Is it possible to mask a sub-domain to point to another sub-domain like so:
sub.domain.comto sub2.domain.com/example/example2.
I was able to sort of get this by using this nginx configuration:
server {
listen 443 ssl http2; # managed by Certbot
<!-- ssl_certificate goes here -->
server_name sub.domain.com;
rewrite ^/?$ https://sub2.domain.com/example/example2 permanent;
}
But the problem with this config is that when you go to sub.domain.com you are redirected to sub2.domain.com/example/example2 instead of just masking the URL.
And if I go to sub.domain.com/test instead of going to sub2.domain.com/example/example2/test it just shows 404 page.
Finally! I figured it out myself.
Instead of rewrite I had to use proxy_pass. And to extend the URL, I just needed to add a / to the end of URL:
location / {
proxy_pass https://sub2.domain.com/example/example2/; <-- Note the slash at the end
proxy_redirect off;
proxy_set_header X-Real-IP sub2.domain.com;
proxy_set_header X-Forwarded-For sub2.domain.com;
proxy_set_header Host sub2.domain.com;
}
Full code:
server {
listen 443 ssl http2; # managed by Certbot
<!-- ssl_certificate goes here -->
server_name sub.domain.com;
location / {
proxy_pass https://sub2.domain.com/example/example2/;
proxy_redirect off;
proxy_set_header X-Real-IP sub2.domain.com;
proxy_set_header X-Forwarded-For sub2.domain.com;
proxy_set_header Host sub2.domain.com;
}
}
Related
I only want to allow access to my server from one domain. Lets say my domain is called "mydomain.mydomain.com" (yes, it is a subdomain).
Normally I would write everywhere server_name mydomain.mydomain.com, but I changed it to a non-existing domain and I can still enter the website? Why is my website working also from other domains? I know nginx is normally using the first server-block if no server_name is found, but my first server-block is my catch-all non-existing domain block. I defined server_name _; and default_server, but still, my website is working.
I have the following configuration:
server {
#If server_name mydomain.mydomain.com is not found return 444
listen 80 default_server;
server_name _;
return 444;
}
# redirect all traffic to https if the domain is mydomain.mydomain.com (server_name)
server {
listen 80;
listen [::]:80;
#-------------------------------------------
# I CHANGE HERE TO A NON-EXISTING DOMAIN AND MY WEBSITE IS STILL WORKING?!?!?
#-------------------------------------------
server_name nonExistingDomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /config/www;
index index.html index.htm index.php;
#-------------------------------------------
# I CHANGE HERE TO A NON-EXISTING DOMAIN AND MY WEBSITE IS STILL WORKING?!?!?
#-------------------------------------------
server_name nonExistingDomain.com;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
client_max_body_size 0;
error_page 404 =200 /portal;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location = / {
return 301 https://mydomain.mydomain.com/portal;
#try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /pea {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/pea;
# do not pass the CORS header from the response of the proxied server to the
# client
#proxy_hide_header 'Access-Control-Allow-Origin';
}
location /portal {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8180/portal;
}
location /auth {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8280/auth;
}
}
You are listening to the IpV6 network socket in your server blocks where you change domain to non-existent. Since there are no other such server blocks, they are the default for those IPv6 ports.
Note that your first server block is default only for IPv4 network socket listen 80 default_server;.
Thus the behavior can be explained only by the fact that you are connecting/testing over IpV6.
To avoid inconsistency, use default_server for all your listen options. E.g. in the first server block add default server for IPv6 too:
server {
#If server_name mydomain.mydomain.com is not found return 444
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
I'm trying to setup nginx to reverse proxy to a port dynamically based on port found in path.
So https://my-nginx.uksouth.cloudapp.azure.com/58585/some/route goes to https://localhost:58585/some/route
And https://my-nginx.uksouth.cloudapp.azure.com/59595/some/route goes to
https://localhost:59595/some/route
I can hard code the config like this
server {
server_tokens off;
server_name my-nginx.uksouth.cloudapp.azure.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-nginx.uksouth.cloudapp.azure.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-nginx.uksouth.cloudapp.azure.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /58585 {
proxy_pass http://localhost:58585/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location /59595 {
proxy_pass http://localhost:59595/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
server {
if ($host = my-nginx.uksouth.cloudapp.azure.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-nginx.uksouth.cloudapp.azure.com;
return 404; # managed by Certbot
}
and reverse proxy like this
ssh -R 58585:localhost:58585 myuser#my-nginx.uksouth.cloudapp.azure.com
ssh -R 59595:localhost:59595 myuser#my-nginx.uksouth.cloudapp.azure.com
This works as expected; then I've tried to make this dynamic
So https://my-nginx.uksouth.cloudapp.azure.com/targetPort/some/route goes to https://localhost:$targetPort/some/route
The best I can come up with is the following but this keeps failing and with a 502 bad gateway.
location ~ /([0-9]+) {
set $targetPort $1;
proxy_pass http://localhost:$targetPort/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
Can someone guide me with the correct way to do this ?
Thanks!
According to documentation:
In some cases, the part of a request URI to be replaced cannot be determined:
When location is specified using a regular expression, and also inside named locations.
In these cases, proxy_pass should be specified without a URI.
I think you can try to use rewrite here to specify an URI:
location ~ ^/(\d+) {
set $targetPort $1;
rewrite /\d+(.*) $1 break;
proxy_pass http://localhost:$targetPort;
...
}
Maybe this can be optimized for one regex matching instead of two:
location ~ ^/(\d+)(.*) {
set $targetPort $1;
set $newuri $2;
rewrite . $newuri break;
proxy_pass http://localhost:$targetPort;
...
}
But it needs to be tested, nginx behavior is unpredictable sometimes.
Update
This is definitely can be optimized to
location ~ ^/(?<targetPort>\d+)(?<newURI>.*) {
rewrite . $newURI break;
proxy_pass http://localhost:$targetPort;
...
}
I'm trying to migrate from WordPress to self hosted Ghost blog. In the process I wish to clean up url's for my posts from https://example.com/categoryid/slug to https://example.com/slug. Cateogryid is seems to be whole number containing 1-4 digits.
The problem is that I have also urls that I don't want to rewrite
don't rewrite for img: https://example.com/content/images/2020/01/logo.png
rewrite for post: https://example.com/1886/slug
What I have tried:
this works, but for both url's
rewrite ^(.*)(\/\d*\/)(.*)$ https://example.com/$3 redirect;
this should be a match with an online regEx tester, but does not work
rewrite \.*(com)(\/\d*\/)(.*)$ https://example.com/$3 redirect;
passing proxy before and after rewrite rules
location /content/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass example_ip ;
}
full config:
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# redirect /id/slug -> slug
rewrite ^(.*)(\/\d*\/)(.*)$ https://example.com/$3 redirect;
# redirect category -> tag
rewrite (category\/)(.*)$ https://example.com/tag/$2 permanent;
# redirect blog -> archive
rewrite (blog\/)$ https://example.com/archive permanent;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://example_ip;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
In the URLs https://example.com/content/images/2020/01/logo.png and https://example.com/1886/slug, the URI seen by the rewrite directive is /content/images/2020/01/logo.png and /1886/slug respectively.
You need to rewrite URIs which contain 1 to 4 digits in the first path element.
Use either:
rewrite ^/\d+(/.*)$ $1 redirect;
Or:
rewrite "^/\d{1,4}(/.*)$" $1 redirect;
The last variant must use the quotes to protect the embedded brace characters.
See this document for details.
With the following settings I am able to access the wordpress site which is hosted at localhost:8080 but the problem occurs when I enable the wordpress URL structure as post name instead of regular query string from permalinks settings.
#nginx server settings
server {
listen 80;
listen [::]:80;
server_name blog.mysite.com;
#use https always
return 307 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
error_log /etc/nginx/logs/blog.mysite.com.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/blog.mysite.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.mysite.com/privkey.pem;
proxy_set_header X-SSL-CLIENT-CERT $ssl_client_cert;
server_name blog.mysite.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
also I have added the following snippet to wp-config.php
//wp-config.php modifications
if($_SERVER['HTTP_X-FORARDED-FOR'] == 'https') {
$_SERVER['HTTPS'] = 'on'
}
if(isset($_SERVER['HTTP_X_FORARDED_HOST']) {
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORARDED_HOST']
}
I just want to use nginx as reverse proxy as I am planning to host nodejs apps on the same server, also I never used php fast cgi with nginx so any solution with my existing environment is preferable.
Thank you.
I want to strip the www from my url in my nginx configuration and looking around the documentation and stack overflow posts I wrote the following configuration but it doesn't seem to be working.
server_name {
server_name www.subdomain.domain.com;
rewrite ^(.*) https://subdomain.domain.com/$1 permanent
}
server_name {
server_name subdomain.domain.com;
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /file;
index index.html index.htm app.js;
location /{
proxy_pass https://subdomain.domain.com:443/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /*/ {
proxy_pass https://subdomain.domain.com:443/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
error_page 404 /404.html;
}
But it doesn't seem to be working at all. However whenever I try to go to the site using www.subdomain.domain.com i can't access the site but doing https://subdomain.domain.com works fine. Any advice on this would be great thanks.
You have typo in nginx config (server_name instead server), and try return instead rewrite as more proper way:
server {
server_name www.subdomain.domain.com;
return 301 $scheme://subdomain.domain.com$request_uri;
}