I'm using nginx to route all incoming requests for a subdomain to a specific server. How do I configure nginx to also serve the static files from that same server?
server {
server_name subdomain.XYZ.com;
location / {
proxy_http_version 1.1;
proxy_redirect off;
proxy_pass http://10.123.456.78:8000;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 864000;
}
location /static/ {
autoindex on;
alias /static/;
}
}
In this case, all incoming requests to subdomain.XYZ.com are rerouted to 10.123.456.78:8000. But all requests for static files are still on the local server (the one running nginx).
How do I route the static files to the remote server? And then how do I enable both caching and gzip compression of those static files?
It's quite simple:
gzip on;
gzip_types text/plain application/json;
# or gzip *; for all
proxy_cache_path /data/nginx/cache keys_zone=one:10m;
location /static/? {
proxy_cache one;
proxy_pass http://10.123.456.78:8000/path/to/static/files;
}
I would recommend gzipping them from the source instead however (on server 10.123.456.78).
Related
I'm in the unfortunate situation that I need to extend my react application with an iframe containing an external application.
My application is hosted by a nginx reverse proxy that handles /api and signalr communication.
Unfortunately it also handles the outbout iframe src url.
in this example my site is on the url https://example.com
The iframe src url is in this case "https://external-site.com/someapp/session?token=1234"
When i see the requests in the browser the url has changed to https://example.com/esternal-site.com/someapp/session?token=1234, which needless to say is not working out of the box.
I've been toying with the nginx configuration but has been unable to just pass the request through without modification.
The iframe/destination works as expected when running locally.
I've attempted with a few different configuations inspired by stackoverflow and medium etc. but they've all returned various error codes.
the server runs on port 80, but https is handled by ingress on azure.
This is what i have currently:
upstream bff_service {
server ${BFF_HOST}:${BFF_PORT};
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 75s;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header Set-Cookie "msal_client_id=${BFF_MSAL_CLIENT_ID};Path=/;Secure";
}
location /api {
proxy_read_timeout 300s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host ${BFF_HOST};
proxy_set_header X-NginX-Proxy true;
proxy_pass ${BFF_PROTOCOL}://bff_service;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
}
location ^~ /external-site.com {
add_header Content-Security-Policy "frame-src 'self' https://external-site.com";
proxy_pass https://external-site.com/$request_uri;
}
}
I've also tried adding the lines below to the location:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
I'm looking for a configuration that allows me to embed an iframe with an external location. Perhaps even avoid nginx proxying it at all?
i've an issue with my NuxtJs deployment. I'm trying to do this with DigitalOcean Droplet and nginx. I'm using Nginx with reverse proxy with the configuration below.
server {
listen 80; # the port nginx is listening on
server_name reepen.gg; # setup your domain here
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
, location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://localhost:3000; # set the address of the Node.js instance here
}
}
When i try curl http://localhost:80, the response is the index html code of my Nuxt application. But when i try to call my droplet outside with his ip address or domain name, i've ERR_CONNECTION_TIMED_OUT. I don't know why my droplet ip address are not connected with my http://localhost:80
To configure my droplet i used this tutorial (i've set firewall as in doc) https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04
And i've tryed this tutorial to deploy my app https://medium.com/codeartisan/how-to-run-nuxt-js-on-digitalocean-159fc558d2ab
Thanks for your help :)
It was my ufw firewall set in https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04
When i disabled it all works fine !
So I have set up a reverse proxy to tunnel my application.
Unfortunately the application thinks it is served via http and not https and gives out URLs with port 80.
How can I handle this in the nginx reverse proxy? (by rewriting maybe)
When I go on the page:
https://my.server.com
index.php loads, everything is okay
after clicking something I have a URL like this:
https://my.server.com:80/page/stuff/?redirect_to
which throws an error within the browser because my reverse proxy doesn't serve SSL on port 80.
How can I migitate this?
My current nginx ssl vhost for the site:
... ssl stuff ...
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://localhost:22228;
proxy_buffering off;
proxy_redirect off;
proxy_read_timeout 43800;
proxy_pass_request_headers on;
proxy_set_header Connection "Keep-Alive";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
proxy_set_header X-Forwarded-Proto https;
}
(yes I know my request headers look like a christmas tree 🎄)
Also bonus points if you show where the documentation addressing this issue is and what the mechanism is called.
For rewriting response body you can use http_sub_module:
location / {
proxy_pass http://localhost:22228;
sub_filter_once off;
sub_filter_types text/css application/javascript; # in addition to text/html
sub_filter "//my.server.com:80/" "//my.server.com/";
}
Many people says (1, 2) that you need to disable compression when using sub_filter directive:
proxy_set_header Accept-Encoding "";
For me, it works fine without this line in config, but it can be a feature of OpenResty which I use instead of nginx.
If your app generates HTTP 30x redirects with explicit indication of domain:port, you can rewrite Location header value with the proxy_redirect directive:
proxy_redirect //my.server.com:80/ //my.server.com/;
I'm trying to figure out how to set up Nginx as a reverse proxy from a single domain to multiple backend sites based on the location.
Nginx Config:
server {
listen 80;
underscores_in_headers on;
server_name test.example.com;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css application/javascript;
gzip_vary on;
gzip_proxied any;
proxy_http_version 1.1;
location /page1/ {
proxy_pass http://www.siteone.com/pageone;
proxy_set_header Host www.siteone.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /page2/ {
proxy_pass http://www.sitetwo.com/pagetwo;
proxy_set_header Host www.sitetwo.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
The problem is that static files (images, css, etc.) are all broken. The initial request returns fine, but subsequent GET requests all go to the proxy subdomain (ex: test.example.com/css/style.css), and return 404 or 500 errors.
I tried to work around this with a static files location, or a catch all (e.g., "location /" or "location ~* ^(.*).(css|js|etc..)"), but I can't do that for both proxied sites. As a workaround I also tried catching the referer URL and setting the catch-all's proxy_pass based on that, but it didn't work for everything and seemed kind of prone to failure.
I know this isn't a common setup, but unfortunately for our use case we can't use the more common method of a subdomain & server block for each proxied request. Our requirement is for a single subdomain proxying to two or more backends based on the path (e.g., test.example.com/this-path -> backend.domain.com/can-be-anything).
We're using this proxy as a caching server, so I'd also be open to doing this with Varnish + Nginx for SSL termination if it better supports the use case.
Open to any suggestions from the community, and thanks!
I stuck to configure a simple reverse proxy on AWS.
Since we have one host (reverse proxy nginx) serving the public access I decided to follow the rules and created the following configuration.
server {
listen 9990;
server_name project-wildfly.domain.me;
access_log /var/log/nginx/wildfly.access.log;
error_log /var/log/nginx/wildfly.error.log;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
root /var/www/;
index index.html index.htm;
location /console {
proxy_set_header Host $server_addr:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Cache-Control "no-cache, no-store";
proxy_pass http://10.124.1.120:9990/console;
}
location /management {
proxy_set_header Host $server_addr:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Cache-Control "no-cache, no-store";
proxy_pass http://10.124.1.120:9990/management;
}
}
This will serve the admin console and I'm able to log in with the user. Then this message appears:
Access Denied
Insufficient privileges to access this interface.
Nothing within the error log. Thanks for any hint!
I had the same issue when configuring Wildfly 15 and nginx 1.10.3 as reverse proxy.
Setup was very similar to the first post, redirecting /management & /console to wildflyhost:9990.
I was able to access the console directly via :9990 and when comparing the network traffic between direct and nginx-proxied traffic, I noticed that Origin and Host were different.
So in my case the solution was to force the Origin and Host headers in Nginx to something that Wildfly is expecting. I couldn't find this solution elsewhere, so I'm posting it here for future reference anyhow although the thread is old.
location /.../ {
proxy_set_header Host $host:9990;
proxy_set_header Origin http://$host:9990;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
proxy_pass http://wildflyhost:9990
...
}
Maybe you need turn on management module.
Try this:sh standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0 &