i want to setup a dynamic proxy pass.
If i enter for example https://sub.mydomain.com/33544 then i want that the proxy pass to
https://10.10.10.10/33544.
So the only thing that change is the $request_uri.
So how must i config the location block that it will be redirect with the correct $request_uri in my example 33544 to https://10.10.10.10/33544 or if i type in 34778 then i will redirect to https://10.10.10.10/34778.
https://sub.mydomain.com/33544 -> https://10.10.10.10/33544
https://sub.mydomain.com/34778 -> https://10.10.10.10/34778
server {
# Setup HTTPS certificates
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub.mydomain.com;
ssl_certificate /etc/letsencrypt/live/sub.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub.mydomain.com/privkey.pem;
location / {
proxy_pass https://10.10.10.10:8001/$request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
}
Related
I need to do a redirect in NGINX, but when the PROXY_PASS occurs, the external site makes a redirect that I need to capture the full url, to make a new PROXY_PASS (including /stream).
My code is like this, but it doesn't work, it returns a 505 error.
server {
server_name mydomain.com;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
include /etc/nginx/snippets/ssl.conf;
location /stream {
add_header Access-Control-Allow-Origin *;
proxy_pass http://externalSite.com/stream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_intercept_errors on;
error_page 301 302 307 = #handle_redirect;
}
location #handle_redirect {
add_header Access-Control-Allow-Origin *;
set $saved_redirect_location '$upstream_http_location';
proxy_pass ${saved_redirect_location}/stream;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
The external site to redirect to https://anotherSite{XX}.com/any, but I only need the PROXY_PASS for https://anotherSite{XX}.com/stream.
obs. {XX} can change!
I need only https://anotherSite{XX}.com/stream (without /any).
obs: maybe it can influence something, the content of https://anotherSite{XX}.com/any is a SHOUTCast stream, but it may not influence anything.
I'm very grateful.
This is my domain.conf file in nginx:
server {
listen 80;
listen 8080;
server_name EXAMPLE.COM www.EXAMPLE.COM;
return 301 https://EXAMPLE.COM$request_uri;
}
server {
listen 443 ssl;
root /home/path;
ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Now when I type http://EXAMPLE.COM:8080 or http://EXAMPLE.COM:8080/some_folder/, my website over the port number 8080 works, but I want to remove this port number.
But what I want is:
--> Whenever I type http://EXAMPLE.COM:8080/folder, it redirects to https://EXAMPLE.COM/folder
I think the answer of what you are looking for is in proxy_redirect option, after proxy_pass.
This nginx configuration sample can be useful: (Take a look on proxy redirect line)
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect http://upstream:port/two/ /one/;
I think adding this should do the trick:
proxy_redirect http://127.0.0.1:8000 /blog;
You can find full documentation and examples in the nginx documentation.
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect
I have created a cert like this:
Following steps from:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/ nginx-selfsigned.crt
Using my domain example:
Common Name (e.g. server FQDN or YOUR name): www.examplesite1.com
Within the article it says I can have only 1 default server, which I assume the self cert will work on.
Lets say I have 2 websites on my nginx like this:
/etc/nginx/sites-available/examplesite1.com
/etc/nginx/sites-available/examplesite2.com
Both with config that looks like this: (with examplesite2.com for 2nd example.)
Notice, I am forwarding to a proxy server - node.js in my case.
server {
listen 80;
server_name examplesite1.com www.examplesite1.com;
return 301 https://$server_name$request_uri;
client_max_body_size 10G;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8000;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server {
# SSL configuration
server_name www.examplesite1.com www.www.examplesite1.com;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
}
Symlinks appropriately set:
ln -s /etc/nginx/sites-available/examplesite1.com /etc/nginx/sites-enabled/examplesite1.com
ln -s /etc/nginx/sites-available/examplesite2.com /etc/nginx/sites-enabled/examplesite2.com
If I change 'default_server' to my url, it breaks the nginx config
listen 443 ssl http2 www.examplesite1.com;
Error
nginx: [emerg] invalid parameter "www.examplesite1.com" in /etc/nginx/sites-enabled/examplesite1.com:18
nginx: configuration file /etc/nginx/nginx.conf test failed
The problem is if I keep default_server like this it then does not forward proxy to my nginx server and goes to my default server, which is my nginx index.html landing page which is not desired.
I realised my mistake
This code was never reached in the first server block so needed to go into the listen:443 server block:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8000;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
The reference to default_server did not break it but I have removed it anyway.
Updated now:
server {
listen 80;
server_name examplesite1.com www.examplesite1.com;
# redirect to https
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
server_name examplesite1.com www.examplesite1.com;
# remove redirect and replae with proxy stuff here...
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8000;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
I'm trying to set up Keycloak, however the tutorials expect me to visit http://localhost:8080, but I'm setting it up on a remote host and need to access the admin console externally. I've tried to expose it via Nginx. Keycloak Administration Console seems to work with the new domain name and port seamlessly, but it still tries to use the "http" urls instead of the "https" ones (I've the Nginx configured to redirect HTTP to HTTPS and I want to keep it that way for security reasons). I have found the problem is that it internally sets a variable:
var authServerUrl = 'http://example.com/auth';
While the correct url would be https://example.com/auth.
As a result, when I open https://example.com/auth/admin/master/console/ in the browser, I get the error:
Refused to frame 'http://example.com/' because it violates the following Content Security Policy directive: "frame-src 'self'".
How to fix that? The Nginx config I use is:
server {
server_name example.com;
listen 80;
listen [::]:80;
location / {
return 301 https://$server_name$request_uri;
}
}
ssl_session_cache shared:ssl_session_cache:10m;
server {
server_name example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ... <SSL and Gzip config goes here> ...
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
client_max_body_size 16m;
}
}
You are doing SSL offloading in the nginx, but you need to forward information that https schema was used also to the Keycloak (X-Forwarded-Proto header). Try this:
server {
server_name example.com;
listen 80;
listen [::]:80;
location / {
return 301 https://$server_name$request_uri;
}
}
ssl_session_cache shared:ssl_session_cache:10m;
server {
server_name example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ... <SSL and Gzip config goes here> ...
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080;
client_max_body_size 16m;
}
}
I'v set up a server that run with nginx as reverse proxy for an express app. I want the server to run on https, but when I access it via http, it doesn't redirect to https. Here is my config:
server {
listen 80;
server_name *.site.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
server_name *.site.com;
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
access_log /var/log/nginx/access.log;
location / {
proxy_pass http://57.52.110.112:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
}
I can't find out why this isn't redirecting me to https. How can I make it work? thanks.