Develop Reference

Nginx reverse proxy return 502

I'm very new to nginx and server game and i'm trying to setup a reverse proxy. Basically what i need is when i enter my server ip it should open a particular website (Ex: https://example.com).
So for example if i enter my ip (Ex: 45.10.127.942) it should open the website example.com , but the url should remain as http://45.10.127.942.
I tried to set my server configuration as follows but it returns a 502 error.
server {
listen 80;
location / {
proxy_pass http://example.com;
}
}
It returns a 502 error. Can you please explain what i need to do?

You can have something like this in your configuration file:
server {
root /var/www/html;
server_name _;
location / {
try_files $uri $uri/ /index.html;
}
}
Place the index.html file in root folder specified.
Then just restart the NGINX and it should work.
What is the problem with your configuration file is you should not proxy_pass.
If you want to open the other website, you should have DNS record pointing to that IP. What actually happens is the thing you are trying to do is known as CLICKJACKING. For more details, search CLICKJACKING on google and you will find a lot of references.

Nginx reverse proxy - Internal servers separated by trailing slash

I'm a newbie at Nginx, and have been searching a lot for the right answer to my question, but couldn't find it; not because it is not there, but my newbie condition limits me to adapt a generic solution to my issue.
The situation is this:
I have a Mantis Bug Tracker in my private LAN (http://10.111.111.12).
On the other hand, i have an OwnCloud website also on my LAN (IP 10.111.111.5), with URL http://10.111.111.5/owncloud/.
What i want to do is to deploy a Nginx Reverse Proxy that handles all requests from Internet at publicdomain.com, and use trailing slash for each internal webserver. The desired result would be:
http://www.publicdomain.com/bugtracker -> redirects to http://10.111.111.12/index.php
http://www.publicdomain.com/cloud -> redirects to http://10.111.111.5/owncloud/ (note that "cloud" is preferred over "owncloud")
On the future, it is necessary to continue using trailing slash for other web servers to be deployed.
Questions are:
is this scenario possible? if so, is it enough with configuring nginx or I have to reconfigure internal web servers as well?
I really appreciate your help, by indicating me a possible solution or pointing me to the right direction on previous posts.
Thanks a lot in advance.

Yes it is possible to achieve such configuration and it's commonly used when NGINX is acting as a reverse proxy. You can use this configuration as an inspiration for building your own:
upstream bugtracker {
server 10.111.111.12;
}
upstream cloudupstream {
server 10.111.111.5;
}
server {
listen 80;
location /bugtracker/{
proxy_pass http://bugtracker;
}
location /cloud/{
proxy_pass http://cloudupstream/owncloud;
}
}
What's happening over here is that nginx will be listening on port 80 and as soon as a request comes for path /bugtracker, it will automatically route the request to the upstream server mentioned above. Using this you can add as many upstream servers and location blocks as you want.
Reference: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass

Thanks a lot Namam for your quick answer. However, it isn't working yet. It seems that "server" at upstream directive does not allow slash, like this:
server 10.111.111.5/owncloud;
If i used it, i obtained
nginx: [emerg] invalid host in upstream "10.111.111.5/owncloud" in /etc/nginx/nginx.conf:43
I started with the first upstream bugtracker, only, and nginx.conf like this:
upstream bugtracker {
server 10.111.111.12;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location /mstic{
proxy_pass http://bugtracker;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
After that, when accesing to my Nginx Reverse proxy http://10.111.111.10/mstic/ i obtain the following:
Not Found The requested URL /mstic/ was not found on this server.
and no further details on error or access logs.
Thanks a lot in advance for any extra help you could bring me.

Failing in allowing requests from an IP access to Nginx without supplying credentials

I'm trying to implement Nginx whitelisting, namely to allow users - coming from a certain IP address - access to Nginx without supplying credentials.
However, even though I followed the Nginx documentation, requests coming from a browser on that IP are challenged for username/password (401 Authentication Required).
That's my configuration (on AWS/EC2 CentOS 7 instance):
[centos#ip-172-31-94-4 nginx]$ cat /etc/nginx/conf.d/default.conf
server {
location / {
root /usr/share/nginx/html;
index index.html index.htm;
satisfy all;
# Requests from this IP need not supply a password
allow 96.53.xx.xx;
deny all;
# Others should supply username/passwords
auth_basic "Private site";
auth_basic_user_file /etc/nginx/.htpasswd;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ /\.ht {
deny all;
}
}
Can you suggest how to make Nginx requests coming from 96.53.xx.xx pass through without being challenged for username/password?
Edit:
Browser cache and history were cleared, and sudo nginx -s reload executed.

After changing satisfy all to satisfy any, the whitelisting seems to be working.

Nginx reverse proxy load upstream list from external file

I'm writing an automation to add new servers to the upstream.
Currently my upstream block is embedded in the reverse proxy configuration file with a proxy_pass http://backbones; directive in the server block.
I would like to separate the upstream block to a different file so it will be easier to parse it.
Is it possible to load the upstream block from a different file?
Thanks,
Liron

Try this:
Create a file named /etc/nginx/upstream.conf
Put you initial upstreams here:
server ip:port;
server ip:port;
Change your config (ie default.conf) to something like this:
upstream cluster {
include /etc/nginx/upstream.conf;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://cluster;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Then you can parse and edit upstream.conf and do nginx -s reload to make the configuration live.

And for proxy_pass directive?
It's possible to configure an external file ?
Thanks

is there a way to fallback nginx proxy_pass if header set

nginx server serves http://server1.com, http://server2.com and http://server3.com.
nginx upstreams request process to some ruby code.
server1.com, server2.com and server3.com are actually some static files stored on amazon s3.
I want to do next: find bucket name for 'server1' host, put in db some logs and notify nginx to stream from amazon.
Maybe via setting in ruby code header with url to amazon s3 bucket and using this url later by nginx.
The flow: browser -> nginx -> ruby -> nginx -> amazon_s3 -> browser
I found how i can do this on error:
http {
server {
listen 12345; #Port that my custom app was assigned
server_name mydomain.com;
location / {
proxy_intercept_errors on;
error_page 400 403 502 503 504 = #fallback;
proxy_pass http://the_old_site_domain.com;
}
location #fallback {
proxy_pass http://myfallback.domain.com;
}
}
}
But is there a way to do something similar based on header appereance?
Thanks!
UPD
This is how i can test my header:
if ($http_x_custom_header) {
....
}
If set nginx should do some internal redirect, right?
But how it can be invoked after ruby code?

There is special headers called X-Accel-....
You need X-Accel-Redirect.