Nginx Reverse Proxy and ZAP - nginx

i'm trying to configure Nginx as reverse Proxy for my sec-tool (ZAP). I'm not sure about the configuration part. I think it should be something like that:
server {
listen 443;
server_name ZAP.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_redirect http://localhost:8080 https://ZAP.domain.com;
}
}
As long as i know, ZAP operates with the port 8080, but i'm not sure what I've to insert in the "domain" part.
Does anyone have some clues here?
Thank you

Related

Nginx reverse proxy not working for location /dashboard

I have following nginx reverse proxy configuration:
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /application {
proxy_pass https://my.url:9443/application;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /dashboard {
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
my location "/" got proxied to my npm dev server, which is working great.
my location "/aplication" got proxied to my application I publish, which is working great, too!
so why does my location "/dashboard" does not work, when proxied to my other npm dev server, which listens on port 3001? What makes my concerns even stronger is the fact, that when I change the port from my default location "/" to 3001, my react app is getting accessed.
my output from sudo netstat -lntp:
tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN 3677/node

Strange HTTP 401 response with nginx in combination with WildFly

I installed a WildFly 26.0.1 together with nginx as a reverse proxy.
Everything seems to work correctly.
Also the deployment of small WebApp war files within WildFlys admin console works.
But there is a problem when deploying large war files.
I have already set client_max_body_size to 100M!
The effect is the following:
While deploying the nginx access.log there shows up an endless loop
POST /management-upload HTTP/1.1" 401 77
Again and again
On the client side the request hangs.
The WildFly Log shows no start of deployment.
While with small war files it says:
POST /management-upload HTTP/1.1" 200 68
btw: When accessing the WildFly directly (not via the nginx proxy) the deployment works
also with large war files
This is my nginx config:
(Replacing my domain with example.com)
server {
server_name www.example.com example.com;
listen 80;
listen [::]:80;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 90s;
}
location /console {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9990/console;
proxy_read_timeout 90s;
}
location /management {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9990/management;
proxy_read_timeout 90s;
}
}

implementing reverse proxy with nginx and docker containers with different ports

i have three docker containers on different ports and would like to implement reverse proxy with nginx to each of the containers so that i can navigate to each of the containers by passing a keyword instead of ports. Like Instead of http://localhost:3000 i want to pass like http://localhost/app1
I created the nginx image with below dockerfile.
FROM nginx:alpine
COPY nginx.conf /etc/nginx/nginx.conf
COPY index.html usr/share/nginx/html
and my nginx conf file looks like this:
worker_processes 1;
events { worker_connections 1024; }
http {
sendfile on;
upstream app1 {
server localhost:3000;
}
upstream app2 {
server localhost:3001;
}
server {
listen 3000;
location /app1 {
proxy_pass http://localhost:3000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
listen 3001;
location /app2 {
proxy_pass http://localhost:3001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
but after creating the nginx container from the image. I see the container created. but when i tried to access with localhost it timed out so nginx is not running or did i miss something. I cannot load the container with localhost/app1 or app2 or even localhost is not working. help needed. thanks in advance.
You are exposing the ports 80 and 443 when you start the container but I don't see you listening to those ports in the nginx configuration.
Please try replacing listen 3000 by listen 80 and then try accessing localhost/app1
I can also see that you are using --link when you start your docker container. So I think you should use app1 and app2 instead of localhost. Please let me know if there is something that I missed so it isn't the case. You must also make sure that your applications are accessible on these ports (3000 and 3001).
Also your 2 locations should be in the same server block:
server {
listen 80;
location /app1 {
proxy_pass http://app1:3000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /app2 {
proxy_pass http://app2:3001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}

Reverse proxy configuration for keycloak (Nginx)

I have a spring boot application (with keycloak adapter) running on port 8000 and keycloak running on 8080
I have edited my /etc/hosts file to route requests coming on my test-domain (foo.bar.com) to route to 127.0.0.1
I am not interested in SSL as of now.
My sample nginx configuration:
server {
listen 80;
server_name foo.bar.com;
location /myapp {
proxy_set_header Host $host/myapp;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://localhost:8000/;
}
location /auth {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
}
}
Question:
Will this sample nginx conf be sufficient? I had some infinite redirects happening. Logs from keycloak adapter in my spring application say:
No State Cookie
If I do not use proxy server and instead configure the app and keycloak talk directly to each other it works. I wonder why proxy server is creating issues.
Did you configure Keycloak so that it knows it's behind a proxy?
E.g. for docker it's the option -e PROXY_ADDRESS_FORWARDING=true

nginx rewrite rule for redirection

I have two apps running on host1:7000 and host2:7000. I am fronting the two hosts by an nginx reverse proxy, where I want mydomain.com/admin to point to host1:7000/portal and mydomain.com/user to host2:7000/portal.
I have written the following config
listen 80;
server_name mydomain.com *.mydomain.com;
location ~ ^/admin/(.*)$ {
proxy_pass $scheme://<IP-ADDRESS>/$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
I can get to mydomain.com/admin to be redirected to host1:7000/portal but when the app redirects from host1:7000/portal on to host1:7000/login via relative path, in the browser I see mydomain.com/login. What do I need to do to get the second redirect go mydomain/admin/login?
Why do people use regexps for no reason and have all kind of problems with it?…
location /admin/ {
proxy_pass http://host1:7000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
This will automatically strip /admin/ from proxied request and prepend it in Location header (which is used in redirect).
See proxy_pass and proxy_redirect docs.

Resources