We have a situation where we need to serve the login page from server_A (NGINX), get the user authenticated from here and once authenticated route the request ta a page which resides in a different server i.e. Server_B. All subsequent requests will come to Server_A and it will first check the user and session validity and then route to Server_B. This way the session and security is maintained by server A and rest of the work is done by server B.
My question here is that can we acheive this from NGINX server ?
My question here is that can we acheive this from NGINX server ?
Yes, certainly.
How do you do that?
Taking for an example a modified Tomcat behind NGINX application config I have handy:
server {
listen 80;
server_name www.example.com;
location /{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://servera.example.com:8080/app;
client_max_body_size 10M;
}
location /login{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://serverb.example.com:8080/login;
client_max_body_size 10M;
}
}
This will both proxy requests to the TomCat server, and serve them like any HTTP server.
Same can be said for any application you may want to proxy to, just modify the proxy_pass line of the above config accordingly!
Related
I use nginx for reverse proxy with domain name. I've some application publish on IIS and i want to proxy different location name for each application.
For example;
Domain name on nginx :
example.com.tr
application end points for app:
1.1.1.1:10
1.1.1.2:10
upstream for app in nginx.conf:
upstream app_1 {
least_conn;
server 1.1.1.1:10;
server 1.1.1.2:10;
}
server {
listen 443 ssl;
server_name example.com.tr;
proxy_set_header X-Forwarded-Port 443;
ssl_certificate /etc/cert.crt;
ssl_certificate_key /etc/cert.key;
location /app_1/ {
proxy_pass http://app_1/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-REAL-SCHEME $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /etc/nginx/log/access.log;
error_log /etc/nginx/log/error.log;
}
}
When I try to access example.com.tr/app_1/ , I can access application but not all data.
I inspected this site and so many requests of application were failed.
All requests sended to example.com.tr/uri instead of example.com.tr/app_1/uri. How can I fix this ?
thanks,
You need a transparent path proxy setup. Means NGINX should use the requested URI without removing the matched location from it.
proxy_pass http://app_1;
Remove the tailing slash to tell NGINX not to do so. Using an upstream definition is great but make sure you apply keepalive.
I have a godaddy A record pointing to my Digital Ocean IP address.
Here's the nginx configuration.
server {
listen 80 default_server;
server_name domain.com www.domain.com;
location / {
proxy_pass 'http://127.0.0.1:3004';
}
}
When I type in the domain.com it goes to the server, but the address bar shows the IP address.
How can it show the domain name?
It's most probably a redirection from proxy_pass. I'm not sure what you are running at backend but you could try to pass hostname.
proxy_set_header Host $host;
Add this line after proxy_pass to tell backend which domain is in the request headers.
The redirection to the IP address is most likely done by your backend in the proxy_pass.
You could try to add some header to help the backend understand the context of the request.
I would recommend as a starter the following configuration :
server {
listen 80 default_server;
server_name domain.com www.domain.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
location / {
proxy_pass 'http://127.0.0.1:3004';
}
}
If using Node.JS, you might need the following line as well :
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
Please also check the configuration of your backend. You may need to setup the access URL, context path, etc.
I have two servers running on a DigitalOcean droplet. One is a Django/Wagtail application served with Gunicorn (used as a headless CMS), and the other is a SSR Nuxt.js app (front-end). Using the following nginx configuration I’ve made the Nuxt app available at example.com (works great), and now I’m trying to make my Django/Wagtail application available at the subdomain cms.example.com. (I’ve modified my local hosts file so the domain example.com actually functions)
/etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
listen [::]:80;
server_name cms.example.com;
location / {
include proxy_params;
proxy_pass http://unix:/home/thomas/daweb/cms/cms.sock;
}
}
/etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Result from curl --unix-socket /home/thomas/daweb/cms/cms.sock cms.example.com is html of the default Wagtail landing page, no errors.
However navigating to cms.example.com just gives me a connection error. If I swap the two, I can see the Wagtail interface at example.com, so I know they’re both working. However, I can’t seem to figure out how to configure a subdomain and I struggle to understand the nginx documentation. Also similar questions about configuring subdomains are usually about making static files available, not listening to active ports.
One extra layer of trouble is that the Wagtail CMS is accessible at /admin of its server root, so I’d like to make that page appear at cms.example.com rather than having to navigate to cms.example.com/admin. Any help would be greatly appreciated!
Check what is contained in /etc/nginx/proxy_params. I would expect something like this:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Also, to be sure Gunicorn is working correctly, try:
curl --unix-socket /home/thomas/daweb/cms/cms.sock cms.example.com
I have a simple HTTP server written in Go.
In development It works fine but for production, where this server has to handle 100 requests at a time I need a proper web server like nginx.
How can I put it behind nginx?
I'm guessing you need a simple reverse proxy config.
Lets say your go http server is listening on http://example.com:8080 :
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://example.com:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
I have my backend servers fronted with nginx. When a user sends a request to my backend, it hits the NginX and then it is routed to the backend server. There, I publish some stats and one of them is the client IP. In my setup, its the Nginx IP which gets published as the client IP. Is there a way and a config to set the real IP of the client?
Following is my config.
server {
listen 8280;
server_name my.server.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass http://myserver_http/;
}
access_log /mnt/var/log/nginx/myserver/access.log;
error_log /mnt/var/log/nginx/myserver/error.log;
}
in order to forward the real client IP use inside your location block:
proxy_set_header X-Real-IP $remote_addr;