Why is nginx is nginx placing the upstream name in the redirected URL?
This is my nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
upstream servs {
server facebook.com;
}
server {
listen 80;
location / {
proxy_pass http://servs;
}
}
}
When I access the port 80, I get:
This site can’t be reached
servs.facebook.com’s server DNS address could not be found.
Why is it placing "servs." before facebook.com?
You are not setting the Host header in the upstream request, so nginx constructs a value from the proxy_pass directive. As you are using an upstream block, this value is the name of the upstream block, rather than the name of the server you are trying to access.
If you are using an upstream block, it may be advisable to set the Host header explicitly:
proxy_set_header Host example.com;
See this document for more.
Related
I have an nginx config that looks similar to this (simplified):
http {
server {
listen 80 default_server;
location /api {
proxy_pass https://my-bff.azurewebsites.net;
proxy_ssl_server_name on;
}
}
}
Essentially, I have a reverse proxy to an API endpoint that uses https.
Now, I would like to convert this to an upstream group to gain access to keepalive and other features. So I tried this:
http {
upstream bff-app {
server my-bff.azurewebsites.net:443;
}
server {
listen 80 default_server;
location /api {
proxy_pass https:/bff-app;
proxy_ssl_server_name on;
}
}
}
Yet it doesn't work. Clearly I'm missing something.
In summary, how do I correctly do this "conversion" i.e. from url to defined upstream?
I have tried switching between http instead of https in the proxy_pass directive, but that didn't work either.
I was honestly expecting this to be a simple replacement. One upstream for another, but I'm doing something wrong it seems.
Richard Smith pointed me in the right direction.
Essentially, the issue was that the host header was being set to "bff-app" instead of "my-bff.azurewebsites.net" and this caused the remote server to close the connection.
Fixed by specifying header manually like below:
http {
upstream bff-app {
server my-bff.azurewebsites.net:443;
}
server {
listen 80 default_server;
location /api {
proxy_pass https:/bff-app;
proxy_ssl_server_name on;
# Manually set Host header to "my-bff.azurewebsites.net",
# otherwise it will default to "bff-app".
proxy_set_header Host my-bff.azurewebsites.net;
}
}
}
The below nginx config is working fine if I hardcode my herokuapp(backend API) in proxy_pass section:
http {
server {
listen 8080;
location / {
proxy_pass http://my-app.herokuapp.com;
}
}
}
events { }
However if I try to add this in the upstream directive, its going to 404 page. I want to add this in upstream directive because I have other herokuapps as well where I want to load balance my requests.
This is the config which is not working:
http {
upstream backend {
server my-app.herokuapp.com;
}
server {
listen 8080;
location / {
proxy_pass http://backend;
}
}
}
events { }
These are all the things I tried after checking other SO answers:
add Host header while proxy passing. proxy_set_header Host $host;
add an extra slash at the end of backend.
In upstream directive, add server my-app.herokuapp.com:80 instead of just server my-app.herokuapp.com
In upstream directive, add server my-app.herokuapp.com:443 instead of just server my-app.herokuapp.com. This gives timeout probably because heroku doesn't allow 443(or maybe I didn't configure it).
Found the Issue: I was adding the wrong host. For heroku, for some reason you need to add host header with value as exactly what your app name is.
If your herokuapp name is my-app.herokuapp.com, then you need to add this line for sure:
proxy_set_header Host my-app.herokuapp.com;
Full working config below:
http {
upstream backend {
server my-app.herokuapp.com;
}
server {
listen 8080;
location / {
proxy_pass http://backend;
proxy_set_header Host my-app.herokuapp.com;
}
}
}
events { }
I would like to handle 2 servernames, say "web1.example.com" and "web2.example.com" on the same port (443) in the same nginx config where the first should be a local http server, and the second needs to be forwarded to an external upstream without terminating the SSL connection.
How do I configure this?
Details:
I can use nginx to look at the first SSL message (CLientHello) and use it to proxy/forward the entire connection without terminating SSL. This can even look at the SNI and choose a different upstream based on the servername in it. This uses the ngx_stream_ssl_preread_module with proxy_pass and ssl_preread on. The config is something like this:
stream {
upstream web1 {
server 10.0.0.1:443;
}
upstream web2 {
server 10.0.0.2:443;
}
map $ssl_preread_server_name $upstream {
web1.example.com web1;
web1-alias.example.com web1;
web2.example.com web2;
}
server {
listen 443;
resolver 1.1.1.1;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass $upstream;
ssl_preread on;
}
}
This is configured in the stream config section of nginx.
But I can also configure a local http server in the http config section of nginx.
So what if I want web1 ("web1.example.com" in the example) to use such a "local nginx http server", and not an external "upstream server"? ("web2" should still be forwarded as before.) So I want to configure "web1.example.com" in the http config section of nginx, and "forward" to it in the stream config section of nginx.
To be clear, I want "web1.example.com" to be configured like this:
http {
server {
listen 443 ssl;
server_name web1.example.com web1-alias.example.com;
ssl_certificate ...
location ...
...
}
}
This all works find if I do either stream or http listening on the same port. But how do I do both on the same port?
How can I "call" the http config section from the streams config section? Can proxy_pass refer to a local nginx http server somehow?
I don't think you can use both on the same port, but maybe something like this would work?
stream {
upstream web1 {
server 127.0.0.1:8443;
}
upstream web2 {
server 10.0.0.2:443;
}
map $ssl_preread_server_name $upstream {
web1.example.com web1;
web1-alias.example.com web1;
web2.example.com web2;
}
server {
listen 443;
resolver 1.1.1.1;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass $upstream;
ssl_preread on;
}
}
http {
server {
listen 8443 ssl;
server_name web1.example.com web1-alias.example.com;
ssl_certificate ...
location ...
...
}
}
I want to configure nginx to be a reverse proxy using upstream directive (and add there keepalive for example).
upstream my_backend {
server 127.0.0.1:3579;
}
server {
listen 80;
location / {
proxy_pass http://my_backend;
}
}
But the problem is that it returns Bad Request (Invalid host). And there is nothing in nginx error log to help me solve it.
Everything else being the same this configuration without upstream directive works as expected:
server {
listen 80;
location / {
proxy_pass http://127.0.0.1:3579;
}
}
Aren't those two equivalent? And what do I have to do to make it work with upstream?
I have 2 nodes files and user anther server blancer of them.
My config:
worker_processes 40;
events {
worker_connections 2000;
}
http {
upstream backend {
server 192.168.1.44:80;
}
server {
listen *:80;
server_name 5.9.XX.XX ;
location / {
proxy_pass http://backend;
}
}
}
My problem is when I try to work it not get any data but when I try to use:
proxy_pass http://192.168.1.44:80;
it's working good.
I am confused. Where is the problem?
it's fixed when i try use port 8080 with upstream working but i have problem some urls 404 redirect with port 8080 not 80