How to get nginx host variable to work with proxy_pass - nginx

I am trying to setup an nginx proxy in front of any s3 website that I point at it. In the example below I have my DNS records customsite.com pointing to my proxy. When I don't use any variable for the destination of the proxy_pass there isn't an issue, but I want to be able to just dynamically pass the request using $host. How do I get the $host variable to behave with proxy_pass?
This Works
server {
listen 80;
location / {
add_header RequestedHost $host; # The host is returned as expected (customsite.com)
# go get it from s3
proxy_pass http://customsite.com.s3-website-us-east-1.amazonaws.com;
}
}
This Doesn't Work
server {
listen 80;
location / {
add_header RequestedHost $host;
# go get it from s3
proxy_pass http://$host.s3-website-us-east-1.amazonaws.com; # Doesn't resolve
}
}

Related

NGINX proxy_pass to defined upstream instead of https url directly

I have an nginx config that looks similar to this (simplified):
http {
server {
listen 80 default_server;
location /api {
proxy_pass https://my-bff.azurewebsites.net;
proxy_ssl_server_name on;
}
}
}
Essentially, I have a reverse proxy to an API endpoint that uses https.
Now, I would like to convert this to an upstream group to gain access to keepalive and other features. So I tried this:
http {
upstream bff-app {
server my-bff.azurewebsites.net:443;
}
server {
listen 80 default_server;
location /api {
proxy_pass https:/bff-app;
proxy_ssl_server_name on;
}
}
}
Yet it doesn't work. Clearly I'm missing something.
In summary, how do I correctly do this "conversion" i.e. from url to defined upstream?
I have tried switching between http instead of https in the proxy_pass directive, but that didn't work either.
I was honestly expecting this to be a simple replacement. One upstream for another, but I'm doing something wrong it seems.
Richard Smith pointed me in the right direction.
Essentially, the issue was that the host header was being set to "bff-app" instead of "my-bff.azurewebsites.net" and this caused the remote server to close the connection.
Fixed by specifying header manually like below:
http {
upstream bff-app {
server my-bff.azurewebsites.net:443;
}
server {
listen 80 default_server;
location /api {
proxy_pass https:/bff-app;
proxy_ssl_server_name on;
# Manually set Host header to "my-bff.azurewebsites.net",
# otherwise it will default to "bff-app".
proxy_set_header Host my-bff.azurewebsites.net;
}
}
}

Nginx reverse proxy to frontend and backend

I have two react app running on localhost:3000(frontend) and localhost:3001(backend). I want to serve both backend and front end from same server_name.. For example, if a user hits example.com the Nginx should route the traffic to frontend running on (localhost:3000) and if a user hits example.com/admin/login traffic should get routed to the backend (localhost:3001).
'''
server {
listen 80;
server_name example.com;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://localhost:3001;
}
location /admin-login {
proxy_pass http://localhost:3000;
}
}
'''
Using above configuration. I have frontend running on example.com. However, when I call example.com/admin/login I am getting redirected to app running on frontend (localhost:3000) instead of backend running on (localhost:3001).
Updating as per the answer given below. I have below configuration. it still have the same behavior.
server {
listen 80;
server_name example.com;
location /admin-login {
proxy_pass http://127.0.0.1:3000/admin-login;
}
location / {
proxy_pass http://127.0.0.1:3001;
}
location /home {
proxy_pass http://127.0.0.1:3001/home;
}
location /login {
proxy_pass http://127.0.0.1:3001/login;
}
location /signup {
proxy_pass http://127.0.0.1:3001/signup;
}
location /article {
proxy_pass http://127.0.0.1:3001/article;
}
}
I think the problem here is that
location / {
proxy_pass http://localhost:300
}
matches all queries so will also redirect anything to /admin-login
You could either rearrange your blocks to have the admin-login block above the / block in the config file, or make the adjustment below:
location = / {
proxy_pass http://localhost:300
}
This adjusted block should only redirect queries to / rather than /*
If you want to read more, it's explained in the documentation here - https://nginx.org/en/docs/http/ngx_http_core_module.html#location

nginx proxy_pass to dynamic url

I have multiple backend servers and I want to proxy all servers using a single nginx server instance. I don't want to change nginx.conf whenever I add a new backend server.
For example: Server 1 : 192.168.10.1:8080, Server2: 192.168.10.2:8080, etc
Nginx is running on example.com. I want to access Server1 by using example.com?ip=192.168.10.1, example.com?ip=192.168.10.2 etc
I tried this configuration, but it is giving 500 error page.
location / {
proxy_pass http://$arg_ip:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
Is there something I am missing? Is there any other way of achieving this?
server {
server_name dynamic_host;
listern 8080;
#resolver 8.8.8.8;
#seems you don't need resolver because you use ip address
location / {
if ( $arg_address != "" ) {
proxy_pass $arg_address;
#proxy_pass $arg_address$uri
#proxy_pass $arg_address$request_uri
}
}
}
the difference between the three proxy_pass
$proxy_address
example.com?address=http://192.168.10.2:8080/ goes to
http://192.168.10.2:8080/
$proxy_address$uri
example.com/test/path?address=http://192.168.10.2:8080/ goes to
http://192.168.10.2:8080/test/path
$proxy_address$request_uri
example.com/test/path?address=http://192.168.10.2:8080/&param=value goes to
http://192.168.10.2:8080/test/path?address=http://192.168.10.2:8080/&param=value
you can change the param address to ip, in this case, don't forget to change $arg_address to $arg_ip.
reference:
http://nginx.org/en/docs/http/ngx_http_core_module.html#variables

how to expose server port in upstream block of Nginx configuration?

We have a handful of homogenous application loosely under SOA pattern. Because of homogeneity, we have been able to define some neat pattern in Nginx to proxy all of our SOA apps through one configuration. Following Nginx configuration is absolutely working absolute wonders in conjunction with DNSmasq to resolve anything.yourdomain.devel eg. a.stackoverflow.devel, b.stackoverflow.devel domains and route that to appropriate app servers under your project folder via designated ports via maps.
worker_processes 2;
events {
worker_connections 1024;
}
http {
map $host $static_content_root {
hostnames;
default /path/to/project/folder;
# For typical standalone apps living in your project directory
# *.myapp.local.devel -> /path/to/project/myapp/public
~^([^\.]+\.)*(?<app>[^\.]+)\.devel$ /path/to/project/folder/$app/public; #rails pattern
}
map $app $devel_proxy_port1 {
default 3000;
domain1 3000;
domain2 4000;
}
map $app $devel_proxy_port2 {
default 3001;
domain1 3001;
domain2 4001;
}
server {
listen 127.0.0.1;
server_name ~^([^\.]+\.)*(?<app>[^\.]+)\.[^\.]+.devel$;
location / {
root $static_content_root; # Using the map we defined earlier
try_files $uri $uri/index.html #dynamic;
}
location #dynamic {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
proxy_pass http://127.0.0.1:$devel_proxy_port1;
}
}
}
Now, in order to simulate multiple servers behind Nginx load balancer. I thought of doing following proxy configuration which points to upstream rather than directly pointing to one server:port pair.
proxy_pass http://backend;
upstream backend {
server http://127.0.0.1:$devel_proxy_port1;
server http://127.0.0.1:$devel_proxy_port2;
}
I thought above would work but it always emits following error hinting the variables of map blocks are not available inside upstream context.
[emerg] 69478#0: invalid host in upstream "http://127.0.0.1:$devel_proxy_port1" in /usr/local/etc/nginx/nginx.conf:57
Is this an expected behavior?
Yes, variable can not be used inside upstream. You can create few upstream blocks with different names (upstream backend, upstream backend_domain, etc), resolve upstream name through map and put this variable to proxy_pass:
upstream backend {
server http://127.0.0.1:3000;
server http://127.0.0.1:3001;
}
upstream backend_domain1 {
server http://127.0.0.1:3002;
server http://127.0.0.1:3003;
}
upstream backend_domain2 {
server http://127.0.0.1:3004;
server http://127.0.0.1:3005;
}
...
upstream backend_domain30 {
server http://127.0.0.1:3060;
server http://127.0.0.1:3061;
}
map $app $devel_proxy {
default backend;
domain1 backend_domain1;
domain2 backend_domain2;
...
domain30 backend_domain30;
}
...
proxy_pass $devel_proxy;
...
In some cases you can skip map block using $app inside proxy_pass: proxy_pass backend_$app;, but need additional checks for $app values. Also, map allow to to map different "domains" to same applications.

Dynamic routing with NGINX

I am an amateur of NGINX, I want to setup NGINX as a Reverse Proxy for my web server.
I would like to know that the NGINX these things as listed below:
When a browser send request with URL: http://nginxproxy.com/client/1.2.3.4/, this request should be passed to the client with IP 1.2.3.4 http://1.2.3.4/, the browser should still show the URL nginxproxy/client/1.2.3.4/
And the same for:
nginxproxy.com/client/2.3.4.5 --> //2.3.4.5
nginxproxy.com/client/2.3.4.6 --> //2.3.4.6
All the others requests that doesn't mach the pattern should come to my default server myserver.
Can I do this by using NGINX?
After researching, I tried with the below configuration:
But unlucky, It doesn't work. The address was changed to http:/1.2.3.4 on browser's address bar, instead of http:/nginxproxy.com/client/1.2.3.4 as expected.
server {
listen 80;
location ~ ^/client {
rewrite ^/client/?(.*) /$2 break;
proxy_pass $scheme://$1;
}
location / {
proxy_pass http://myserver.com;
}
}
Any help is much appreciated.
Doing some more research and based on #Cole input, here is my answer:
location ~ ^/client/(?<site>[^/]+)/? {
rewrite ^.*\/client\/(?<site>[^\/]+)\/?(.*) /$2 break; #passing all the remaining request URIs after <site> group to client server
proxy_pass $scheme://$site;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host/client/$site; #this help to keep the address as it is on the browser's address bar
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass $scheme://myserver.com
}
server {
listen 80;
location /client/ {
rewrite ^/client/(?<site>[^/]+)/? $scheme://$site;
}
location / {
proxy_pass $scheme://myserver.com;
}
}

Resources