -->
server_name sub.domain.com;
location / {
proxy_pass https://sub2.domain.com/example/example2/;
proxy_redirect off;
proxy_set_header X-Real-IP sub2.domain.com;
proxy_set_header X-Forwarded-For sub2.domain.com;
proxy_set_header Host sub2.domain.com;
}
}
I have added multiple subdomains on nginx and now I would like to proxy pass all subdomains to a single jetty instance.
Let´s say
subdomain1.blog.com -> localhost:8080/subdomain1
jenkins.blog.com -> localhost:8080/jenkins
I tested a lot of examples and in the end I struggled with the url.
If I open http://jenkins.blog.com I will redirect to https://jenkins.blog.com/jenkins/login?from=%2Fjenkins%2F
How can I get rid of this /jenkins/ in my url?
Is it possible to achieve it without using multiple jetty instances and deploying apps on webroot?
upstream jetty {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
server_name jenkins.blog.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name jenkins.blog.com;
ssl_certificate /etc/letsencrypt/live/blog.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.com-0002/privkey.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location /jenkins {
rewrite ^/jenkins(/.*)$ $1 last;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_pass http://jetty/jenkins/;
proxy_read_timeout 90;
#proxy_redirect http://localhost:8080/jenkins https://jenkins.blog.com;
#proxy_redirect http:// https://;
proxy_redirect off;
proxy_buffering off;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.blog.com:50022' always;
}
}
}