I have 1 frontend Nginx server and 2 backend nginx servers.
Frontend server does proxy pass to the backend server. Previously there was only 1 backend server so all my queries were going to the single backend server, but as the traffic increased, I have added 1 more backend server just for search queries.
But I can not make only search queries to go to the 2nd backend server.
my current configuration is like this.
server {
listen 80;
server_name example.com;
location /search/ {
proxy_pass https://search.example.com/;
proxy_set_header Host search.example.com;
#set custom headers for upstream server
proxy_set_header Accept-Encoding "";
proxy_set_header CF-Connecting-IP "";
proxy_ssl_verify off;
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass https://box1.example.com/;
proxy_set_header Host box1.example.com;
#set custom headers for upstream server
proxy_set_header Accept-Encoding "";
proxy_set_header CF-Connecting-IP "";
proxy_ssl_verify off;
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
What I want to do is.
If URL is
https://example.com/search/test/1/8/0
then reverse proxy to search.example.com
else reverse proxy all other requests to box1.example.com
my current configuration gives 404 not found errors for search queries.
How can I fix it?
Related
I am trying to route requests such that those requiring websockets will route to a long-lived nginx process, and all others will go to the general reverse-proxy which handles all other traffic. These nginx processes exist in our AWS cloud behind an ELB that has been configured to use Proxy Protocol. Note that all of this works correctly with our current setup which uses only one nginx process that is configured to use proxy_protocol.
The change to this setup is as follows:
The first nginx server handling all ingress uses proxy_protocol and forwards requests to either the websocket or non-websocket nginx servers locally:
server {
listen 8080 proxy_protocol;
real_ip_header proxy_protocol;
charset utf-8;
client_max_body_size 20M;
#send to websocket process
location /client {
proxy_pass http://localhost:8084;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Proxy-Scheme $scheme;
proxy_set_header X-Proxy-Port $proxy_port;
proxy_set_header X-ELB-Proxy-Scheme "https";
proxy_set_header X-ELB-Proxy-Port "443";
# Always support web socket connection upgrades
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#send to non-websocket process
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Proxy-Scheme $scheme;
proxy_set_header X-Proxy-Port $proxy_port;
proxy_set_header X-ELB-Proxy-Scheme "https";
proxy_set_header X-ELB-Proxy-Port "443";
# Always support web socket connection upgrades
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
When any non-websocket request is sent to localhost:8082, I get an empty reply. If I remove proxy_protocol from the first server, I get a response as expected. Obviously, I need proxy_protocol to support the ingress from our ELB, so removing it is not an option. However, I would like to know what pieces I am missing to route traffic correctly -- and I would also like to know why proxying a request locally from a proxy_protocol enabled server to another nginx process (regardless of this second process using proxy_protocol or not) fails.
For reference, the basic configuration of this secondary nginx process is below:
upstream console {
server localhost:3000 max_fails=3 fail_timeout=60 weight=1;
}
server {
listen 8082;
client_max_body_size 20M;
location /console {
proxy_pass http://console
}
.
.
.
}
Turns out the non-websocket proxy block should not set the various proxy and upgrade headers:
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
}
I am playing around with Nginx and I successfully set up a simple (for now HTTP only) reverse proxy. As a newbie, I am wondering what would I need to modify to make this production ready. Which leads me to the following questions:
Is there a way to unify the proxy_set_header directive so that I don't need to repeat myself for every virtual host?
Am I missing any other important host header modifications than X-Forwarded-Proto, X-Url-Scheme, X-Forwarded-For and Host?
nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
gzip on;
# skip log_format/access_log
server {
listen 80;
server_name server1.company.com;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://server1; # IP or FQDN would be better here
}
}
server {
listen 80;
server_name server2.company.com;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://server2; # IP or FQDN would be better here
}
}
}
Any feedback/point to a direction would be appreciated.
If you place all of your proxy_set_header statements in the http block, they will be inherited into the server blocks and then into the location blocks. The inheritance only happens into blocks without another proxy_set_header statement. See this document for details.
Alternatively, place common statements into a separate file and pull them into any part of your configuration by using an include directive. See this document for details.
Which headers you should set is dependent on your application. But this article discusses preventing certain headers from being passed to the proxied server, e.g.
proxy_set_header Accept-Encoding "";
And this article mitigates the HTTPoxy vulnerability with:
proxy_set_header Proxy "";
I have a simple HTTP server written in Go.
In development It works fine but for production, where this server has to handle 100 requests at a time I need a proper web server like nginx.
How can I put it behind nginx?
I'm guessing you need a simple reverse proxy config.
Lets say your go http server is listening on http://example.com:8080 :
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://example.com:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
I have my backend servers fronted with nginx. When a user sends a request to my backend, it hits the NginX and then it is routed to the backend server. There, I publish some stats and one of them is the client IP. In my setup, its the Nginx IP which gets published as the client IP. Is there a way and a config to set the real IP of the client?
Following is my config.
server {
listen 8280;
server_name my.server.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass http://myserver_http/;
}
access_log /mnt/var/log/nginx/myserver/access.log;
error_log /mnt/var/log/nginx/myserver/error.log;
}
in order to forward the real client IP use inside your location block:
proxy_set_header X-Real-IP $remote_addr;
I need to resolve some Cross Domain Policy issues for our team's project setup (Converse.js,
XMPP, BOSH, ...) by setting up a nginx reverse proxy configuration.
I want to archieve exactly these bindings:
nginx to local gunicorn HTTP server
http://my.nginx.server.com/ should proxy http://localhost:8000/
nginx to remote HTTP-server for BOSH
http://my.nginx.server.com/http-bind should proxy http://some.very.remote.server:5280/http-bind
Currently, only the first binding works. The second one doesn't. nginx delivers every request to the local gunicorn HTTP server and not to the remote server.
This is my nginx.conf:
...
server {
listen 80;
server_name localhost;
# Reverse proxy for remote HTTP server
location ~ ^/http-bind/ {
proxy_pass http://some.very.remote.server:5280;
}
# Reverse proxy for local gunicorn HTTP server
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://$server_name http://$server_name:8000;
}
...
}
I have found this working configuration:
location /http-bind {
proxy_pass http://sapbot.mo.sap.corp:5280/http-bind;
proxy_set_header Host $host;
proxy_buffering off;
tcp_nodelay on;
}
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://$server_name http://$server_name:8000;
}