i've successfully managed to set up a reverse proxy which receives data via POST requests from clients and forwards them to a NodeJS server for further processing and storing.
now i would like the nginx reverse proxy to return a 200 OK blank response for all of these requests BEFORE forwarding to the nodeJS server. so the clients will receive the response immediately without the need to wait for the backend server to finish the processing.
if i use "return 202;" inside the location directive, the nginx reverse proxy does respond immediately, but never forwards the request to the NodeJS server.
can this be achieved with nginx?
any help would be much appreciated.
Thanks,
Related
I have an nginx server serving both as an http server (frontend) on / and reverse proxy on /api, where it forwards the requests to a node server (backend) on the same machine (localhost).
I am using authentication only on the frontend. The backend accepts all incoming requests and does not authenticate again the requests.
I would like to allow all requests coming from the frontend to the backend. I would like to block all requests coming to the backend from other sources (via the reverse proxy of course).
For example, the frontend will try to login the user using the user third-party auth id via https://domain/api/login/id. The reverse proxy will forward it to the backend. This is fine.
I can also access the backend directly from any other machine via https://domain/api/login/id.
My question is the following. I would like to block all requests not originating by the frontend. I have tried figuring out how to find the information but it seems that the X-Real-IP header always refers to the browser originating the request (either by using the frontend or directly). I am wondering if there is any header I can set in the reverse proxy which will tell the backend that this is an allowed call, or even use nginx own allow/deny rules. Right now, I do not manage to make a distinction between the two types of requests.
Thank you very much!
I wrote a proxy server which works well. But when looking at the log, there are some weird requests like:
POST https://vortex.data.microsoft.com/collect/v1 HTTP/1.1
Also some GET over https. I think only CONNECT is allowed over https, am I wrong? If I am wrong, how to deal with these request? (I just dropped these requests in my app.)
Another thing maybe unrelated is all these requests are related to microsoft from the log.
There isn't any problem handling any HTTP Method with HTTPS within a proxy.
All the requests with https://-protocol will be automatically received and sent to port 443 if not indicated otherwise.
Independently if you have a server where you deployed a HAProxy, NGINX, Apache Web Server or that you literally wrote a proxy like this one in JavaScript, only thing you have to do is to literally proxy the requests to the destination server address.
Regarding the encryption, precisely HTTPS ensures that there are no eavesdroppers between the client and the actual target, so the Proxy would act as initial target and then this would transparently intercept the connection.
Client starts HTTPS session to Proxy
Proxy intercepts and returns its certificate, signed by a CA trusted by the client.
Proxy starts HTTPS session to Target
Target returns its certificate, signed by a CA trusted by the Proxy.
Proxy streams content, decrypt and re-encrypt with its certificate.
Basically it's a concatenation of two HTTPS sessions, one between the client and the proxy and other between the proxy and the final destination.
I have a question that in a environment where NGINX is acting as a reverse proxy, then does NGINX forwards or creates a new HTTP request for the upstream server ?
And in case NGINX is configured to perform authentication also, then once the user is authenticated, then in future requests, how NGINX and upstream servers will know that the user is authenticated ?
NGINX forwards the request to upstream servers. It modifies two request headers and removes the empty request headers. When the request is forwarded the requested URL is placed in X-Target header. Refer to NGINX-Blog in NGINX.com.
I am not sure how to formulate my question but here we go:
I have 2 servers, one is the nginx reverse proxy and one is the app server.
In my app server, I am developing a simple http client using jerseyclient that will send a request to another server. I can do this now but the traffic goes from the app server and directly to the destination. Is it possible to it from the app server, passes through the reverse proxy server and goes to the destination?
And, is this design ok or is it an abomination?
nginx reverse proxy works only for requests outside your network.
To configure your system works as you described you have to configure firewall NAT or caching HTTP proxy like squid etc.
If you have no reasons why your servers should look as single computer - your configuration is OK.
I have a few legacy clients that don't "speak" HTTPS which I've connected to an upstream server serving content only over HTTPS using nginx as a reverse proxy. This is the flow:
(1) client -> (2) nginx:80 redirects to https -> (3) upstream server
The problem now is in front of (3) there is a forwarding proxy I have to go through, proxy which does HTTPS over HTTP Connect and I have a hard time finding a way to somehow bridge (or replace completely) nginx over HTTP Connect:
(1) client -> (2) nginx:80 redirects to https -> (3) proxy HTTP CONNECT -> (4) upstream
Any ideas what should go in or instead of the bold component ?
I've looked at tinyproxy but that expects HTTP Connect directly (which nginx does not support) and squid which I cannot figure out how to configure to do HTTPS over HTTP CONNECT.
I am essentially looking for a way to bridge http to https through a proxy, please ignore any product names and feel free to suggest anything - including code samples. The clients as well as the server are part of my application.