I have an instance of Nginx Plus deployed as a reverse proxy. The proxy app returns a "set-cookie" header in the response which I'd like to modify (the domain associated with the to-be cookie):
Change
set-cookie:key=value;Path=/;HttpOnly;Domain=my.domain.net
to
set-cookie:key=value;Path=/;HttpOnly;Domain=new.domain.com
Needless to say I can't modify the application to use something like an outbound rewrite rule.
The Nginx http proxy module has two directives which manipulate the “Set-Cookie” header in the response from the upstream server.
proxy_cookie_path can change the path attribute of the “Set-Cookie” header.
proxy_cookie_domain can change the domain attribute of the “Set-Cookie” header.
Related
so I have an nginx server. And i'm trying to make it so if the host header is test1.example.com, it will proxy pass / forward the request to the specific IP. How could I do that? I've searched everywhere and can't find anything about it.
I'm using NGINX as a proxy cache server for my image optimization, and want to pass the accept HTTP header from the client's request to the backend through the proxy.
Is this possible and if so, how can I do this?
The reason why I want to do this is that because the backend decides based on the accept header the file format of the response.
Thanks in advance for your help!
You need to set
proxy_pass_request_headers on;
in your proxy settings block
I use wicket 8.10, it is installed on tomcat and proxied by nginx. SSL certificates configured in nginx config. Also Nginx forwards all HTTP requests to HTTPS.
The problem is following:
When I submit any form wicket returns response headers where the Location tag contains url with HTTP protocol.
Why it is important:
The last chrome update makes browser show alert when Location contains HTTP protocol on page opened by HTTPS. Before that, nginx quietly redirected the request, but now user see alert page from browser (similar to when certificate is invalid or absence).
The problem here is that your Wicket application does not know that it is behind a proxy.
There are two solutions:
use XForwardedRequestWrapperFactory
It will wrap the Tomcat's HttpServletRequest with one that reads X-Forwarded-*** request headers.
Just make sure that Nginx exports X-Forwarded-Proto request header
use HttpsMapper
Just overwrite protected Scheme getDesiredSchemeFor(Class<? extends IRequestablePage> pageClass) to return Scheme.HTTPS in PRODUCTION mode and Scheme.HTTP in DEVELOPMENT mode (I assume you don't use Nginx proxy while developing)
The simplest solution I have found is to use the nginx directive:
proxy_redirect http://example.com https://example.com;
It changes location header from http://example.com/any/path to https://example.com/any/path
For the default server case can the reverse proxy just to send the request to the original intended location?
essentially just letting certain requests "pass thru"
I tried something like this but it did not work
location / {
proxy_pass $request_uri
}
I am trying to configure NGINX as a forward proxy to replace Fiddler which we are using as a forward proxy. The feature of Fiddler that we use allows us to proxy ALL incoming request to a 8888 port. How do I do that with NGINX?
In all examples of NGINX as a reverse proxy I see proxy_pass always defined to a specific upstream/proxied server. How can I configure it so it goes to the requested server, regardless of the server in the same way I am using Fiddler as a forward proxy.
Example:
In my code:
WebProxy proxyObject = new WebProxy("http://mynginxproxyserver:8888/",true);
WebRequest req = WebRequest.Create("http://www.contoso.com");
req.Proxy = proxyObject;
In mynginxproxyserver/nginx.conf I do not want to delegate the proxying to another server (e.g. proxy_pass set to http://someotherproxyserver). Instead I want it to just be a proxy server, and redirect requests from my client (see above) to the request host. That's what Fiddler does when you enable it as a proxy: http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/UseFiddlerAsReverseProxy
Your code appears to be using a forward proxy (often just "proxy"), not reverse proxy and they operate quite differently. Reverse proxy is for server end and something client doesn't really see or think about. It's to retrieve content from the backend servers and hand to the client. Forward proxy is something the client sets up in order to connect to rest of the internet. In turn, the server may potentially know nothing about your forward proxy.
Nginx is originally designed to be a reverse proxy, and not a forward proxy. But it can still be used as a forward one. That's why you probably couldn't find much configuration for it.
This is more a theory answer as I've never done this myself, but a configuration like following should work.
server {
listen 8888;
location / {
resolver 8.8.8.8; # may or may not be necessary.
proxy_pass http://$http_host$uri$is_args$args;
}
}
This is just the important bits, you'll need to configure the rest.
The idea is that the proxy_pass will pass to a variable host rather than a predefined one. So if you request http://example.com/foo?bar, your http header will include host of example.com. This will make your proxy_pass retrieve data from http://example.com/foo?bar.
The document that you linked is using it as a reverse proxy. It would be equivalent to
proxy_pass http://localhost:80;
You can run into url encoding problems when using the $uri variable as suggested by Grumpy, since it is decoded automatically by nginx. I'd suggest you modify the proxy pass line to
proxy_pass http://$http_host$request_uri;
The variable $request_uri leaves the encoding in tact and also contains all query parameters.