How in Nginx to do rewrite without changing URL in address bar - nginx

I've been trying to do rewrite in Nginx:
domain.com/one/two -> onetwo.domain.com. The URL that user sees should not be changed in address bar.
This code does not work correctly - it changes URL in address bar
rewrite ^/one/two/ http://onetwo.domain.com/ last;
What solution must be there?
Thanks.

This isn't possible, because you're changing hostnames. Browser security is tied to it, as is webserver configuration.
You can rewrite URLs within same hostname, but changing hostnames requires redirect or using a frame.

Use proxy pass:
location /one/two/ {
proxy_pass http://onetwo.domain.com/;
include proxy.conf;
}
Where proxy.conf is where you keep your proxy settings, stuff like:
proxy_ignore_client_abort off;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 120;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REQUEST_SCHEME $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header 'SERVER_PORT' $server_port;

Related

How redirect headers with nginx rewrite

There is a request to my server where I redirect it to another service
I noticed that my headers are not redirected with request.
Shouldn't they be automatically redirected along with the request?
Configuration example:
location / {
rewrite (/v2\/partner\/products/.*)$ https://example.app$1 redirect;
rewrite_log on;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://abm_module;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
I searched for information on the Internet and documentation and found nothing. I will be grateful for help.

Use nginx location blocks with Shinyproxy

I recently successfully deployed a ShinyProxy + app using SSL with nginx and certbot in the following manner:
Dockerize ShinyProxy + app and launch on port 127.0.0.1:5001.
Create Nginx config and proxy_pass to 127.0.0.1:5001.
Secure using certbot.
This is the successful nginx.conf location section:
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 90s;
proxy_pass http://127.0.0.1:5001;
}
This nicely redirects me to https://app.myweb.com/login as I have set up a CNAME. Important to note, {ShinyProxy} redirects to the login at the end automatically. On successful login the url redirects to https://app.myweb.com/app/website.
What I really struggle with is the following: adding a location block or as I understand it, include my upstream block into my downstream (correct my terms if I am wrong). So, have my url go from https://app.myweb.com/login to https://app.myweb.com/dashboard/login using the following configuration in nginx:
location /dashboard/ { # THIS IS WHAT I WANT TO ADD
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 90s;
proxy_pass http://127.0.0.1:5001;
}
All that happens is, if I type https://app.myweb.com/dashboard/ it doesn't go to https://app.myweb.com/dashboard/login as I would expect, but redirects back to https://app.myweb.com/login which 404's.
Any advice on what I am doing wrong?

how to config nginx when the server make redirect

I configured my Nginx to locate /doc to one of my local servers, just like this:
location /doc {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
}
Then my server on 8000 port will make a redirect to /message/html
This is the problem...
The correct URL should be /doc/message/html
How can I config my Nginx to redirect the URL of /redirected_by_port_8000_server to /doc/redirected_by_port_8000_server in the location /doc block
You have to rewrite the URI. In nginx you will be able to pass /doc at the beginning of the URI by adding / at the end of the proxy_pass statement. It looks like below. Such that http://whatever/doc -> http://127.0.0.1:8000/doc
proxy_pass http://127.0.0.1:8000/;
However, the next proxy should rewrite by itself the /doc path and add it at its beginning. In nginx it would look like.
location /doc {
rewrite ^/(.*) /$1/message/html/ break;
proxy_pass http://127.0.0.1:8000/;
}
Many thanks to #Richard Smith.
I used curl -I checked the redirect location and changed my Nginx config file below:
location /doc {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8000;
proxy_redirect https://$http_host https://$http_host/doc; #this will rewrite the redirect Location header
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
}

Keycloak redirects to the keycloak URI instead of redirect_uri provided

We are trying to authenticate an application using keycloak. Both the applications are hosted behind nginx and the nginx configuration seems fine (shown below)
The issue we are having is that the redirect_url we specify is something like https://website.com/myapplication/auth but keycloak redirects to its own domain at https://auth.website.com/myapplication/auth
We tried to debug this issue but cannot figure out what could be the issue. any pointers would be appreciated.
nginx configuration
server{
listen 443;
server_name auth.website.com;
... certificates
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
}
}
This issue was fixed by changing the nginx configuration to the following
server{
listen 443;
server_name auth.website.com;
... certificates
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 64k;
proxy_pass http://127.0.0.1:9090;
}
}

nginx rewrite rule for redirection

I have two apps running on host1:7000 and host2:7000. I am fronting the two hosts by an nginx reverse proxy, where I want mydomain.com/admin to point to host1:7000/portal and mydomain.com/user to host2:7000/portal.
I have written the following config
listen 80;
server_name mydomain.com *.mydomain.com;
location ~ ^/admin/(.*)$ {
proxy_pass $scheme://<IP-ADDRESS>/$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
I can get to mydomain.com/admin to be redirected to host1:7000/portal but when the app redirects from host1:7000/portal on to host1:7000/login via relative path, in the browser I see mydomain.com/login. What do I need to do to get the second redirect go mydomain/admin/login?
Why do people use regexps for no reason and have all kind of problems with it?…
location /admin/ {
proxy_pass http://host1:7000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
This will automatically strip /admin/ from proxied request and prepend it in Location header (which is used in redirect).
See proxy_pass and proxy_redirect docs.

Resources