new to NGINX.
Currently running a local reverse proxy using Nginx.
Just wondering how I can change the Referer in the request header from http://localhost:8080 to say a different server_name like me.example.com
Finding it difficult to find clear documentation on this subject.
have tried setting this value using:
proxy_set_header Referer "me.example.com";
Doesn't seem to do anything.
Any help on this greatly appreciated.
server {
listen 8080;
server_name localhost;
# test APi
location /test/api {
# Edit this line only:
proxy_pass https://test.com/test/api;
proxy_set_header Host $http_host;
break;
}
location / {
proxy_pass http://localhost:4567;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Referer "me.example.com";
}
}
The proxy_set_header directive sends headers to the backend. If you want nginx to return headers to the client, then the add_header directive is what you're looking for.
http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Related
Trying to get nginx to use cookies when using proxy_pass, but all of the configurations I've tried so far don't seem to pass them. Pretty much at a loss as to what I'm doing wrong.
location / {
proxy_set_header Accept-Encoding "";
proxy_pass https://example.com/;
proxy_set_header Host example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
proxy_pass_request_headers on;
proxy_cookie_domain proxy.net example.com;
}
Is the most recent block I've tried, but still no go
I am playing around with Nginx and I successfully set up a simple (for now HTTP only) reverse proxy. As a newbie, I am wondering what would I need to modify to make this production ready. Which leads me to the following questions:
Is there a way to unify the proxy_set_header directive so that I don't need to repeat myself for every virtual host?
Am I missing any other important host header modifications than X-Forwarded-Proto, X-Url-Scheme, X-Forwarded-For and Host?
nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
gzip on;
# skip log_format/access_log
server {
listen 80;
server_name server1.company.com;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://server1; # IP or FQDN would be better here
}
}
server {
listen 80;
server_name server2.company.com;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://server2; # IP or FQDN would be better here
}
}
}
Any feedback/point to a direction would be appreciated.
If you place all of your proxy_set_header statements in the http block, they will be inherited into the server blocks and then into the location blocks. The inheritance only happens into blocks without another proxy_set_header statement. See this document for details.
Alternatively, place common statements into a separate file and pull them into any part of your configuration by using an include directive. See this document for details.
Which headers you should set is dependent on your application. But this article discusses preventing certain headers from being passed to the proxied server, e.g.
proxy_set_header Accept-Encoding "";
And this article mitigates the HTTPoxy vulnerability with:
proxy_set_header Proxy "";
I have configured nginx as reverse proxy tool. I have come across a problem which I have not been able to deal with. Following are the rules I have set in my .conf file.
server {
listen 80;
server_name rp.mydomain.com;
return 301 https://$host/myapp1/;
location / {
proxy_pass <local ip address>;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http://$host https://$host;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name rp.mydomain.com;
location / {
proxy_pass <local ip address>;
proxy_redirect http:// https://;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_ssl_session_reuse on;
}
}
My application resides on /myapp1/ . The reason why I am not writing /myapp1/ in the proxy_pass [I tried] is because the redirection is not working properly WHEN I try to login on the page. I get the error page not found.
But after this rule in listen 80 block, return 301 https://$host/myapp1/; its working like charm, but only if I go open the http page.
When I open the link, rp.mydomain.com. The redirection is working perfectly and the application works fine too. The http request is redirected to https and I can log in through my app.
But, when I go through https://rp.mydomain.com, I end up at the blank page of <local ip address>, because of the proxy_pass rule in listen 443.
My requirement is whenever the specific request of the page is generated, which is, https://rp.mydomain.com, its redirected to https://rp.mydomain.com/myapp1/ (like when it does when the user accesses the page through http://rp.mydomain.com) but the other requests, like https://rp.mydomain.com/myapp1/ or https://rp.mydomain.com/myapp1/profile [etc etc] are not affected.
Just one specific page https://rp.mydomain.com gets redirected automatically.
Is it possible to do so? Please help me in this issue.
Thank you.
Try:
server {
listen 80;
server_name rp.mydomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name rp.mydomain.com;
location = / {
rewrite ^ /myapp1/ last;
}
location / {
proxy_pass <local ip address>;
proxy_redirect http:// https://;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_ssl_session_reuse on;
}
}
The location = / block has been added to create the mapping from / to /myapp1/. To change the URL in the browser, use permanent instead of last. See this document for details.
You will need to add additional proxy_redirect statements to prevent your local ip address leaking out when the application performs a redirect. See this document for details.
It is assumed that your SSL certificates are defined in an outer block and inherited.
How to proxy all subdomain to other domain path?
For example
SUBDOMAIN.abcxyz123.com
To be proxied to
myapp.otherdomain.com/SUBDOMAIN
Making sure that all header/path and query parameters in the request is kept.
Update:
I've tried and have a working config but still not the one I need:
server {
listen 80;
server_name ~^(?<subdomain>.+)\.abcxyz123\.com$;
location / {
proxy_set_header Host "myapp.otherdomain.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# this worked:
proxy_pass http://myapp.otherdomain.com/somepath/;
# this does not work:
#proxy_pass http://myapp.otherdomain.com/$subdomain$request_uri;
}
}
Try this
server {
server_name ~^(?<subdomain>.*)\.abcxyz123\.com$;
resolver 8.8.8.8;
rewrite ^/(.*)$ /$subdomain/$1;
location / {
proxy_set_header Host "myapp.otherdomain.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass http://myapp.otherdomain.com;
}
}
This should proxy all your traffic with original query parameters(query strings, request body, request method, etc), I changed the host header to the proxied "myapp.otherdomain.com" incase the server of 'myapp.otherdomain.com' has more than one virtual hosts. If you don't want the change, use $host instead.
This answer might need another edit since your question isn't very clear. If you have further question, comment and i will edit in my answer.
I have two apps running on host1:7000 and host2:7000. I am fronting the two hosts by an nginx reverse proxy, where I want mydomain.com/admin to point to host1:7000/portal and mydomain.com/user to host2:7000/portal.
I have written the following config
listen 80;
server_name mydomain.com *.mydomain.com;
location ~ ^/admin/(.*)$ {
proxy_pass $scheme://<IP-ADDRESS>/$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
I can get to mydomain.com/admin to be redirected to host1:7000/portal but when the app redirects from host1:7000/portal on to host1:7000/login via relative path, in the browser I see mydomain.com/login. What do I need to do to get the second redirect go mydomain/admin/login?
Why do people use regexps for no reason and have all kind of problems with it?…
location /admin/ {
proxy_pass http://host1:7000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
This will automatically strip /admin/ from proxied request and prepend it in Location header (which is used in redirect).
See proxy_pass and proxy_redirect docs.