i'm trying to configure Nginx as reverse Proxy for my sec-tool (ZAP). I'm not sure about the configuration part. I think it should be something like that:
server {
listen 443;
server_name ZAP.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_redirect http://localhost:8080 https://ZAP.domain.com;
}
}
As long as i know, ZAP operates with the port 8080, but i'm not sure what I've to insert in the "domain" part.
Does anyone have some clues here?
Thank you
Related
I have following nginx reverse proxy configuration:
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /application {
proxy_pass https://my.url:9443/application;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /dashboard {
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
my location "/" got proxied to my npm dev server, which is working great.
my location "/aplication" got proxied to my application I publish, which is working great, too!
so why does my location "/dashboard" does not work, when proxied to my other npm dev server, which listens on port 3001? What makes my concerns even stronger is the fact, that when I change the port from my default location "/" to 3001, my react app is getting accessed.
my output from sudo netstat -lntp:
tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN 3677/node
I installed a WildFly 26.0.1 together with nginx as a reverse proxy.
Everything seems to work correctly.
Also the deployment of small WebApp war files within WildFlys admin console works.
But there is a problem when deploying large war files.
I have already set client_max_body_size to 100M!
The effect is the following:
While deploying the nginx access.log there shows up an endless loop
POST /management-upload HTTP/1.1" 401 77
Again and again
On the client side the request hangs.
The WildFly Log shows no start of deployment.
While with small war files it says:
POST /management-upload HTTP/1.1" 200 68
btw: When accessing the WildFly directly (not via the nginx proxy) the deployment works
also with large war files
This is my nginx config:
(Replacing my domain with example.com)
server {
server_name www.example.com example.com;
listen 80;
listen [::]:80;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 90s;
}
location /console {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9990/console;
proxy_read_timeout 90s;
}
location /management {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9990/management;
proxy_read_timeout 90s;
}
}
i have three docker containers on different ports and would like to implement reverse proxy with nginx to each of the containers so that i can navigate to each of the containers by passing a keyword instead of ports. Like Instead of http://localhost:3000 i want to pass like http://localhost/app1
I created the nginx image with below dockerfile.
FROM nginx:alpine
COPY nginx.conf /etc/nginx/nginx.conf
COPY index.html usr/share/nginx/html
and my nginx conf file looks like this:
worker_processes 1;
events { worker_connections 1024; }
http {
sendfile on;
upstream app1 {
server localhost:3000;
}
upstream app2 {
server localhost:3001;
}
server {
listen 3000;
location /app1 {
proxy_pass http://localhost:3000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
listen 3001;
location /app2 {
proxy_pass http://localhost:3001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
but after creating the nginx container from the image. I see the container created. but when i tried to access with localhost it timed out so nginx is not running or did i miss something. I cannot load the container with localhost/app1 or app2 or even localhost is not working. help needed. thanks in advance.
You are exposing the ports 80 and 443 when you start the container but I don't see you listening to those ports in the nginx configuration.
Please try replacing listen 3000 by listen 80 and then try accessing localhost/app1
I can also see that you are using --link when you start your docker container. So I think you should use app1 and app2 instead of localhost. Please let me know if there is something that I missed so it isn't the case. You must also make sure that your applications are accessible on these ports (3000 and 3001).
Also your 2 locations should be in the same server block:
server {
listen 80;
location /app1 {
proxy_pass http://app1:3000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /app2 {
proxy_pass http://app2:3001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
I have a spring boot application (with keycloak adapter) running on port 8000 and keycloak running on 8080
I have edited my /etc/hosts file to route requests coming on my test-domain (foo.bar.com) to route to 127.0.0.1
I am not interested in SSL as of now.
My sample nginx configuration:
server {
listen 80;
server_name foo.bar.com;
location /myapp {
proxy_set_header Host $host/myapp;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://localhost:8000/;
}
location /auth {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
}
}
Question:
Will this sample nginx conf be sufficient? I had some infinite redirects happening. Logs from keycloak adapter in my spring application say:
No State Cookie
If I do not use proxy server and instead configure the app and keycloak talk directly to each other it works. I wonder why proxy server is creating issues.
Did you configure Keycloak so that it knows it's behind a proxy?
E.g. for docker it's the option -e PROXY_ADDRESS_FORWARDING=true
I have two apps running on host1:7000 and host2:7000. I am fronting the two hosts by an nginx reverse proxy, where I want mydomain.com/admin to point to host1:7000/portal and mydomain.com/user to host2:7000/portal.
I have written the following config
listen 80;
server_name mydomain.com *.mydomain.com;
location ~ ^/admin/(.*)$ {
proxy_pass $scheme://<IP-ADDRESS>/$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
I can get to mydomain.com/admin to be redirected to host1:7000/portal but when the app redirects from host1:7000/portal on to host1:7000/login via relative path, in the browser I see mydomain.com/login. What do I need to do to get the second redirect go mydomain/admin/login?
Why do people use regexps for no reason and have all kind of problems with it?…
location /admin/ {
proxy_pass http://host1:7000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
This will automatically strip /admin/ from proxied request and prepend it in Location header (which is used in redirect).
See proxy_pass and proxy_redirect docs.