I want to use NGINX to as a proxy to get to Deluge which is inside my home network (NGINX is publically available).
This configuration works:
location 8112;
location / {
proxy_pass http://deluge_address:8112;
}
However I'd like to use an address in form of http://nginx_address/deluge to be proxied to internal http://deluge_address:8112.
I tried the following:
location /deluge/ {
proxy_pass http://deluge_address:8112/;
}
(I tried different combinations of trailing / - none work).
But I get 404 Not found instead.
I have some knowledge about networks, but not too much.
Does anybody have any idea what I'm doing wrongly?
I did find a solution for this, but found a bug also in Nginx in the same time
https://trac.nginx.org/nginx/ticket/1370#ticket
Edit-1
Seems like bug i logged was an invalid one, which even helped me understand few more things. So I edited the config a bit.
You need to use below config
location ~* /deluge/(.*) {
sub_filter_once off;
sub_filter_types text/css;
sub_filter '"base": "/"' '"base": "/deluge/"';
sub_filter '<head>' '<head>\n<base href="/deluge/">';
sub_filter 'src="/' 'src="./';
sub_filter 'href="/' 'href="./';
sub_filter 'url("/' 'url("./';
sub_filter 'url(\'/' 'url(\'./';
set $deluge_host 192.168.33.100;
set $deluge_port 32770;
proxy_pass http://$deluge_host:$deluge_port/$1;
proxy_cookie_domain $deluge_host $host;
proxy_cookie_path / /deluge/;
proxy_redirect http://$deluge_host:$deluge_port/ /deluge/;
}
The key was to insert a base url into the pages using below
sub_filter '<head>' '<head>\n<base href="/deluge/">';
And then make replacement in src and href attributes in html. And also url(' in css entries.
Luckily deluge has a JavaScript config which has the base url. So we can override the same by adding
sub_filter '"base": "/"' '"base": "/deluge/"';
I faced the same problem, luckily I found a better and official solution:
Reverse Proxy with Deluge WebUI
proxy_set_header X-Deluge-Base "/deluge/";
add_header X-Frame-Options SAMEORIGIN;
My final settings:
location /deluge {
proxy_pass http://127.0.0.1:8112/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 75;
proxy_send_timeout 3650;
proxy_read_timeout 3650;
proxy_buffers 64 512k;
client_body_buffer_size 512k;
client_max_body_size 0;
# https://dev.deluge-torrent.org/wiki/UserGuide/WebUI/ReverseProxy
proxy_set_header X-Deluge-Base "/deluge/";
add_header X-Frame-Options SAMEORIGIN;
}
Related
I'm in the unfortunate situation that I need to extend my react application with an iframe containing an external application.
My application is hosted by a nginx reverse proxy that handles /api and signalr communication.
Unfortunately it also handles the outbout iframe src url.
in this example my site is on the url https://example.com
The iframe src url is in this case "https://external-site.com/someapp/session?token=1234"
When i see the requests in the browser the url has changed to https://example.com/esternal-site.com/someapp/session?token=1234, which needless to say is not working out of the box.
I've been toying with the nginx configuration but has been unable to just pass the request through without modification.
The iframe/destination works as expected when running locally.
I've attempted with a few different configuations inspired by stackoverflow and medium etc. but they've all returned various error codes.
the server runs on port 80, but https is handled by ingress on azure.
This is what i have currently:
upstream bff_service {
server ${BFF_HOST}:${BFF_PORT};
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 75s;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header Set-Cookie "msal_client_id=${BFF_MSAL_CLIENT_ID};Path=/;Secure";
}
location /api {
proxy_read_timeout 300s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host ${BFF_HOST};
proxy_set_header X-NginX-Proxy true;
proxy_pass ${BFF_PROTOCOL}://bff_service;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
}
location ^~ /external-site.com {
add_header Content-Security-Policy "frame-src 'self' https://external-site.com";
proxy_pass https://external-site.com/$request_uri;
}
}
I've also tried adding the lines below to the location:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
I'm looking for a configuration that allows me to embed an iframe with an external location. Perhaps even avoid nginx proxying it at all?
My goal
I would like to deploy my Next.js app with nginx to subpath.
My setting is the following:
Nginx config
location /subpath/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://localhost:3030/;
}
next.config.js
module.exports = {
basePath: '/subpath'
}
Trouble
This next.config.js causes mydomain.com/subpath/ to 404.
Otherwise, mydomain.com/subpath/subpath displayed the page. ><
(all other pages also needed /subpath/subpath/xxx)
(Every link href leads to 404, so I confirmed pages by typing /subpath/subpath/ in address bar.)
Other info
The version of next.js is 10.0.4
How can I solve this?
I'm pleased to be provided with the knowledge of deploying next.js app to subpath.
Simplest way is better.
I will appreciate any advice. Thanks in advance.
According to the configurations the problem here is with the trailing slash,
location /subpath/ {
proxy_pass http://localhost:3030/;
}
change it to this,
location /subpath {
proxy_pass http://localhost:3030;
}
and the complete config will be looks like this,
location /subpath {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://localhost:3030;
}
The reason behind is By default Next.js will redirect urls with trailing slashes to their counterpart without a trailing slash. according to the docs
But you've mentioned in the Nginx config that your url should have trailing slash. then it will return 404.
So I have set up a reverse proxy to tunnel my application.
Unfortunately the application thinks it is served via http and not https and gives out URLs with port 80.
How can I handle this in the nginx reverse proxy? (by rewriting maybe)
When I go on the page:
https://my.server.com
index.php loads, everything is okay
after clicking something I have a URL like this:
https://my.server.com:80/page/stuff/?redirect_to
which throws an error within the browser because my reverse proxy doesn't serve SSL on port 80.
How can I migitate this?
My current nginx ssl vhost for the site:
... ssl stuff ...
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://localhost:22228;
proxy_buffering off;
proxy_redirect off;
proxy_read_timeout 43800;
proxy_pass_request_headers on;
proxy_set_header Connection "Keep-Alive";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
proxy_set_header X-Forwarded-Proto https;
}
(yes I know my request headers look like a christmas tree 🎄)
Also bonus points if you show where the documentation addressing this issue is and what the mechanism is called.
For rewriting response body you can use http_sub_module:
location / {
proxy_pass http://localhost:22228;
sub_filter_once off;
sub_filter_types text/css application/javascript; # in addition to text/html
sub_filter "//my.server.com:80/" "//my.server.com/";
}
Many people says (1, 2) that you need to disable compression when using sub_filter directive:
proxy_set_header Accept-Encoding "";
For me, it works fine without this line in config, but it can be a feature of OpenResty which I use instead of nginx.
If your app generates HTTP 30x redirects with explicit indication of domain:port, you can rewrite Location header value with the proxy_redirect directive:
proxy_redirect //my.server.com:80/ //my.server.com/;
I am trying to put nginx as a reverse proxy in front of an app. I seem to get most of the proxy_rewrite and sub_filter to work using the below config.
server {
listen 8001;
location / {
proxy_pass http://app1:777/;
proxy_redirect http://app1:777 http://$http_host;
proxy_redirect http://app2:777 http://$http_host;
sub_filter_types *;
sub_filter http://app1:777 $http_host;
sub_filter http://app2:777 $http_host;
sub_filter_once off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
}
}
But when I watch the browser debug screen, I see all the GET requests use the proper outside hostname (localhost:8001), but I see a few OPTION calls that are using the inside DNS name (app1:777).
What did I miss? I thought the sub_filter would catch that.
Thanks.
Has anyone run into the problem of mod-security only allowing one set-cookie through a proxy request response? We are using nginx with mod-security and seeing all but the last set-cookie be removed by nginx on the response from our application server. We are applying the mod-security in the location section
location ~* ^/(test|securitytest|$) {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
create_full_put_path on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app;
proxy_read_timeout 10;
proxy_redirect off;
}
there was a bug in modsecurity+nginx that was dropping all except one cookie for each request. It was fixed, have a look at:
https://github.com/SpiderLabs/ModSecurity/issues/154