nginx proxy is not working using subdomain - nginx

i have two domains
alpha.mydomain.com and api-alpha.mydomain.com
I am trying to use nginx as a proxy
i am getting the error
Access to XMLHttpRequest at 'https://api-alpha.mydomain.com/dup-check'
from origin 'https://alpha.mydomain.com' has been blocked by CORS
policy: Response to preflight request doesn't pass access control
check: No 'Access-Control-Allow-Origin' header is present on the
requested resource.
i would think based on my setup , the request should not be using api-alpha.mydomain.com but 127.0.0.1 (and not getting the CORS error)
NOTE:: i am using cloudflare https so the console errors are https by cloudflare is the SSL and talking to port 80 to my nginx server
this is part of my nginx config
server {
listen 80;
server_name alpha.mydomain.com ;
access_log /var/log/nginx.access_log main;
root /home/mydomain/react-front/dist;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name api-alpha.mydomain.com ;
access_log /var/log/nginx-api-alpha-access.log main;
location /{
proxy_pass http://127.0.0.1:4001/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}
This is the entry from the nginx-api-alpha-access.log
"OPTIONS /dup-check HTTP/1.1" 502 750 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36" "-"
This is the entry from /var/log/nginx/error.log
[error] 1280#1280: *12 connect() failed (111: Connection refused) while connecting to upstream, client: 172.xx.xxx.xxx, server: api-mydomain.trigfig.com, request: "OPTIONS /dup-check HTTP/1.1", upstream: "http://127.0.0.1:4001/dup-check", host: "api-alpha.mydomain.com"
Thanks, not sure what i am missing in my config

try change to
server {
listen 80;
server_name alpha.mydomain.com ;
access_log /var/log/nginx.access_log main;
root /home/mydomain/react-front/dist;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name api-alpha.mydomain.com ;
access_log /var/log/nginx-api-alpha-access.log main;
location /{
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,Authorization';
proxy_pass http://127.0.0.1:4001/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}

Related

connect() failed (110: Connection timed out) while connecting to upstream

I have configured nginx setup like below
Nginx running as front end reverse proxy and routing live traffic to couple of upstream servers onprem and aws (Refer nginx site conf below). Here we trying to mirror the original On-Prem hosted application traffic to AWS hosted application which we using it as pre-production testing before completely migrate application to AWS cloud.
We noticed below things,
All original live traffic routed to onprem upstream server which is running on localhost:10200
We see few request failed with connection timeout while mirroring to aws upstream server which is running in AWS cloud
I am getting below error in nginx error log
connect() failed (110: Connection timed out) while connecting to
upstream
upstream onprem {
server localhost:10200;
keepalive 1024;
}
upstream aws {
server <myserver-name>:443;
keepalive 1024;
}
server {
server_name _;
listen 80 default_server;
client_header_buffer_size 16k;
client_header_timeout 900s;
client_max_body_size 100M;
client_body_buffer_size 100M;
client_body_timeout 900s;
proxy_connect_timeout 200s;
proxy_send_timeout 1200s;
proxy_read_timeout 1200s;
send_timeout 1200s;
proxy_buffers 16 128k;
proxy_buffer_size 16k;
proxy_redirect off;
proxy_busy_buffers_size 256k;
port_in_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
location / {
mirror /mirror;
proxy_pass http://onprem;
}
location = /mirror {
add_header 'Access-Control-Allow-Origin' 'https://myserver-name';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
internal;
set $delimiter "?";
if ($is_args) {
set $delimiter "&";
}
#log_subrequest on;
set $flag "${delimiter}useTest=true";
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://myserver-name';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
proxy_ssl_server_name on;
set $new_uri $request_uri;
if ($request_uri ~ "^/ingest(.*)$") {
set $new_uri /test$1;
}
proxy_pass https://aws$new_uri$flag;
}
}

Nginx Config for Camunda Webapp

I am configuring camunda webapp with nginx reverse proxy. Applications is loading perfectly fine using location / (Root Path). But I need to access it using a readable location path e.g. /process/. I tried a lot with several rewrites and redirections but to no success.
At root path all the static content loads but with other location path it fails. I'm a newbie in Nginx So it would make complete sense if i'm missing something very trivial.
Here is my config with location as Root Path:
server {
listen 8080;
server_name abc.xyz.net;
rewrite_log on;
error_log /var/log/nginx/localhost.error_log notice;
location / {
# Simple requests
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" *;
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
proxy_pass http://camunda-webapp.xyz.net;
proxy_set_header X-Forwarded-Host $host/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_read_timeout 180s;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
On another context, If I try to give full URL in proxy_pass(Refer below config) then it works but the browser URL gets completely changed to proxy_pass URL.(I had even tried with proxy_redirect to retain the original URL but it doesn't work)
server {
listen 8080;
server_name abc.xyz.net;
rewrite_log on;
error_log /var/log/nginx/localhost.error_log notice;
location /process/ {
rewrite ^\/(?>[process]+)(\/.*) $1 break;
# Simple requests
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" *;
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
proxy_pass http://camunda-webapp.xyz.net/app/welcome/default;
proxy_redirect http://camunda-webapp.xyz.net/app/welcome/default https://abc.xyz.net/process
proxy_set_header X-Forwarded-Host $host/process;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_read_timeout 180s;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Any kind of info or help will be appreciated. Thanks in Advance.
Bella Ciao!
I think the trick is to specify the same location context of the nginx as the context path of the your application.
Also, please remove url rewrite as its not needed here.

Nginx auth before return

Im using nginx with auth.
All auths works properly in the locations is set, but I have a location /marathon that return same url with other port. I have added auth to this location, but it does not work. I think is regarding to the return directive but I dont know why and how to handle it or solve it. I've been searching but I can't find nothing about this
Any ideas why or how to handle it?
user root;
worker_processes 4; # 2 per core
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
upstream mypelotweb {
least_conn;
server myweb.marathon.mesos:8001;
server myweb.marathon.mesos:8002;
server myweb.marathon.mesos:8003;
server myweb.marathon.mesos:8004;
}
upstream mypelotwebsockets {
least_conn;
server myweb.marathon.mesos:8001;
server myweb.marathon.mesos:8002;
server myweb.marathon.mesos:8003;
server myweb.marathon.mesos:8004;
}
upstream wingmantracker {
least_conn;
server mywing-tracker.marathon.mesos:8011;
server mywing-tracker.marathon.mesos:8012;
}
upstream club {
server club.marathon.mesos:5000;
}
upstream soccerint {
server soccerint.marathon.mesos:5005;
}
upstream enet {
server enet-web.marathon.mesos:5003;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format uri $request_uri;
access_log /var/log/nginx/access.log;
keepalive_timeout 65;
proxy_read_timeout 200;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/html text/css text/xml
application/x-javascript application/xml
application/atom+xml text/javascript;
proxy_next_upstream error;
server {
server_name mytree.com;
listen 80;
error_log /var/log/nginx/errorhttp.log;
access_log /var/log/nginx/accesshttp.log;
return 301 https://$host$request_uri;
}
server {
server_name mytree.com;
listen 443;
error_log /var/log/nginx/errorhttps.log;
access_log /var/log/nginx/accesshttps.log uri;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
root /www/mytree;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /mypelot {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://mypelotweb;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location ~* ^/mypelot$ {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://mypelotweb;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /mypelot/ws {
proxy_pass http://mypelotwebsockets;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /wingmantracker {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://wingmantracker;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /club {
proxy_pass http://club;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /soccerint {
proxy_pass http://soccerint;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /enet {
proxy_pass http://enet;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /mypelot-messenger {
return 301 http://mypelot-messenger.marathon.mesos:15672;
}
location /mesos {
return 301 http://mytree.com:5050;
}
location /marathon {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
return http://mytree.com:8080;
}
location /jenkins {
return 301 http://myserver.ovh.net:8082;
}
location /jira {
return 301 https://mymymy.atlassian.net;
}
location /bitbucket {
return 301 https://bitbucket.org/statistics/;
}
location /confluence {
return 301 https://stats.atlassian.net/wiki/;
}
}
}

Nginx: (111: Connection refused) while connecting to upstream

I'm trying to use to Nginx for reverse proxy. I have 1 Node.js app on port 3333 and Golang app on port 3334. When calling to Golang API, I see this message in /var/log/nginx/error.log:
2016/07/15 10:18:36 [error] 4835#0: *131 connect() failed (111: Connection refused) while connecting to upstream,
client: 27.69.66.52,
server: video1.techmaster.vn,
request: "GET /stream/dash/5klRyUnPVyDWouxscIT42uWs5JL4x9nHFol9ecg5g0GLf7aTaI/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwcmljZSI6MCwiZnVsbCI6dHJ1ZSwidmlkZW8iOnsiaWQiOjEwODcsIm5hbWUiOiJtcDNaaW5nU2hvd0RhdGEtMjY0Lm1wNCIsInBhdGgiOiIvbWVkaWEvODIxNyJ9LCJhdHRhY2htZW50IjpbXSwiZXhwIjoxNDY4NTU2NTE2fQ.qc9d_XPhCepHf5iJyf9ORBPOo3pTvF8Th_VMadNSM2o/43f_vid_19.m4s HTTP/1.1",
upstream: "http://127.0.0.1:3334/stream/dash/5klRyUnPVyDWouxscIT42uWs5JL4x9nHFol9ecg5g0GLf7aTaI/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwcmljZSI6MCwiZnVsbCI6dHJ1ZSwidmlkZW8iOnsiaWQiOjEwODcsIm5hbWUiOiJtcDNaaW5nU2hvd0RhdGEtMjY0Lm1wNCIsInBhdGgiOiIvbWVkaWEvODIxNyJ9LCJhdHRhY2htZW50IjpbXSwiZXhwIjoxNDY4NTU2NTE2fQ.qc9d_XPhCepHf5iJyf9ORBPOo3pTvF8Th_VMadNSM2o/43f_vid_19.m4s",
host: "video1.techmaster.vn",
referrer: "https://techmaster.vn/khoa-hoc-online/8217/lap-trinh-ios-swift/96/Location-Notification"
I don't know what's the problem from. Maybe I have done some mistake in Nginx config. Here is my Nginx configuration:
server {
listen 80;
server_name video1.techmaster.vn www.video1.techmaster.vn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 spdy ssl;
server_name video1.techmaster.vn www.video1.techmaster.vn;
keepalive_timeout 30;
# Allow upload video up to 100M
client_max_body_size 100M;
# Config SSL
ssl on;
ssl_certificate /etc/ssl/cert_chain.crt;
ssl_certificate_key /etc/ssl/private/sv.video1.techmaster.vn.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "xxxxxxxxxx";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
location ~* /.*\.(xml)$ {
root /var/www/videos.techmaster.vn/public;
expires 7d;
}
location /stream/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3334;
set $cors '';
if ($http_origin ~* (localhost|www\.techmaster\.vn|techmaster\.vn)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3333;
set $cors '';
if ($http_origin ~* (localhost|www\.techmaster\.vn|techmaster\.vn)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
}
I have edited Nginx config and it works
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
server_name 192.168.1.10;
keepalive_timeout 30;
# Config SSL
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
# Allow upload video up to 100M
client_max_body_size 100M;
location ~* /.*\.(xml)$ {
root /var/www/videos.techmaster.vn/public;
expires 7d;
}
location /stream/* {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3334;
set $cors '';
if ($http_origin ~* (localhost|tech\.dev)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3333;
set $cors '';
if ($http_origin ~* (localhost|tech\.dev)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
}
I had got same issue while configuring AWS with node platform.
I used 3000 port to start the application.
When I changed my port to 8081 it worked.

NGINX: serve static file when proxy_pass fails

I have a frontend running nginx which proxy requests to a backend running a web service.
I would like to serve a static file if the backend service is down.
Here is the configuration file I am using:
location ~ /api/admin {
rewrite /xxxx/(.+) /$1 break;
error_page 404 502 =200 /themes/yyyy/themes.json;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, POST';
proxy_intercept_errors on;
proxy_pass http://xxxx;
}
location = /themes/yyyy/themes.json {
rewrite /themes/yyyy/themes.json /api/admin/thematics/edito;
}
when I call :
http://url/themes/geoportail/themes.json
I receive a 502 error from nginx, instead of 200 and the static file...
2014/08/25 17:02:35 [error] 13551#0: *6719 connect() failed (111: Connection refused) while connecting to upstream, client: 160.92.103.160, server: uri, request: "GET /themes/yyyy/themes.json HTTP/1.1", upstream: "http://IP:PORT/api/admin/thematics/edito", host: "", referrer: ""
I'm posting a solution I've found, feel free to propose something more elegant.
location ~ /api/admin {
rewrite /xxxx/(.+) /$1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, POST';
proxy_intercept_errors on;
proxy_pass http://xxxx;
error_page 404 502 503 504 =200 #statictheme;
}
location #statictheme {
try_files $uri /themes/yyyy/themes.json last;
}
location = /themes/yyyy/themes.json {
rewrite /themes/yyyy/themes.json /api/admin/thematics/edito;
}

Resources