I have certain app running on port 8585. Every time I hit localhost:8585, it will redirect me to localhost:8585/ui/home/.
Now I'm trying to setup nginx proxy_pass for this, so every time I hit localhost/myapp it should redirect to localhost:8585.
This is my setup:
location /myapp/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8585/;
proxy_redirect off;
}
Now, everytime I hit localhost/myapp, the url is changed to localhost/ui/home/ and returns 404.
What is the correct setup for achieve this?
Related
I have a Docker app running on an Nginx webserver, that works fine connecting directly to the webserver. However, the webserver is behind a separate Nginx reverse proxy server (functioning as WAF, load balancer, and in some cases directs path specific requests to different servers - as in this specific case).
The internal server config, which works if I connect directly to this server, look like:
# redirect without the trailing slash because the author did not include the full path in the Docker app
location /apppath/editor {
return 302 /apppath/editor/;
}
location /apppath/editor/ {
proxy_redirect off;
proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://0.0.0.0:8501/editor/;
}
location /apppath {
alias /var/www/dockerapp;
try_files $uri $uri/ =404;
}
I could not find examples of multiple levels of reverse proxy for a websocket app, so I have tried countless variations, but the public (LB/WAF) config currently looks like:
location /apppath {
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_headers_hash_bucket_size 128;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_set_header Host $host;
proxy_http_version 1.1;
#proxy_buffering off;
#proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$scheme";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#proxy_set_header Referer $http_referer;
proxy_pass https://10.0.6.13:443;
}
From the public location, requests to /apppath/pages.html work fine, but when I attempt to hit /apppath/editor/ I see only "Please wait..." with the "Made with Streamlit" tag at the bottom.
My browser shows repeated requests for /apppath/editor/healthz and the console is full of:
WebsocketConnection WebSocket onerror
Uncaught Error: Unsupported state transition
State: PINGING_SERVER
Event: CONNECTION_TIMED_OUT
...
I have a website running at https://mywebsite.com. I also install another application (Minio) on the same server running at port 9000.
NOTE: When access Minio via myServerIP:9000, it automatically goes to myServerIP:9000/minio/. If I haven't logged in yet, then I will be redirected to myServerIP:9000/minio/login. If I go to myServerIP:9000/minio/anyRandomPath, I will also be redirected to the login page or another default page (if I have already logged in)
Now I want to access Minio via address https://mywebsite.com/files, so I setup my nginx as below
location /files/ {
proxy_pass http://127.0.0.1:9000/minio/;
proxy_set_header URI_REQUEST_ORIGIN $request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
}
This doesn't work (it shows a blank page with title "Minio login"). When I check the browser's console, it says there's an error message Uncaught SyntaxError: Unexpected token < with a link to https://mywebsite.com/minio/index_bundle_xxx.js. So I try adding another location block in my nginx.conf:
location /minio/ {
proxy_pass http://127.0.0.1:9000/minio/;
proxy_set_header URI_REQUEST_ORIGIN $request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
After that, it works as expected. But the problem is that now I can access Minio via both /minio and /files
Now how can I block direct access to Minio via https://mywebsite.com/minio?
I tried some workaround like adding below location blocks:
location =/minio/ {
return 404;
}
location =/minio/login/ {
return 404;
}
But this is clearly a bad way and also not efficient, since I can just go to mywebsite.com/minio/typeAnythingHere to be redirected to the login page.
Below is my Nginx config -
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://destination_server;
}
Is there any way for the destination_server know that the request is coming from the Nginx server?
A possible solution might proxy_set_header Nginx-Name $custom_name. And then on the destination_server, I can check the request header to see if the request is coming from a certain Nginx.
If there a better way for that? Thanks.
I have been setting up Nginx on my router, and creating subdomains (with CNAMES) to access various components within my network. It has mostly been fairly easy, until I have come to the cameras which are proving to be a problem.
They are basic IP cameras and to date I had opened each one on a different port. They have basic authentication, and once that has been entered I am presented with a live view.
Like all the other components I have set up so far (and they all work) I started by configuring one:
server {
listen 80;
server_name cam.example.co.uk;
location / {
proxy_pass http://192.168.1.101:2001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Hitting cam.example.co.uk from either LAN or WAN gives me a username and password prompt and then the live view loads.
Since there are 9 cameras, I thought it would be a good idea to use /1, /2, /3 etc. at the end to direct me to each one rather can creating subdomains.
server {
listen 80;
server_name cam.example.co.uk;
location /1/ {
proxy_pass http://192.168.1.101:2001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /2/ {
proxy_pass http://192.168.1.102:2002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
With that I got 404 not found errors, and messages in the logs such as:
"/usr/html/new/index.htm" failed (2: No such file or directory)
Some Googling later I found out that I may need to specify the URI as well in the proxy_pass line, so I changed them to look like:
proxy_pass http://192.168.1.102:2002/new/index.htm;
This then results in the username and password prompt, but when the credentials are entered, all I am left with is a blank screen. It worked fine when it was just location / so no idea why nothing is showing now.
I have a feeling that it is putting the URI in somewhere, but I have no idea where/why or what to do about it.
EDIT
Been Googling and trying various things:
location /1 {
resolver 127.0.0.1;
set $backend "http://192.168.1.101:2001/new/index.htm";
proxy_pass $backend;
proxy_buffering on;
proxy_redirect http://192.168.1.101:2001/new/index.htm http://cam.example.co.uk/1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Then going to this in the browser cams.example.co.uk/1 brings up the username and password prompt, but then displays a blank page. Looking at the Chrome developer tools I can see unexpected token errors, and it looks like it isn't loading the .js files properly.
If the proxy_pass directive is specified with a URI, then when a request is passed to the server, the part of a normalized request URI matching the location is replaced by a URI specified in the directive.
Try this:
server {
listen 80;
server_name cam.example.co.uk;
location /1/ {
proxy_pass http://192.168.1.101:2001/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://192.168.1.101:2001/ http://cam.example.co.uk/1/;
}
location /2/ {
proxy_pass http://192.168.1.102:2002/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://192.168.1.101:2002/ http://cam.example.co.uk/2/;
}
}
Source: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
I have two apps running on host1:7000 and host2:7000. I am fronting the two hosts by an nginx reverse proxy, where I want mydomain.com/admin to point to host1:7000/portal and mydomain.com/user to host2:7000/portal.
I have written the following config
listen 80;
server_name mydomain.com *.mydomain.com;
location ~ ^/admin/(.*)$ {
proxy_pass $scheme://<IP-ADDRESS>/$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
I can get to mydomain.com/admin to be redirected to host1:7000/portal but when the app redirects from host1:7000/portal on to host1:7000/login via relative path, in the browser I see mydomain.com/login. What do I need to do to get the second redirect go mydomain/admin/login?
Why do people use regexps for no reason and have all kind of problems with it?…
location /admin/ {
proxy_pass http://host1:7000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
This will automatically strip /admin/ from proxied request and prepend it in Location header (which is used in redirect).
See proxy_pass and proxy_redirect docs.