putting Nginx in front of Logstash? - nginx

When I search for nginx logstash , most talks about hadling nginx log with logstash.
I'm not doing that.
I'm thinking of putting Nginx in front of logstash.
Is it ok or beneficial to let logstash handle the http requests directly? (Because I couldn't find docs which puts Nginx in front of logstash, I think the term for this pattern is reverse proxy.. although I don't get why it's called reverse nor proxy)

Related

Kubernetes Ingress/Reverse and Forward Proxy with ssl interception

I have a requirement that incoming as well as outgoing SSL traffic to a POD in a Namespace has to terminate at a proxy (the same), this proxy should look at a special part in the header of the packet and decide if the packet is allowed for out or in, if not the proxy has to send an 403.
I already took look at Istio and Envoy, but I couldn't find a solution for my problem.
Now I decided to start a separate NGINX-POD in my namespace and always route the traffic through it. So I'll be able to create a custom python module that does the Checks for me.
But I would rather work with native methods, if possible. Now I wanted to ask you, if you have an idea, what to use for this scenario.
Client -> nginx ingress (ssl pathrough) -> nginx (reverse/forward) proxy -> app
app -> nginx (reverse/forward) proxy -> Client
EDIT: or should I take a look at squid or something like that? :O

Nginx Ingress Selective Reverse Proxy Location Rewrite

I have an Nginx Ingress that I'm trying to use to replace my HTTPD reverse proxy.
One of my servers behind the proxy returns a redirect containing this url https://proxy/endpoint. Originally with my HTTPD reverse proxy, I was able to modify outgoing http/https traffic headers (specifically location) and regex the proxy to the proper external dns name. How can I achieve this with Nginx Ingress. I see
nginx.ingress.kubernetes.io/proxy-redirect-from
nginx.ingress.kubernetes.io/proxy-redirect-to
Essentially I would like to modify the outgoing traffic to change the location from https://proxy to whatever I need it to be.
It was indeed those two fields I had to add as annotations to my Ingress.yaml. Once those were in place, things got routed correctly.

how to print dynamic port in nginx reverse proxy

I want to print the dynamic port created by Nginx in reverse proxy mode, so as to capture the specific packet.
I have go through the nginx docs, but not find something useful. by the way, any other alternatives are welcome

Atlasssian Crucible through AWS ELB with HTTPS

I've recently setup a Crucible instances in AWS connected via a HTTPS ELB. I have a nginx reverse proxy setup on the instance as well to redirect HTTP requests to HTTPS.
This partially works. However Crucible itself doesn't know it's running over HTTPS so serves up mixed content, and ajax queries often break due to HTTP -> HTTPS conflicts.
I've found documentation for installing a certificate in Crucible directly...
https://confluence.atlassian.com/fisheye/fisheye-ssl-configuration-298976938.html
However I'd really rather not have to do it this way. I want to have the HTTPS terminated at the ELB, to make it easier to manage centrally through AWS.
I've also found documentation for using Crucible through a reverse proxy...
https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html
However this doesn't specifically deal with HTTPS.
All I really need is a way to ensure that Crucible doesn't serve up content with hard coded internal HTTP references. It needs to either leave off the protocol, or set HTTPS for the links.
Setting up the reverse proxy configuration should help accomplish this. Under Administration >> Global Settings >> Server >> Web Server set the following:
Proxy scheme: https
Proxy host: elb.hostname.com
Proxy port: 443
And restart Crucible.
Making configuration on UI is one way. You can also change config.xml in $FISHEYE_HOME:
<web-server site-url="https://your-public-crucible-url">
<http bind=":8060" proxy-host=“your-public-crucible-url" proxy-port="443" proxy-scheme="https"/>
</web-server>
Make sure to shutdown FishEye/Crucible before making this change.
AFAIK, this configuration is the only way to tell internal Jetty of FishEye/Crucible to be aware of the reversed proxy in front of them.

Nginx Reverse Proxy to Remote Server

Okay, so I know there is a lot of questions about Nginx Reverse Proxy but I don't understand any of the answers. I read the documentation on Nginx's website and I kind of get it but need some help.
So here is what I want.
Visitor ---> Nginx Reverse Proxy ---> Nginx Server (Website)
I know that you can get the reverse proxy to listen to a remote server, but I can't find the configuration files that I want. I also want to show a static html page when passing through the Nginx Reverse Proxy. So like a page that says "Hosted by this company", like Cloudflare does. I asked someone and they told me if I put the html file on the reverse proxy server then it'll show up when the visitor goes through the server, but I don't understand that concept, how do I get that static html to show up? And what will be the correct configuration be for this? I imagine it'll be different from a normal remote server configuration.
Thanks in advance!
In Nginx reverse proxy configuration it is possible to make some urls to be served from reverse proxy itself without going to source server.
Take a look at the following article: https://www.cevapsepeti.com/how-to-setup-nginx-as-reverse-proxy-for-wordpress/
In this article you can see in virtual.conf lines 51-55 that error_pages are served directly from reverse proxy, while other assets are fetched from source server first. Cloudflare employs the same concept. I hope this helps.

Resources