nginx - rewrite location to root of server - nginx

I have this nginx.conf nginx configuration:
http {
...
upstream app_servers {
server admin;
}
upstream status_servers {
server status:5000;
}
# Configuration for the server
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
location / {
proxy_pass http://app_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /api {
proxy_pass http://api_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
/ is server to one server, and
/api to another api server.
The problem is with the second (the api server).
The calls are reaching /api/** while I want them to reach the root of the api server (basically remove the /api when calling the api server).
so calling
/api -> will reach / in the api server, and calling
/api/foo -> will reach /foo in the api server.
I guess I'm looking for some kind of rewrite rull for that(?)
I have tried Inside the /api location:
rewrite ^/api(.*) /$1 last;
but it didn't seem to work.
Any kind of help would be appreciated!

Solved it using rewrite ^/api(/.*)$ $1 break;
but I can't just using /api - it must be /api/ (with trailing /)
For me it's fine, interesting though if anyone knows how to have support for /api too.

I'm not sure you still need it...but I managed to avoid "/api/", by doing this:
rewrite /api(/|$)(.*) /$2 break;

Related

Nginx directs request to www.example.com but not to internal web application

I've installed several web applications on different ports on the same server. From that server when I send an http request using wget or curl the request goes through and I get the response. I've set up nginx server to not have to specify the port each time. Here's the related nginx config:
server {
listen 10.0.223.34:80;
server_name app1.domain.com;
access_log /var/log/nginx/app1.domain.com.access.log;
error_log /var/log/nginx/app1.domain.com.error.log;
location / {
proxy_pass http://10.0.223.34:8080;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
If I try app1.domain.com from outside I get 502 Bad gateway error. But if I change the proxy_pass to http:\\www.example.com, then nginx takes me to the example.com website.
Inside the nginx.conf file I've specified user nginx;. I've tried changing it to root but it didn't help either. Do you have any idea what else I need to check?
Try this:
upstream app1 {
server localhost:8080;
}
server {
listen 10.0.223.34:
server_name app1.domain.com;
access_log /var/log/nginx/app1.domain.com.access.log;
error_log /var/log/nginx/app1.domain.com.error.log;
location / {
proxy_pass http://app1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Nginx rule to redirect specific https link only

I have configured nginx as reverse proxy tool. I have come across a problem which I have not been able to deal with. Following are the rules I have set in my .conf file.
server {
listen 80;
server_name rp.mydomain.com;
return 301 https://$host/myapp1/;
location / {
proxy_pass <local ip address>;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http://$host https://$host;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name rp.mydomain.com;
location / {
proxy_pass <local ip address>;
proxy_redirect http:// https://;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_ssl_session_reuse on;
}
}
My application resides on /myapp1/ . The reason why I am not writing /myapp1/ in the proxy_pass [I tried] is because the redirection is not working properly WHEN I try to login on the page. I get the error page not found.
But after this rule in listen 80 block, return 301 https://$host/myapp1/; its working like charm, but only if I go open the http page.
When I open the link, rp.mydomain.com. The redirection is working perfectly and the application works fine too. The http request is redirected to https and I can log in through my app.
But, when I go through https://rp.mydomain.com, I end up at the blank page of <local ip address>, because of the proxy_pass rule in listen 443.
My requirement is whenever the specific request of the page is generated, which is, https://rp.mydomain.com, its redirected to https://rp.mydomain.com/myapp1/ (like when it does when the user accesses the page through http://rp.mydomain.com) but the other requests, like https://rp.mydomain.com/myapp1/ or https://rp.mydomain.com/myapp1/profile [etc etc] are not affected.
Just one specific page https://rp.mydomain.com gets redirected automatically.
Is it possible to do so? Please help me in this issue.
Thank you.
Try:
server {
listen 80;
server_name rp.mydomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name rp.mydomain.com;
location = / {
rewrite ^ /myapp1/ last;
}
location / {
proxy_pass <local ip address>;
proxy_redirect http:// https://;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_ssl_session_reuse on;
}
}
The location = / block has been added to create the mapping from / to /myapp1/. To change the URL in the browser, use permanent instead of last. See this document for details.
You will need to add additional proxy_redirect statements to prevent your local ip address leaking out when the application performs a redirect. See this document for details.
It is assumed that your SSL certificates are defined in an outer block and inherited.

Getting a nginx reverse proxy to work with plex

Since a recent update of plex, my reverxe proxy for plex stopped working. I tried searching all around, but I didn't find much info. Listed below is the config file, does anyone have plex and know what goes wrong? I simply get served with a 404 not found page
server {
listen 80;
if ($http_referer ~* /plex/) {
rewrite ^/web/(.*) /plex/$1? redirect;
}
root /var/www;
location /plex/ {
proxy_pass http://127.0.0.1:32400/web/;
}
location /plexapi/ {
proxy_pass http://127.0.0.1:32400/;
}
}
Here is mine which works perfectly:
server {
listen 443;
server_name plex.mydoamin.com ;
satisfy any;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
location = / {
rewrite ^ /web/;
proxy_redirect http:// $scheme://;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://192.168.1.14:32400/;
proxy_redirect http:// $scheme://;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
index index.html index.htm;
}
}
Some things to check:
Run `sudo netstat -nlp | grep ':32400' to make sure there is still something running on the expected port.
From withing the machine running Nginx and Plex, try connecting directly to the URL. Both of these should work: `curl http://127.0.0.1:32400/ and curl http://127.0.0.1:32400/web/ ;
If any of these tests fail, the problem with Plex and not Nginx. In which case, you post your Plex configurations.
It's also a good idea to check the Changelog for Plex. Are there mentions in the Changelog if changes that might be problematic for you since the last time you updated Plex?

Avoid duplication in password protect URL with proxy in nginx

I have a Flask application served using gunicorn, and with NGINX on top of it. I want to use Basic Authentication (user/password) to protect all URL's starting with /admin, which is the back office, but still continue serving all other URLs with gunicorn without password.
Here is my current NGINX config:
server {
listen 80;
server_name example.com;
charset utf-8;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /admin {
auth_basic "Administrator Login";
auth_basic_user_file /home/app/.htpasswd;
# the following four directives are duplicated :(
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
If I don't duplicate the proxy_* directives in the second location block, then the URLs starting with /admin doesn't get forwarded to gunicorn and I get a 404.
Is there any way to avoid the configuration duplication? I tried location nesting but apparently in the end NGINX only "executes" a single location block.
The proxy_pass must be within the location block. However, there's no need to duplicate the proxy_set_header directives, they can be moved into the server block. So your mistake was simply the assumption that proxy_pass could live in the server block :-)

Nginx proxy pass configuration docker

Here's the problem:
The host machine has multiple docker apps running on different ports for eg. App1 # 3001, App2 # 3002...3100 etc
Now I would like to access the apps in this format http://hostname.com/app1, http://hostname.com/app2..
To do this i'm running nginx on the host to proxy requests to the right port based on the sub-uri
location = /app1 {
proxy_redirect http://hostname:3001/;
include /etc/nginx/proxy_params;
}
location ^~ /app1 {
proxy_redirect http://hostname:3001/app1;
include /etc/nginx/proxy_params;
}
But this does not work when the site's sub uri changes or if the site redirects.
For example:
If I visit the site at hostname:3001 -> I can see the site
If I visit the site at http://hostname.com/app1 -> I can see the site
If the site page is at hostname:3001/static/index.html then when i access it as http://hostname.com/app1 the page changes to http://hostname.com/static/index.html -> I get 404.
Is there a way to do this? Or is the only way to do it is to set the dns as app1.hostname.com and do a name based routing?
Inside your server {} block you want:
location /app1 {
rewrite ^/app1(.*) /$1 break;
proxy_pass http://hostname:3001/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /app2 {
rewrite ^/app2(.*) /$1 break;
proxy_pass http://hostname:3002/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
The rewrite rule here will pass the correct uris to the ports
You can make every app listens on a separate port (e.g. 3000 and 3001) then configure your nginx as follows (include it inside the server {} definition block):
location /app1 {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
}
location /app2 {
proxy_pass http://localhost:3001;
proxy_set_header X-Real-IP $remote_addr;
}

Resources