Nginx - Different proxy pass based on IP ranges - nginx

I've got a case where I need to do a different proxy pass in Nginx depending on which CIDR the client's IP address is part of.
So, for example, let's say I have the following CIDRs:
10.50.0.0/16
10.51.0.0/16
10.52.0.0/16
Each of those client addresses needs to have a different proxy_pass in Nginx. How would I go about doing this? I'm very new to Nginx so achieving things like this are still a bit confusing.

You could use Geo module. Your configuration then would look somewhat like this:
geo $upstream {
default default_upstream;
10.50.0.0/16 some_upstream;
10.51.0.0/16 another_upstream;
}
upstream default_upstream {
server 192.168.0.1:80;
}
upstream some_upstream {
server 192.168.0.2:80;
}
upstream another_upstream {
server 192.168.0.3:80;
}
server {
...
location ... {
...
proxy_pass http://$upstream;
}
...
}

Related

NGINX Reverse proxy based on presence of set of request headers?

If a user request do not have a set of headers, then the reverse proxy response should be routed to a different back end server , else if the reqeust have those headers, than request must go to a different server.
Is it possible in NGINX and how do we do that ?
Let's say that you're using x-backend-pool for your request header,
you can use the following NGINX module to get what you want: http://nginx.org/en/docs/http/ngx_http_map_module.html#map
The map directive allows you to set variables based on values in other variables, I've provided an example for you below:
upstream hostdefault {
server 127.0.0.1:8080;
}
upstream hosta {
server 127.0.0.1:8081;
}
upstream hostb {
server 127.0.0.1:8082;
}
map $http_x_backend_pool $backend_pool {
default "hostdefault";
a "hosta";
b "hostb";
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://$backend_pool;
}
}

NGinx split test two pages on same application instance

I'm trying to a/b (split) test two webpages on a single web application with a single hostname & instance.
Here's what I'm trying to achieve:
HTTP request for /
Request gets proxied to backend.app.com
Request is either proxied to backend.app.com/a or backend.app.com/b
Ideally that would be a sticky session that would maintain appropriate /a or /b during their session similar to what can be achieved with application pools.
Possible? Ideas?
You are looking for the split_clients directive.
Example from https://www.nginx.com/blog/performing-a-b-testing-nginx-plus/
http {
# ...
# application version 1a
upstream version_1a {
server 10.0.0.100:3001;
server 10.0.0.101:3001;
}
# application version 1b
upstream version_1b {
server 10.0.0.104:6002;
server 10.0.0.105:6002;
}
split_clients "${arg_token}" $appversion {
95% version_1a;
* version_1b;
}
server {
# ...
listen 80;
location / {
proxy_set_header Host $host;
proxy_pass http://$appversion;
}
}
}
The arg_token in this case can be pretty much any variable you want.

Nginx permanent redirect to different url for certain subdirectory

I have 2 Nginx servers serving static files from 2 different subdomains of an unknown parent domain, let's say <env>.foo.<domain>.com and <env>.bar.<domain>.com.
I want to configure the nginx server for <env>.foo.<domain>.com so that if the url has the subdirectory cat or dog I want to redirect to <env>.bar.<domain>.com/<subdirectory>/<rest of url>.
E.g.
http://dev.foo.mydomain1.com/cat/22 -> http://dev.bar.mydomain1.com/cat/22
http://dev.foo.mydomain1.com/dog/22 -> http://dev.bar.mydomain2.com/dog/22
http://dev.foo.mydomain2.com/dog/22 -> http://dev.bar.mydomain2.com/dog/22
http://dev.foo.mydomain1.com/bird/22 -> [no redirect]
The <env> and <domain> portions of the domain are dynamic depending to the environment to which the servers are deployed, but are common between the 2 nginx boxes.
I imagine it being something like:
server {
location ??? /(cat|dog) {
return 301 $scheme://???/$1$is_args$query_string;
}
}
But my nginx skills are not quite there...
rewrite ^/oldlocation$ http://www.newdomain.com/newlocation permanent;
Refer digital oceans's article on "How To Create Temporary and Permanent Redirects with Nginx" for further details.
What you can do is below
http {
map $http_host $host_to_send_to {
default $http_host;
dev.foo.mydomain1.com dev.bar.mydomain1.com;
dev.foo.mydomain2.com dev.bar.mydomain2.com;
}
server {
server_name dev.foo.mydomain1.com;
location /(cat|dog) {
return 301 $scheme://$host_to_send_to$request_uri$is_args$query_string;
}
}
}
You will need to add it to each server block which needs to handle the redirect.
Edit-1: Dynamic host name handling
You can handling host names dynamically also user re patterns and groups
map $hostsname $host_to_send_to {
default $http_host;
~(.*).foo.mydomain1.com $1.bar.mydomain1.com;
~(.*).foo.mydomain2.com $1.bar.mydomain2.com;
}

Nginx - proxy pass subpaths only

I would like to proxy the subpaths of my website to another service:
http://some-web-site.com/friends/ - renders /friends/index.html
http://some-web-site.com/friends/ [not empty request path] - proxy to another service.
Currently I have the following Nginx configuration:
location /programming/ {
(...)
proxy_pass http://tomcat:8080/friends;
}
But unfortunately this proxies /programming/ to http://tomcat:8080/friends.
Use an exact match location block to extract specific URIs for special handling:
location = /programming/ {
...
}
location /programming/ {
...
proxy_pass http://tomcat:8080/friends;
}
See this document for details.

How to use nginx as reverse proxy to direct localhost:9292 to a sub domain foo.localhost/?

I've learned how to pass localhost:9292 to localhost/foo with the following directive:
location /foo {
proxy_pass http://localhost:9292;
}
but I want do something like
foo.localhost -> localhost:9292
Is there a way I can do that?
If foo.localhost is your sub domain name and you want to proxy pass sub-domain to main-domain, you can use proxy_pass and you can learn a little more about server directive if needed. An example:
server {
listem 8080;
host sub.main.com;
...
location / {
proxy_pass http://main.com;
break;
}
}
server {
listen 8081;
host main.com;
...
location / {
//do something
}
}
This is proxy pass, means when access sub.main.com, actually it finally dealt by main.com, but the client side still shows sub.main.com. If you want client side shows main.com, here should use redirect but not proxy_pass.

Resources