I have done an IP address change due to an update and for some reason my proxy_pass is still retaining the old IP is there a way to clear it?
Code:
location /page/ {
include cloudflare;
add_header Access-Control-Allow-Origin subdomain.domain.com;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://subdomain.domain.com/;
You can run service nginx reload to reload the nginx configuration if you're using systemd. If you didn't just make an update to the config file its probably DNS retaining that old IP.
Related
Inside of my nginx config file, I have several endpoints that use proxy pass to another server which hosts static files. My current settings within the individual site config file is as follow:
location /some_location {
proxy_pass http://some.website.url/version/;
proxy_http_version 1.1;
proxy_set_header "Connection" "";
}
I have the following as proxy parameters
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
What happens is if a request times out for some reason, all future attempts to reach those files results in a 504 Gateway Timeout. Even if the individual files can now be accessed because the issues on the destination server is resolved, I need to restart/reload nginx on the originating server for the requests to work properly.
Is there a way to recycle or reset the connections so that it will be smart and retry the connection after a timeout?
Thanks!
The issue was that the website url's ip address was changing and the way that I was doing it was only resolving the dns on initial startup.
Here is what we did to fix it per this post:
location ~ ^/some_location(/?)(.*)$ {
resolver "aws_vpc_dns_resolver_ip" valid=10s;
set $backend "some.website.url";
proxy_pass http://$backend/version/$2;
proxy_http_version 1.1;
proxy_set_header "Connection" "";
}
I am setting up a reverse proxy on Nginx, and the client request has a header X-OUTBOUND-URI, which will then hit my reverse proxy on a particular port.
I am trying to do a proxy_pass on the variable $http_x_outbound_uri, but there is a resolver error.
server {
listen 8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass $http_x_outbound_uri;
}
}
This is the curl command that is used: curl localhost:8082 -H "X-OUTBOUND-URI: http://localhost:9001", and I have a webserver running on port 9001.
Am I doing this wrongly? Also, for this use case, is it more suitable to do a redirect instead. Thanks.
For those who have encountered the same issue, I managed to resolve this issue by changing localhost to 127.0.0.1, otherwise, we have to set a resolver. I found the explanation in another post.
I have a SAP Fiori installation behind an Nginx reverse proxy, no matter what I do with proxy_pass %2F in URL always gets decoded to /, I've tried a pletora of different configurations but the result is always the same.
location / {
# tried all of the following...
proxy_pass https://x.x.x.x:xxxx;
proxy_pass https://x.x.x.x:xxxx/;
proxy_pass https://x.x.x.x:xxxx$uri;
proxy_pass https://x.x.x.x:xxxx$request_uri;
proxy_pass https://x.x.x.x:xxxx/$uri;
proxy_pass https://x.x.x.x:xxxx/$request_uri;
# additional config below, not much, the vhost configuration is pretty straight forward
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
Any idea?
EDIT: Worth to mention I guess, Nginx version is 1.18.0 running on Debian 11.
We are nginx newbies and trying to replace httpd with it.
We have the following nginx configuration:
location /auth {
proxy_pass http://keycloak_server$request_uri;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
This works in providing access to the administrator portal. However we use also keycloak for authentication for our applications, and the problem is that keycloak responds with a 302 redirect however nginx treats it as a 502 bad gateway error.
The apache httpd works without any problems.
What are we doing wrong ? Any pointers or specific configuration guidance would be appreciated.
The issue was resolved. It was because the upstream was sending too big a header. Modifying the buffer size for proxy worked.
I am a beginner at nginx. I have a simple webserver on 8080 that I want to pass all traffic to in this rather small environment. My proxy seems to work except that a custom header is not there when it gets to my upstream server. The server block is below. What would I need to add to this to keep my custom header? In this case the custom header was set in angularjs but I don't think that has anything to do with it as it works fine going directly to 8080 on the server. ($httpProvider.defaults.headers.common['GH_client'] = client_id();)
server {
server_name localhost;
location / {
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_pass_header X-CSRF-TOKEN;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
}}
Thanks for any help.
Your header contains underscore (_). By default, nginx treats headers with an underscore as invalid and drops them.
You should enable underscores_in_headers directive.
Otherwise, consider changing the header name to one without underscores. GH-client will be perfectly valid and proxied to your backend server.