Okay, so I know there is a lot of questions about Nginx Reverse Proxy but I don't understand any of the answers. I read the documentation on Nginx's website and I kind of get it but need some help.
So here is what I want.
Visitor ---> Nginx Reverse Proxy ---> Nginx Server (Website)
I know that you can get the reverse proxy to listen to a remote server, but I can't find the configuration files that I want. I also want to show a static html page when passing through the Nginx Reverse Proxy. So like a page that says "Hosted by this company", like Cloudflare does. I asked someone and they told me if I put the html file on the reverse proxy server then it'll show up when the visitor goes through the server, but I don't understand that concept, how do I get that static html to show up? And what will be the correct configuration be for this? I imagine it'll be different from a normal remote server configuration.
Thanks in advance!
In Nginx reverse proxy configuration it is possible to make some urls to be served from reverse proxy itself without going to source server.
Take a look at the following article: https://www.cevapsepeti.com/how-to-setup-nginx-as-reverse-proxy-for-wordpress/
In this article you can see in virtual.conf lines 51-55 that error_pages are served directly from reverse proxy, while other assets are fetched from source server first. Cloudflare employs the same concept. I hope this helps.
Related
I have setup a nginx proxy to pass https url to internal http neo4j web. I can reach the neo4j login page without any issue, but I am forced to use the neo4j+s/bolt+s interface.
Just wondering how I can configure nginx to remove any ssl related info via proxypass module, in order to login in neo4j with ws, no wss?
Thanks,
Chance
I managed to get rid of wss by adding another nginx proxy to set the https url as upstream server in location.proxy_pass. It won't show wss/neo4j+s/bolt+s any more once you visit the web by the http url. Hopefully it will help for anyone has the similar issue as me.
I have an application on an EC2 instance behind NGINX. NGINX serves the client as follows
https://localhost:443/org/consumer/consumer-app
My app in the backend only understands
http://localhost:8080/consumer/consumer-app
Both NGINX and app are on the same EC2 instance. I want a way to eliminate the /org/ before I pass the request to the upstream server. I tried rewrite directive but couldn't get it to work. What's the best way to do it?
Also, I want the /org/ reintroduced back by NGINX when responding back to the client.
Any help offered would be greatly appreciated.
Thanks
I've recently setup a Crucible instances in AWS connected via a HTTPS ELB. I have a nginx reverse proxy setup on the instance as well to redirect HTTP requests to HTTPS.
This partially works. However Crucible itself doesn't know it's running over HTTPS so serves up mixed content, and ajax queries often break due to HTTP -> HTTPS conflicts.
I've found documentation for installing a certificate in Crucible directly...
https://confluence.atlassian.com/fisheye/fisheye-ssl-configuration-298976938.html
However I'd really rather not have to do it this way. I want to have the HTTPS terminated at the ELB, to make it easier to manage centrally through AWS.
I've also found documentation for using Crucible through a reverse proxy...
https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html
However this doesn't specifically deal with HTTPS.
All I really need is a way to ensure that Crucible doesn't serve up content with hard coded internal HTTP references. It needs to either leave off the protocol, or set HTTPS for the links.
Setting up the reverse proxy configuration should help accomplish this. Under Administration >> Global Settings >> Server >> Web Server set the following:
Proxy scheme: https
Proxy host: elb.hostname.com
Proxy port: 443
And restart Crucible.
Making configuration on UI is one way. You can also change config.xml in $FISHEYE_HOME:
<web-server site-url="https://your-public-crucible-url">
<http bind=":8060" proxy-host=“your-public-crucible-url" proxy-port="443" proxy-scheme="https"/>
</web-server>
Make sure to shutdown FishEye/Crucible before making this change.
AFAIK, this configuration is the only way to tell internal Jetty of FishEye/Crucible to be aware of the reversed proxy in front of them.
I'm trying to come up with a solution where I can do the follow:
In my scenario there are 2 servers.
API1: Nginx + API Website
API2: Nginx + Staging Website
In order to check new version of API via mobileapp, I want to set my phone to use a proxy server (Should be API2), and only when the dest URL is https://api.test.com it will redirect it internally to localhost:6000.
Any ideas of how it can be done? I know Nginx does not support SSL Proxing, but maybe I'm wrong.
Thanks
Well,
Eventually I was able to accomplish that by using Apache Traffic Server which has been configured as a forward proxy while doing some map rules to redirect traffic from https to localhost:443/
But, I will be happy to hear some more ideas.
Thanks
I'm trying to use nginx behind a Compute Engine http load balancer. I would like to allow Health Check requests to come through a port unauthorized and all other requests to be authorized with basic auth.
The Health Check requests come from IP block: 130.211.0.0/22. If I see requests coming from this IP block with no X-forwarded-for header, then it is a health check from the load balancer.
I'm confused on how to set this up with nginx.
Have you tried using Nginx header modules? Googling around I found these:
HttpHeadersMoreModule
Headers
There's also a similar question here.
Alternative. In the past I worked with a software (RT), which had thought of this possibility in the software itself, providing a subdirectory for unauthorized access (/noauth/). Maybe your software might have the same, and you could configure GCE health check to point to something like /noauth/mycheck.html.
Please remember that headers can be easily forged, so an attacker who knows your vulnerability could access your server without auth.