Nginx patch method, proxy pass - nginx

I have a small problem with nginx and patch method - I've got 400 Bad request.
I use OpenProject (use Apache2) in my OpenVZ.
I use Nginx on base machine and I use proxy pass to pass request to the container OpenVZ.
Unfortunetely, I have error in OpenProject - probably patch method.
How can I fix it in nginx to use patch method correctly ?
Here is my nginx config:
server {
server_name DOMAIN;
location / {
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded_For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.130:80/;
}
}

Related

NGINX proxy_pass based on custom header

I am setting up a reverse proxy on Nginx, and the client request has a header X-OUTBOUND-URI, which will then hit my reverse proxy on a particular port.
I am trying to do a proxy_pass on the variable $http_x_outbound_uri, but there is a resolver error.
server {
listen 8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass $http_x_outbound_uri;
}
}
This is the curl command that is used: curl localhost:8082 -H "X-OUTBOUND-URI: http://localhost:9001", and I have a webserver running on port 9001.
Am I doing this wrongly? Also, for this use case, is it more suitable to do a redirect instead. Thanks.
For those who have encountered the same issue, I managed to resolve this issue by changing localhost to 127.0.0.1, otherwise, we have to set a resolver. I found the explanation in another post.

Nginx redirects instead of doing reverse proxy with proxy_pass

I have an nginx running on a docker container, which serves a web client.
I want to proxy requests from the client, so that the nginx will pass the POST requests to the server, since the actual destination endpoint is not accessible to the client.
This is the location directive:
location /zipkin {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $host;
proxy_pass http://my-ip:9411/;
}
The client makes requests to http://localhost:8080/zipkin/api/v2/span, which I want the nginx to pass (without redirection) to http://my-ip:9411/api/v2/span.
What happens in practice is that I get a 301 response (to http://localhost:8080/api/v2/span), and the POST is never sent to the destination.
Edit: another try that returns 404 -
location /zipkin/ {
rewrite ^/zipkin/(.*) /$1 break;
proxy_pass http://my-ip:9411$uri; # tried 9411;, 9411/, 9411$uri, 9411$uri/
}
Here $uri is /api/v2/span.
The solution in the end was:
location ~ ^/zipkin(/?)(.*) {
proxy_pass http://my-ip:9411/$2;
}
One of my tries was ^/zipkin(.*) but it evidently didn't work.
Probably the / after the /zipkin is problematic, so (/?) removes it,
And that leaves the (.*) the clean part of the url which needs to be attached to the proxy_passed url.

Reverse Proxy HTTPS Requests as HTTP to Upstream Server

We are using NGINX on our cPanel server to reverse proxy ZKTeco ZKBioSecurity servers. Due to compatibility with some of their devices not supporting HTTPS, all our servers use HTTP, but, of course, all sessions to our NGINX server is secured with HTTPS and a Sectigo certificate provided by cPanel’s AutoSSL.
Here’s the problem: it seems that the ZKBioSecurity servers are detecting that the client is using HTTPS to connect to them through NGINX, and because of this, give the following prompt each time you want to log in, advising you to download and install the ISSOnline driver and certificate. The certificate, however, is issued to the ZKBioSecurity server for 127.0.0.1, so of course this is rather pointless as we are connecting to the NGINX server using a FQDN. This does not happen if we use HTTP:
So my question: is there something in the request (the HTTP header perhaps?) that NGINX forwards to the upstream server that contains the protocol (HTTPS) the client used to connect to the server? Because this somehow seems to be the case.
Here’s our NGINX config for ZKBioSecurity servers:
location /.well-known {
root /home/novacloud/public_html/subdomain/.well-known;
allow all;
try_files $uri = 404;
}
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
proxy_pass http://192.168.0.1:8080;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
The server_name directive is, of course, managed by cPanel. The above is an example of the include files we use in the main cPanel NGINX configuration file. I thought it was the proxy_set_header X-Forwarded-Proto $scheme, but even if I remove this, I still get the Driver Detection Exception prompt.
Here’s a Pastebin of a cURL of the ZKBioSecurity server from our cPanel/NGINX server

Nginx Bad Gateway 502 when accessing istio-envoy deployed on kubernetes

My web application is running on One Server and two worker nodes
my nginx config file is
server {
listen ip-address:80 ;
server_name subdomain.domain.com;
server_name www.subdomain.domain.com;
server_name ipv4.subdomain.domain.com;
location / {
proxy_pass http://ip-address:32038/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
fastcgi_read_timeout 3000;
}
}
server {
listen ip-address:443 ssl http2;
server_name subdomain.domain.com;
server_name www.subdomain.domain.com;
server_name ipv4.subdomain.domain.com;
ssl_certificate /opt/psa/var/certificates/scf83NyxP;
ssl_certificate_key /opt/psa/var/certificates/scf83NyxP;
ssl_client_certificate /opt/psa/var/certificates/scfrr8L8y;
proxy_read_timeout 60;
location / {
proxy_pass https://ip-address:30588/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
my website on http://subdomain.mydomain.com is running fine . but when i use https://subdomain.mydomain.com it displays bad gateway error page server by nginx
through ssh when i run following command everything works fine
For http
curl -v -HHost:subdomain.mydomain.com http://ip-address:32038
curl -v subdomain.mydomain.com
For https
curl -v -HHost:subdomain.mydomain.com https://subdomain.mydomain.com:30588
From server node SSH
curl -v -HHost:subdomain.mydomain.com --resolve subdomain.mydomain.com:30588:ip-address --cacert /opt/psa/var/certificates/scf83NyxP https://subdomain.mydomain.com:30588
Any help will be really appreciated.
Thanks
Without knowing anything about the backend service, I would guess that perhaps it is not equiped for HTTPS. You may simply need to change this line...
proxy_pass https://ip-address:30588/;
to...
proxy_pass http://ip-address:30588/;
If the backend service does in-fact need to be called by https (unusual), then we would need to see how that service in configured, as the nginx error suggests that it is not correctly processing the SSL connection.
502 Bad Gateway in Nginx commonly occurs when Nginx runs as a reverse proxy, and is unable to connect to backend services. This can be due to service crashes, network errors, configuration issues, and more. How do we pinpoint the issue? We need to look at what is returning an invalid response to nginx.
Assuming nginx errored because of configuration issues ---
I have run into a 502 Bad Gateway - nginx simply because I had inconsistencies with white space on my config file.
Probably the result of copy/pasting your config file code here, but there are spacing inconsistencies that could trigger a parsing fail for the file.
i.e. My 502 bad gateway - nginx error was solved by deleting a space that I had accidentally added in front of a line in the config file.

Nginx proxy with Docker containers

This is my docker infra.
nginx webserver serving on port 80 (exposed to host)
media and blog serving on port 80 (not exposed to host) running under individual container
All running on the same VM.
Name Command State Ports
----------------------------------------------------------------------------------
media docker-php-entrypoint apac ... Up 80/tcp
mysql_db_blog docker-entrypoint.sh mysqld Up 3306/tcp
mysql_db_media docker-entrypoint.sh mysqld Up 3306/tcp
webserver nginx -g daemon off; Up 0.0.0.0:80->80/tcp
blog docker-entrypoint.sh apach ... Up 80/tcp
My nginx config:
server {
listen 80 default_server;
server_name 192.168.0.7;
server_tokens off;
location /story/ {
proxy_pass http://blog/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /videos/ {
proxy_pass http://media/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
My issue:
When I try to access any of the below URLs
1) http://webserver/story
2) http://webserver/videos
after the first request, the last part 'story' or 'videos' gets deleted form the url.
What am I missing from nginx conf to make sure 'story' or 'videos' doesn't gets removed from the url?
It's to do with how proxy_pass is written in your stanza.
From proxy_pass:
A request URI is passed to the server as follows:
If the proxy_pass directive is specified with a URI, then when a request is passed to the server, the part of a normalized request URI matching the location is replaced by a URI specified in the directive:
location /name/ {
proxy_pass http://127.0.0.1/remote/;
}
If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI:
location /some/path/ {
proxy_pass http://127.0.0.1;
}
So change your proxy_pass:
location /videos/ {
proxy_pass http://media;
Note - lack of trailing slash, means it preserves the original URI.
You might also want to look at rewrite as that does something related.

Resources