nginx reverse proxy - only allow access with "secret token" - nginx

I have set up a reverse proxy with the following code in nginx:
server {
listen 80;
server_name domain.com;
server_name www.domain.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://ip-of-server:80;
}
}
Is it possible to let users only access my main server via domain.com/?some-secret-token and not let them access it if they are going to domain.com directly? In best case, the secret-token would also disappear from URL after they open it. I know it would be possible within my homepage script - but can I also configure my nginx in such a way without changing script files?

Don't think this is possible with pure nginx. You can, however, set up basic authentication on your url with something like this after you've properly configured a .htpasswd file:
location / {
auth_basic "Private";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Full details of how to set this up are available here.

Related

how to use Nginx proxy_pass to a Flask APP

I one websites, ie. example.com. Its nginx config file is like,
server{
...
location /foo{
proxy_pass http://ip_address/;
proxy_set_header Host ip_address;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
}
For the above ip_address, I had following nginx config file of flask app,
server {
listen 80;
server_name ip_address;
location = / {
include uwsgi_params;
uwsgi_pass unix:/pathtomysocket/x.sock;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/pathtomysocket/x.sock;
}
}
What I would like to achieve here is that, when client visits example.com/foo, it should response from the flask app, however, there is one issue that, the urls generated from the flask app don't have foo as prefix, so when click other link like /abc, it will redirect to example.com/abc rather than example.com/foo/abc. How can I acheive this result? I searched a lot but no luck, I guess it maybe relate to server name etc.. please help. thanks!
Perhaps you need to look into your routing configuration at your FlaskApp.
Look into Blueprints
This is another example of blueprint usage to prefix routes

How to redirect all incoming http request to a specific url in nginx config file?

I know , I know. This question is asked too many times and I've researched it alot as well. But every solution on internet lead me to dead end.
I want to redirect all the incoming http-request to a specific url/domain.
For example if someone type - www.test.com or simply test.com in browser's url-bar, it should redirect the user to http://test.com/home .
This is what I've been trying to achieve from last 3 days, not sure what I'm doing wrong. This is my server-block.
server {
listen 80;
server_name test.com;
port_in_redirect off;
# server_name_in_redirect off;
client_max_body_size 20M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://localhost:8000/ ;
proxy_read_timeout 90;
return 301 http://test.com/home;
}
}
This above configuration is giving me error - too many redirection on browser when I'm trying to access the website.Also removing return statement giving me page not found error and not changing/redirecting the url to http.test.com/home.
PS - I'm running another different website as well on this same server on port 443(https) & that is working absolutely well. I'm running a Spring-boot application.
A help is highly appreciated.
You write too many codes related to redirection, that's why showing this error.
Change your server block like below.
server {
listen 80;
server_name test.com www.test.com;
client_max_body_size 20M;
#return 301 http://test.com/home$request_uri;
}
location ~ ^/(?!home) {
return 301 http://test.com/home$request_uri;
}
location /home {
root /var/www/test.com/html/;
index index.html index.htm;
}

Nginx Reverse proxy config

I'm having issues with getting a simple config to work with nginx. I have a server that host docker containers so nginx is in a container. So lets call the url foo.com. I would like for the url foo.com/service1 to actually just go to foo.com on another port, so it would actually be pulling foo.com:4321 and foo.com/service2 to be pulling foo.com:5432 and so on. Here is the config I have been having issues with.
http {
server {
listen 0.0.0.0:80;
location /service1/ {
proxy_pass http://192.168.0.2:4321/;
}
location /service2/ {
proxy_pass http://192.168.0.2:5432/;
}
}
}
So the services and nginx live at 192.168.0.2. What is the prefered way to be able to do this? Thank you in advance!
As A side note, this is running in a docker container. Thanks!
I think you should check whether your foo.com is pointing to the right ip address or not first by removing the reverse proxy config. E.g.
http {
server {
listen 80;
server_name foo.com;
location / {
}
}
}
Then, if your ip address already has a service running on port 80 you should specify the server_name for each service like in my example. Nginx can only distinguish which service to respond to which domain by server_name.
*My guess is that you forgot the server_name option.
http {
server {
listen 80;
server_name foo.com;
location /service1/ {
proxy_pass http://192.168.0.2:4321/;
}
location /service2/ {
proxy_pass http://192.168.0.2:5432/;
}
}
}
I have a guess your problem is not related to Nginx per se, but instead it is related to Docker networking. You provided insufficient information to make a detailed conclusion, but here it is a couple of suggestions:
run a simple Docker container at the same host where nginx container is running and try curl from inside that container (I've seen your answer that you are able to call curl from the server running Nginx, but it's not really the same)
for example, if the server running nginx container is OSX or Windows, it may use an intermediate Linux virtual machine with its own network stack, IP addreses, routing, etc.
This is my conf sending to inner glassfish. Check out the use of proxy_redirect off & proxy_set_header X-NginX-Proxy true;
#Glassfish
location /MyService/ {
index index.html;
add_header Access-Control-Allow-Origin $http_origin;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:18000/MyService/;
}

Nginx: How to forward requests to a port using proxy_pass

I'm just getting started with Nginx and am trying to set up a server block to forward all requests on the subdomain api.mydomain.com to port 8080.
Here's what I've got:
UPDATED:
server {
server_name api.mydomain.com;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
}
}
server {
server_name www.mydomain.com;
return 301 $scheme://mydomain.com$request_uri;
}
server {
server_name mydomain.com;
root /var/www/mydomain.com;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
The server block exists in /etc/nginx/sites-available and I have created a symlink in /etc/nginx/sites-enabled.
What I expect:
I'm running deployd on port 8080. When I go to api.mydomain.com/users I expect to get a JSON response from the deployd API, but I get no response instead.
Also, my 301 redirect for www.mydomain.com is not working. That block was code I copied from Nginx Pitfalls.
What I've tried:
Confirmed that mydomain.com:8080/users and $ curl
http://127.0.0.1:8080/users return the expected response.
Restarted the nginx service after making changes to the server block.
Tried removing the proxy_set_header lines.
Any idea what I'm missing here?
You shouldn't need to explicitly capture the URL for your use case. The following should work for your location block:
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
}
As it turns out, my problem was not with Nginx configuration but rather with my DNS settings. I had to create an A NAME record for each of my sub-domains (www and api). Rookie mistake.
A colleague of mine actually helped me troubleshoot the issue. We discovered the problem when using telnet from my local machine to connect to the server via IP address and saw that Nginx was, in fact, doing what I intended.

How to configure nginx rules so that if one failed it serve the request using another

Note, this question is moved to stackoverflow from superuser
I got the following nginx conf:
server {
listen 80;
listen 443 ssl;
...
# specific rule to serve versioned js resources
location ~ ^/js/([0-9\.]+)/(.*)$ {
alias /opt/x/public/deploy/js/$1/$2;
}
location / {
add_header P3P 'CP="CAO PSA OUR"';
proxy_pass http://127.0.0.1:8088;
set $ssl off;
if ($scheme = https) {
set $ssl on;
}
proxy_set_header X-Forwarded-Ssl $ssl;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
It works as expected. However if a certain versioned js resource does not exists in the deployed dir, say /opt/x/public/deployed/js/1.1/, it will return 404. What I want is in that case nginx shall pass the request to the backend service running at 8088 port instead of returning 404. Is this even doable?
Thanks!
Green
http://wiki.nginx.org/HttpCoreModule#try_files
try_files is your friend, here you can do the order you want to try files and finaly have the proxypass upstream.

Resources