I'm using Nginx map directive in order to retrieve the value of an http param and put it into another variable that will be used to do a basic auth with an ldap server (using nginx-auth-ldap).
The problem is that, according to my debug log, my map always chooses the default value.
Here is my configuration:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
map $args $groupe_ldap {
default "default_group";
include /opt/nginx/appli.conf;
}
ldap_server my_ldap_server {
url ldap://somehost:someport/ou=xxx,dc=yyy,....;
binddn "...";
binddn_passwd "...";
require group "cn=$groupe_ldap,...";
group_attribute member;
group_attribute_is_dn on;
require valid_user;
}
server {
error_log /opt/nginx/log/debug.log debug;
listen 8243;
server_name myhost;
more_clear_input_headers 'X-Forwarded-For';
auth_ldap "Forbidden";
auth_ldap_servers my_ldap_server;
if ($request_method !~ ^(GET|OPTIONS|POST)$ ) {
return 403;
break;
}
location ~ ^(/monitor(.*)) {
if ($arg_appli = "") {
return 403;
break;}
rewrite ^/monitor.* /$arg_appli?;
proxy_set_header Host myhost:myport;
root html;
index index.html;
break;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}}
My appli.conf contains:
appli=1 ESB_SUPERADMIN;
The problem is that I always get default_groupe instead of ESB_SUPERADMIN when using this url: http://myhost:myport/monitor?appli=1.
Is something wrong on my configuration?
Thanks for your help.
Related
When I try www.abc.com it works but when i try www.abc.com/def or www.abc.com/ghi/ get 404 error.
Here is my nginx config
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.abc.com;
location / {
proxy_pass http://I/;
}
location /def{
proxy_pass http://oid-global-windows/;
}
location /ghi/ {
proxy_pass http://oid-global-windows/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
I tried to tweak the config with alias instead of proxy_pass still no luck. BTW, oid-global-windows is a docker container name and nginx is in another container hosted in same windoes server.
The setup I followed was as per this link -
https://www.mihajakovac.com/run-nginx-webserver-in-docker-on-windows/
On my server two types of services are running. some services are normal and need ssl certificate but one service should use pass through. I read the document and what I understood is that I need to create a stream on a new port. if I am using 443 for ssl then I can't use it for passthrough.so created a pass through stream on a new port 8443. Every thing works fine but for passthrough service I need to enter the port along with url e.g https://production-server:8443. I want it like
https://production-server:8443 -> https://production-server
so my question is can we reroute a request in nginx ? here is my configuration
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream unsecure{
server prod-exec:8040 ;
keepalive 64;
}
upstream secure {
server prod-exec:9001
keepalive 64;
}
server {
listen 80;
server_name ServerA;
access_log C:/nginx-1.20.1/logs/access.log upstreamlog;
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
proxy_pass http://unsecure/services;
}
location /services/countingservice {
proxy_pass http://unsecure;
}
}
location /services/balancingservice {
proxy_pass http://unsecure;
}
}
server {
listen 443 ssl;
server_name server-A:443;
access_log C:/software/nginx-1.20.1/logs/access.log upstreamlog;
ssl_certificate C:\\nginx-1.20.1\\ssl\\certificate.crt;
ssl_certificate_key C:\\nginx-1.20.1\\ssl\\certificate_key.key;
error_page 401 /test_401.html;
location = /test_401.html {
root /C:/nginx-1.20.1/html;
internal;
}
location / {
proxy_pass https://secure/services;
}
location /services/countingservice {
proxy_pass http://secure;
}
}
location /services/balancingservice {
proxy_pass http://secure;
}
}
stream {
access_log C:/nginx-1.20.1/logs/access.log main;
upstream passthrough_test {
server prod-exec:9001 max_fails=2 fail_timeout=180s ;
# Definition of Nginx server (URL + Port) for Application 1
server {
listen server A: 84443;
listen 84443;
proxy_pass passthrough_test;
proxy_next_upstream on;
}
}
I don't want to add port with URL for pass through. so if I config the passthrough on 443 can nginx filter the request by recognizing it's pattern?
or is there any other way?
Any help would be appreciated. Thanks in Advance.
I'm using NGINX as a reverse-proxy for a gunicorn application server. When there's a server error (url not found, request-timeout, etc) the response is returned as html. I'm familiar with NGINX's error page directive and I've attempted to put an error directive in the server block that forwards to my application server as shown below however the response is still returned as html. Any ideas?
server {
server_name rtj.foo.com;
client_max_body_size 10M;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/api;
}
error_page 404 /404.html;
location /404.html{
return 404 '{"error": {"status_code": 404,"status": "Not Found"}}';
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
You need to override the content type for the requested document by adding and empty types block and setting default_type to application/json.
See this document for details.
For example:
error_page 404 /404.html;
location = /404.html {
types {}
default_type application/json;
return 404 '{"error": {"status_code": 404,"status": "Not Found"}}';
}
If the URI does not need to be directly accessible (i.e. is private to the error_page directive), you could use a named location instead:
error_page 404 #error404;
location #error404 {
types {}
default_type application/json;
return 404 '{"error": {"status_code": 404,"status": "Not Found"}}';
}
I have this server block:
server {
server_name doamin.tld;
set $maintenance on;
if ($remote_addr ~ (127.0.0.1|10.1.1.10)) {
set $maintenance off;
}
if ($maintenance = on) {
return 503;
}
error_page 503 #maintenance;
location #maintenance {
root /var/www/html/global;
rewrite ^(.*)$ /holding-page.html break;
}
root html;
access_log logs/doamin.tld.access.log;
error_log logs/doamin.tld.error.log;
include ../conf/default.d/location.conf;
}
What is the correct way to pass a list to the $remote_addr instead of coding it like (127.0.0.1| etc...)?
Use the nginx map directive to set the $maintenance value according to the $remote_addr:
map $remote_addr $maintenance {
default on;
127.0.0.1 off;
10.1.1.10 off;
10.*.1.* off;
}
server {
server_name doamin.tld;
if ($maintenance = on) {
return 503;
}
# ... your code ...
}
Take a look at the include directive if you want to take the IPs list in a separate file.
I'm trying to load balance a web application through nginx, It works fine for all will my web application calls a service with sub-path.
for example it works
http://example.com/luna/
but not for
http://example.com/luna/sales
My nginx.conf
user nobody;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream lunaups {
server myhostserver1.com:8080;
server myhostserver2.com:8080;
}
server {
listen 80;
server_name example.com;
proxy_pass_header Server;
location = / {
rewrite ^ http://example.com/luna redirect;
}
location /luna {
rewrite ^$/luna/(.*)/^ /$1 redirect;
proxy_pass http://lunaups;
#add_header X-Upstream $upstream_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
my web application calls a service with additional subpath like /luna/sales fails to return response. What am i missing here?
It works if i remove one of my host server from upstream, But when I add second host on upstream it fails to return response.
Is my rewrite rule wrong or my configurations as whole is wrong?
There are four suffixes to the rewrite directive and they all have specific uses. See this document for details.
If you want the URI / to be mapped to /luna without changing the URL in the browser, you would use an internal rewrite with rewrite ... last. For example:
location = / {
rewrite ^ /luna last;
}
In the location /luna block, you need to rewrite the URI before sending it to proxy_pass statement (without leaving the location block), which requires a rewrite ... break. For example:
location /luna {
rewrite ^/luna(/.*)$ $1 break;
rewrite ^ / break;
proxy_pass http://lunaups;
}
The first rewrite changes any URI with a sub-path, and the second rewrite handles the URI without a sub-path.
See this useful resource on regular expressions.