I have to set custom headers for outgoing request using nginx proxy, so basically I started with trying add_header and proxy_set_header directive in the conf file(snippet has been added), but in the outgoing request these headers were not being added using either of them. Please suggest me an approach to solve this problem.
server {
listen 8095;
access_log logs/host.access.log;
location / {
proxy_pass https://www.dummy-site.com/applications/1232;
proxy_set_header Authorization "some_authorisation";
proxy_set_header referer "referer";
proxy_pass_request_headers on;
}
}
Related
I am running into something that is extremely odd. I have the following stack:
ASP.Net Core 3.1 API
Angular 10 front end app
Nginx proxy
All of the applications are containerized so I have my API running in a docker container, my angular app in a docker container (that is also using a separate nginx web server to serve the SPA), and a nginx container serving as a proxy for the API.
Below is a typical GET request that has no issues and the relevant headers for the OPTIONS request:
So a GET request is working but when I try to use POST, the options request succeeds immediately followed by a 400 from nginx along with an error message from the browser:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://restaurantapi.localhost/chats. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
The odd part about above error message is that the OPTIONS request for the POST succeeds:
How is it possible for the OPTIONS request to be successfully returned but the POST fails? I don't understand quite how this is possible. I know its Nginx causing this issue because I have removed the proxy and sent the request directly from my angular app in a container to the API using kestrel web server (built in webserver for .NET core) and it succeeds.
Is there any configuration I am missing causing this problem? Note that I am adding the CORS headers within my API and am not using CORS through nginx. I also tried stripping response headers from API within Nginx and explicitly adding CORS headers and that still fails. Any help on this would be appreciated.
My nginx config:
events {
worker_connections 1024;
}
http {
underscores_in_headers on;
upstream api {
server restaurantapi:5001;
}
upstream grpcservice {
server restaurantapi:5010;
}
# redirect all http requests to https
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
server_name restaurantapi.localhost;
listen 443 ssl http2;
ssl_certificate /etc/certs/resapi.crt;
ssl_certificate_key /etc/certs/resapi.key;
location /CartCheckoutService/ValidateCartCheckout {
grpc_pass grpc://grpcservice;
error_page 502 = /error502grpc;
}
location = /error502grpc {
internal;
default_type application/grpc;
add_header grpc-status 14;
add_header grpc-message "Error connecting to gRPC service.";
return 204;
}
location / {
proxy_pass http://api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Connection keep-alive;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
gzip on;
gzip_vary on;
gzip_proxied no-cache no-store private expired auth;
gzip_types text/plain text/css application/json application/xml;
}
The logs from the API:
The issue was websocket headers being present (http://nginx.org/en/docs/http/websocket.html). I'm not entirely sure nginx does not log a connection error to the upstream server because all the logs displayed was the request to nginx.
Removing the websocket specific headers fixed the issue I was having. I need to add the headers only for websocket requests.
Using Nginx as reverse proxy, authentication with facebook is not working as it should.
My proxy_pass is set to origin.example.com and main site is at main.example.com.
proxy_pass https://origin.example.com;
proxy_ssl_server_name on;
proxy_set_header Connection "";
proxy_set_header Host origin.example.com;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Redirection for facebook login happen using Location header which I want to modify and I found that it can be done using proxy_redirect. However, I am not getting an idea how to do that.
I have already used redirect URI main.example.com in Facebook. And I did already requested another change in origin app to make this change, however its not in our control and have to manage this by modifying this header value from nginx only.
Specifically, I want to modify this header value
https://www.facebook.com/v3.1/dialog/oauth?client_id=249911186056401&scope=email&response_type=code&redirect_uri=https%3A%2F%2F**origin.example.com**%2Fsignin-facebook&state=CfDJ8FXKlLU-VLlFryQdHqtwILDwFpBxeh1ZlS5hy7drEOaXtmdjBd8T8m4oyy7LvYttb8Ryyb894ZgCUGPINPQX_jWt-s1J2ZwtJirchyAWfsXXtqC69PYLxJNf84fbK_bXLrpd0eFE7Z0LAwq98gp-54lUwv3rZPNLZ4Jw1q3-3yjjFGTgAvJCDSgiTTxvIpY8E-3WlTlNPMfiFv4USoXHfYeKJaQ52EAAMdhA3dlAoALVsUkOl-0lNUjCP4xa4ZKcRuL1wJI1Gbk7Fg7Nyxzgqu4
to
https://www.facebook.com/v3.1/dialog/oauth?client_id=249911186056401&scope=email&response_type=code&redirect_uri=https%3A%2F%2F**main.example.com**%2Fsignin-facebook&state=CfDJ8FXKlLU-VLlFryQdHqtwILDwFpBxeh1ZlS5hy7drEOaXtmdjBd8T8m4oyy7LvYttb8Ryyb894ZgCUGPINPQX_jWt-s1J2ZwtJirchyAWfsXXtqC69PYLxJNf84fbK_bXLrpd0eFE7Z0LAwq98gp-54lUwv3rZPNLZ4Jw1q3-3yjjFGTgAvJCDSgiTTxvIpY8E-3WlTlNPMfiFv4USoXHfYeKJaQ52EAAMdhA3dlAoALVsUkOl-0lNUjCP4xa4ZKcRuL1wJI1Gbk7Fg7Nyxzgqu4
I want to replace all instances of origin.example.com to main.example.com in Location header.
Here is my server block configurations
server {
listen [::]:80;
listen 80;
server_name main.example.com;
return 301 https://www.$host$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name main.example.com;
proxy_set_header Accept-Encoding "";
sub_filter_types *;
sub_filter_once off;
sub_filter "http:" "https:";
include https.conf;
}
You should reconfigure the OAuth client in Facebook to use a redirect URI of https://main.example.com. In the actual app, do not send https://origin.example.com when performing the OAuth authorization request, but use this one that Facebook is reconfigured to use. This will ensure that Facebook accepts the request, and will effectively hide the origin server. After login and authorization, Facebook will send the callback response to the NGINX proxy, which it can pass through to the hidden origin server.
I had a proxy server which redirects communications to some api on customer side via https. When I use configuration with set upstream variable (proxy_pass $upstream_endpoint$request_uri;), the DNS resolving for this domain (dynamic changing IP adress) is working well but I get response 403 unauthorized.
When I use configuration without upstream (proxy_pass https://api-test.example.com/api/), point directly to customer domain it works well, I am getting response 200 but DNS resolver is not working anymore..
Nginx config:
location /api-test.example.com/api/ {
resolver 10.100.10.1 valid=5s;
set $upstream_endpoint https://api-test.example.com;
proxy_pass $upstream_endpoint$request_uri;
#proxy_pass https://api-test.example.com/api/;
proxy_ssl_name api-test.example.com;
proxy_ssl_server_name on;
proxy_set_header Host api-test.example.com;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
By adding a URI to the proxy_pass statement, the requested URI is rewritten before passing it upstream. See this docuement for details.
So the URI /api-test.example.com/api/foo is rewritten to /api/foo.
You can achieve the same behaviour with a rewrite...break statement. See this document for details.
location /api-test.example.com/api/ {
rewrite ^/api-test.example.com(.*)$ $1 break;
set $upstream_endpoint https://api-test.example.com;
proxy_pass $upstream_endpoint;
...
}
Is there any way to add in request header while sending it to proxy server? I tried using add_header as well as proxy_set_header but it did not work for me.
Below is the headers.conf file content I tried:
Trial1:
proxy_set_header X-Name "Vishal";
Trial2:
add_header X-Name "Vishal";
My nginx\conf\includes\proxy.conf:
location /api/mysvc/v1 {
proxy_pass "https://mockable.io/mysvc/v1/";
proxy_pass_request_headers on;
proxy_set_header X-Name "Vishal";
}
I want to pass along this request header in every ajax request my app makes.
Just realised I should not add the proxy_set_header in my headers.conf file. Had to keep only in proxy.conf file for it to work. More so, these headers are not logged in browser debugging tool.
I'm setting up a web/app/db stack, and the nginx proxy configuration isn't working the way I thought it would.
so here is an example of the stack...the url of the application is:
https://testapp.com
here is the nginx config:
server {
listen 8886;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
#ELB
if ($http_user_agent = 'ELB-HealthChecker/2.0') {
return 200 working;
}
#HTTP to HTTPS
if ($http_x_forwarded_proto != 'https') {
return 301 https://$host$request_uri;
}
location / {
set $proxy_upstream_name "testapp.com";
port_in_redirect off;
proxy_pass http://internal-alb.amazonaws.com:8083/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Access-Control-Allow-Origin $http_origin;}
The app is proxied to an internal AWS alb, and it forwards it to a single (at this point) application server.
I'm able to get the site to serve. However, the application creates a redirect on login, and I get the following response.
Request URL:https://testapp.com/login
Request Method:POST
Status Code:302
Remote Address:34.192.444.29:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
content-language:en-US
content-length:0
date:Mon, 11 Sep 2017 18:35:34 GMT
location:http://testapp.com:8083/testCode
server:openresty/1.11.2.5
status:302
The redirect fails because it's being served on 443, not 8083.
For some reason the app or the proxy isn't updating the port as it doing it's reverse proxy thing, so that the redirect has the proxied port NOT the actual application port 443.
What do I need to do with nginx config to get it to redirect correctly.
thanks.
myles.
The normal behaviour of the nginx is to rewrite the upstream address to the address the page was served from. It looks like instead of using your upstream address (http://internal-alb.amazonaws.com:8083/), your app is responding using a mixture of the two (http://testapp.com:8083). You can either change the app behaviour, or, to fix it at the nginx level, can use the proxy_redirect directive.
I'm reasonably sure the directive to fix this is proxy_redirect http://testapp.com:8083/ https://testapp.com/;