I'm configuring an application that will authenticate a user, and then set the X-Accel-Redirect header and a private api key, Foo (for testing purposes), that will be passed on to the proxied endpoint.
I'm setting the private api key as a header in the authenticating application, and have the following location block in my nginx configuration file. How do I set the header to the proxied application based on what the upsteam server sets? I've also tried using $http_foo and $sent_http_foo. Currently, the Foo response header is never set for the proxy.
location ~* ^/redirect {
internal;
resolver 8.8.8.8;
proxy_ssl_server_name on;
add_header Foo $upstream_http_foo;
set $my_host "requestb.in";
set $my_uri "a_test_uri";
proxy_pass http://$my_host/$my_uri;
}
The directive to use is proxy_set_header, so in your case:
proxy_set_header Foo $http_api_key; # assuming a "API-Key" header incoming
As a general rule, any settings you intend to apply to your communication with an upstream will be prefixed with proxy_
Related
I'm using nginx for web service proxy. I have rest service as below and i want to proxy my domain
https://www.example.com/myRestservice. Service has some method like this;
http://1.1.1.1:123/api/work/method1
http://1.1.1.1:123/api/work/method2
*By the way services publish on two server as below in nginx.conf
As result i want to access to methods of service like "https://www.example.com/Restservice/api/work/method1"..
When i try to use rewrite in nginx as below, i can access service.
But in this time Post method's request body is emty. I can see service logs.
In my nginx.config
upstream RestService {
server 1.1.1.1:123;
server 1.1.1.2:123;
}
server {
listen 443 ssl;
server name https://www.example.com;
location ~ ^/Restservice/ {
add_header Access-Control-Allow-Origin *;
rewrite ^/Restservice/(.*) /$1 break;
proxy_pass http://Restservice/;
proxy_http_version 1.1;
}
}
Bye the way i try to location part like this, result is same.
location /Restservice {
proxy_pass http://Restservice/;
}
Normally I can access soap service with config from https link.
Is it about http redirection to https ?
In nginx access log;
status : 500
request: POST /Restservice/api/work/method1 HTTP/1.1
I find the reason. Because of the endcoding.
After choosing endcoding type 'UTF-8', I could see request body.
I am trying to use the auth_request module to check whether a user is allowed to access a certain file. The user posts the request at /my/download/uri/<File ID>. I want the authorisation request to be posted at auth_service:9999/files/<File ID>. The relevant part of my config is as follows:
location /my/download/uri {
auth_request /auth/files/$uri;
alias /my/file/directory;
}
location /auth {
internal;
proxy_pass http://auth_service:9999/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
The request is received by the authorisation service, but at literally /files/$uri; the variable is not placed. I have tried getting the URI ready via a set variable first, but to no avail. How can I get nginx to properly direct the authorisation request?
(Note: I am aware I can include the original request in the header of the authorisation request via X-Original-URI. However, this would mean I have to do additional processing of the full URI on the authorisation server to get the relevant data, which I would rather not do if there is a way to post the authorisation request to the correct URI in the first place.)
You cant use variables in auth_request this is apparently a design choice for nginx
https://trac.nginx.org/nginx/ticket/761
I came up with this through trial and error. I had trouble putting $uri in a variable, not sure why.
location ~ /my/download/uri/(.*) {
set $key $1
auth_request /auth;
alias /my/file/directory;
}
location /auth {
internal;
proxy_pass http://auth_service:9999/$key;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
I have a single page app and am trying to use the query parameter nocahce=true to bypass Nginx cache for the first response (HTML file) and ALL subsequent requests initiated by it (to get CSS, JS, etc).
According to this, I can bypass my cache using the query parameter but it is not working as expected.
Steps to reproduce the issue:
Use this minified generic configuration:
http {
...
proxy_cache_path /var/temp/ levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
server {
...
location / {
# Using angularjs.org as an example
proxy_pass https://angularjs.org;
proxy_set_header Host angularjs.org;
proxy_cache STATIC;
proxy_cache_valid 200 10m;
proxy_cache_bypass $arg_nocache;
add_header X-Cache-Status $upstream_cache_status always;
}
}
}
Expected:
The response header of the requests "http://servername" and "http://servername/css/bootstrap" (or any other subsequent requests initiated by http://servername?nocache=true) to bypass the cache, i.e. contain
"X-Cache-Status: BYPASS".
Actual:
The response header of "http://servername" contains "X-Cache-Status: BYPASS" but "http://servername/css/bootstrap" does not, instead the value of "X-Cache-Status" is HIT/MISS/etc depending on the cache status.
Am I using the proxy_cache_bypass in a wrong way or do I need to do more to achieve the expected behavior?
Thanks!
I was able to solve this by using cookie_nocache.
Update the directive proxy_cache_bypass to:
proxy_cache_bypass $cookie_nocache;
If you need to bypass the cache, set a cookie named "nocache" to true (any value that isn't empty nor 0 will work). Since the browser will send the cookies to subsequent requests, this will work.
To quickly test this, open the console and add the cookie like this.
document.cookie="nocache=true"
I am trying to use nginx as a reverse proxy, but I couldn't find anything on how to forward the x-access-token (JWT) header.
The reverse proxy works fine, and using http://localhost/app gives me the api. However, when I try to access anything requiring a token, ex. http://localhost/app/api/products I get Cannot GET //api/products.
In the documentation, it says that the default is proxy_pass_request_headers on; but the problem doesn't seem to be there.
nginx.conf
events {}
http {
server {
listen 8000;
location /app {
proxy_pass 'http://localhost:3000/';
}
}
}
I have set up a POP3 reverse proxy and is being used to serve multiple domains. I was thinking to pass the hostname of the request to the auth script as a custom header, but I don't know how.
The relevant section of the nginx.conf file is:
mail {
server_name mail.example.com;
auth_http 10.169.15.199:80/auth_script.php;
auth_http_timeout 5000;
proxy on;
proxy_pass_error_message on;
pop3_capabilities "LAST" "TOP" "USER" "PIPELINING" "UIDL";
server {
protocol pop3;
listen 110;
pop3_auth plain;
auth_http_header X-Auth-Port 110;
auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
auth_http_header my_hostname $host;
}
}
I tried with this:
auth_http_header my_hostname $host;
expecting nginx to replace the $host with the actual hostname, but it does not happen, the auth script receives $_SERVER[MY_HOSTNAME] = '$host'.
Is there any way I can accomplish this?
The only way to get the host of the auth, is authenticating like user#hostname.tld and in the auth headers split the part of the hostname.
If you want to proxy auth to multiple domains I wrote a module in perl