I have a nginx instance in AWS that has upstream Application layer.
There are two requirements for nginx
- keepalive
- use resolver to dynamically resolve the upstream
I am able to make either of them work.
Here is the config for making keepalive work:
upstream "backend" {
server "appserver.example.com:443";
keepalive 250;
}
server {
resolver 10.0.0.2 valid=60s;
server_name _;
location / {
proxy_http_version 1.1;
proxy_pass https://backend;
}
}
Here is the config for DNS resolver to work:
server {
resolver 10.0.0.2 valid=60s;
server_name _;
set $backend appserver.example.com:443;
location / {
proxy_http_version 1.1;
proxy_pass https://$backend;
}
}
How can I get both DNS resolver and keepalive to work without using a third-party plugin in open source NGinx
According to this Nginx wiki page
there seems to be the jdomain Plugin
http {
resolver 8.8.8.8;
resolver_timeout 10s;
upstream backend {
jdomain www.baidu.com;
# keepalive 10;
}
server {
listen 8080;
location / {
proxy_pass http://backend;
}
}
}
Related
I am using nginx plus and need to pass the host as header variable , if no value is passed in header the default host should be used. Below my nginx.conf, Can anybody help me with the config
http {
resolver 172.10.0.10 valid=10s ipv6=off;
upstream demo {
zone demoservers 64k;
server demo-server.com:443 resolve;
}
server {
listen 443 ssl;
location / {
proxy_pass https://demo-server.com;
proxy_ssl_server_name off;
}
}
server {
listen 8080;
location /api {
api write=off;
# directives limiting access to the API
}
location = /test.html {
root /usr/share/nginx/html;
}
# Redirect requests made to the pre-NGINX Plus API dashboard
location = /test1.html {
return 301 /test.html;
}
}
}
map $host $destination {
host1.com 192.168.1.1;
host2.com 192.168.1.2;
default 192.168.1.254;
}
Then you can use it in proxy_pass
location / {
proxy_pass https://$destination;
proxy_ssl_server_name off;
}
I'm trying to set up NGINX as a reverse proxy for HTTP and SSL.
Here is a configuration in /etc/nginx/conf.d/default.conf:
upstream sample-client {
server sample-client:3006;
}
upstream sample-server {
server sample-server:3000;
}
upstream ssh {
server sample-server:22;
}
server {
listen 80;
location / {
proxy_pass http://sample-client;
}
location /api {
rewrite /api/(.*) /$1 break;
proxy_pass http://sample-server;
client_max_body_size 100M;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
error_page 405 =200 #405;
location #405 {
root /usr/share/nginx/html;
proxy_pass http://sample-client;
}
}
server {
listen 22;
proxy_pass ssh;
}
But it throws the next error:
nginx: [emerg] "proxy_pass" directive is not allowed here in /etc/nginx/conf.d/default.conf:60
What's going wrong?
proxy_pass directive should be inside location block
described in https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
To pass a request to an HTTP proxied server, the
proxy_pass directive is specified inside a
location .
this means that the second server location must include a location block
probably similar to
location / {
proxy_pass ssh;
}
Here's the setup:
fowarding_proxy -> server_1, server_2
server_1 -> app1.domain.com, app2.domain.com
server_2 -> app3.domain.com, app4.domain.com
Where each server is running a docker daemon with an nginx reverse-proxy based on the jwilder/nginx-proxy + letsencrypt setup.
Both servers sit behind the same router and I need a way to route traffic correctly to each one based on the host name. I've been trying to use the nginx stream module since I don't want the forwarding proxy to handle any ssl termination, but the $ssl_preread_name directive doesn't (seem) to capture the host name on http traffic and I can't do a 301 on server directives in the stream module. What's the best way to approach this?
I've included an example of the config I'm currently working with and I've tried multiple iterations. Open to any suggestions.
(Also, as an aside, nothing logs to access.log)
Forward_proxy nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
# bare bones content, still nothing written to the log.
log_format main '[$time_local] $remote_addr'
access_log /var/log/nginx/access.log main;
map $ssl_preread_server_name $name {
app1.domain.com server1;
app2.domain.com server1;
app3.domain.com server2;
app4.domain.com server2;
}
upstream server1 {
server server1:80;
}
upstream server2 {
server server1:80;
}
upstream server1_ssl {
server server1:443;
}
upstream server2_ssl {
server server1:443;
}
server {
listen 80;
proxy_pass $name;
ssl_preread on;
}
server {
listen 443;
proxy_pass "${name}_ssl";
ssl_preread on;
}
}
Came up with a solution, happy to hear of better ones.
Instead of a single forwarding-proxy, I created two new nginx containers: One for HTTP traffic and the other for HTTPS traffic and put them both in a single docker-compose file for easier management.
HTTP-forwarding-proxy
http {
map $host $name {
default server1;
app3.strangedreamsinc.com server2;
app4.strangedreamsinc.com server2;
}
upstream server1 {
server server1_ip:8080;
}
upstream server2 {
server server2:8080;
}
server {
listen 80 default_server;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$name;
}
}
}
HTTPS-forwarding-proxy
stream {
map $ssl_preread_server_name $name {
default server1;
app1.strangedreamsinc.com server1;
app2.strangedreamsinc.com server1;
}
upstream server1 {
server server1_ip:8443;
}
upstream server2 {
server server2_ip:8443;
}
server {
listen 443;
proxy_pass $name;
ssl_preread on;
}
}
I'm not convinced there isn't a better way and there's probably something I'm overlooking, but this allows me to transparently route traffic to the correct reverse-proxy and still supports the letsencrypt protocols to apply SSL to my servers.
I have some problem about nginx with http and https bypass, In upstream block
upstream block:
upstream bypass{
server 192.168.99.1:80; #http
server 192.168.99.2:443 backup; #https
}
When http 80 have a problem (server down, etc), I want to redirect to https 443,
This block does not work for me.
location block:
location / {
proxy_pass https://bypass;
proxy_redirect off;
}
How can I resolve this?
This works well: Create server config section for each backend on different port and forward to both ports internally without ssl.
In this example, you can see how the first server acts as main server with cached content (available via https) and if cache content is not available, use the second server (via http).
(using nginx 1.19.6, just for reference)
upstream backends {
server 127.0.0.1:8082;
server 127.0.0.1:8081 backup;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# ssl certs etc here
location / {
proxy_pass http://backends;
proxy_next_upstream error timeout http_404 http_403;
}
access_log /var/log/nginx/access.log upstreamlog;
}
server {
listen 8081;
location / {
add_header X-Cache MISS;
proxy_pass http://server1;
proxy_set_header Host server1;
}
}
server {
listen 8082;
location / {
add_header X-Cache HIT;
proxy_pass https://server2;
proxy_set_header Host server2;
}
}
Taking a shot in the dark. Assuming you were having issues mixing HTTP and HTTPS in the upstream, you could try this in the location block:
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass;
proxy_redirect off;
}
}
And if that didn't work, split the bypass upstream block into bypass1 and bypass2 and reference them accordingly in their corresponding location blocks:
upstream bypass1{
server 192.168.99.1:80; #http
}
upstream bypass2{
server 192.168.99.2:443; #https
}
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass1;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass2;
proxy_redirect off;
}
}
A third option would be reference them both on port 80, and ensure the second upstream server redirects HTTP requests to HTTPS.
I have 2 servers on my network:
one linux machine (192.168.0.2) with a website listening on port 8181 for service1.domain.com
one windows machine (192.168.0.3) with a website listening on port 8080 for service2.domain.com
I want to set up an nginx reverse proxy so that I can route requests like so:
service1.domain.com --> 192.168.0.2:8181 with host header service1.domain.com
service2.domain.com --> 192.168.0.3:8080 with host header service2.domain.com
I have tried with the following config:
### General Server Settings ###
worker_processes 1;
events {
worker_connections 1024;
}
### Reverse Proxy Listener Definition ###
http {
server {
listen 80;
server_name service1.domain.com;
location / {
proxy_pass http://192.168.0.2:8181;
proxy_set_header host service1.domain.com;
}
}
server {
listen 80;
server_name service2.domain.com;
location / {
proxy_pass http://192.168.0.3:8080;
proxy_set_header host service2.domain.com;
}
}
}
But that doesn't seem to work?
Is there anything blindingly obvious that I might be doing wrong here?
this works fine for me:
http {
server {
listen 80;
server_name service1.domain.com;
location / {
proxy_pass http://192.168.0.2:8181;
proxy_set_header host service1.domain.com
}
}
server {
listen 80;
server_name service2.domain.com;
location / {
proxy_pass http://192.168.0.3:8080;
proxy_set_header host service2.domain.com;
}
}
}
have a try?