I have 2 tornado applications and I am trying to use nginx as a proxy for them, but I need those applications to be served in the same address but different locations (Access app1 with URL http://myserver/app1, and app2 with URL http://myserver/app2).
My nginx configuration file /etc/nginx/conf.d/myserver.conf:
upstream app1 {
server 127.0.0.1:8081;
server 127.0.0.1:8082;
}
upstream app2 {
server 127.0.0.1:9081;
server 127.0.0.1:9082;
}
server {
listen 80;
access_log /var/log/nginx/myserver.access.log;
error_log /var/log/nginx/myserver.error.log;
location app1/static {
root /path/to/app1/;
if ($query_string) {
expires max;
}
}
location app2/static {
root /path/to/app2/;
if ($query_string) {
expires max;
}
}
location /app1/ {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://app1/;
}
location /app2/ {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://app2/;
}
}
When I access, for instance, app1 via tornado it works fine:
Via tornado: http://myserver:8081/ redirects to login http://myserver:8081/auth/login. Good.
Via nginx: http://myserver/app1 redirects to http://myserver/auth/login (it should redirect to http://myserver/app1/auth/login).
What is the correct nginx configuration to make it work?
This is controlled by the proxy_redirects setting. You've turned it off, so when the tornado server redirects to /auth/login that gets passed through as-is. You need to either make the tornado server aware of its urls as seen by the outside world (i.e. include /app1/ in all the routes and redirects even internally) or turn on proxy_redirects to have nginx remap them. I recommend the former, since proxy_redirects only works for redirects and you'll usually run into similar issues in other places (urls for static content, for submission, etc).
Related
I'm in the unfortunate situation that I need to extend my react application with an iframe containing an external application.
My application is hosted by a nginx reverse proxy that handles /api and signalr communication.
Unfortunately it also handles the outbout iframe src url.
in this example my site is on the url https://example.com
The iframe src url is in this case "https://external-site.com/someapp/session?token=1234"
When i see the requests in the browser the url has changed to https://example.com/esternal-site.com/someapp/session?token=1234, which needless to say is not working out of the box.
I've been toying with the nginx configuration but has been unable to just pass the request through without modification.
The iframe/destination works as expected when running locally.
I've attempted with a few different configuations inspired by stackoverflow and medium etc. but they've all returned various error codes.
the server runs on port 80, but https is handled by ingress on azure.
This is what i have currently:
upstream bff_service {
server ${BFF_HOST}:${BFF_PORT};
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 75s;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header Set-Cookie "msal_client_id=${BFF_MSAL_CLIENT_ID};Path=/;Secure";
}
location /api {
proxy_read_timeout 300s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host ${BFF_HOST};
proxy_set_header X-NginX-Proxy true;
proxy_pass ${BFF_PROTOCOL}://bff_service;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
}
location ^~ /external-site.com {
add_header Content-Security-Policy "frame-src 'self' https://external-site.com";
proxy_pass https://external-site.com/$request_uri;
}
}
I've also tried adding the lines below to the location:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
I'm looking for a configuration that allows me to embed an iframe with an external location. Perhaps even avoid nginx proxying it at all?
This may have been answered many times before but most answers are site specific so wanted some insight on a bareboned nginx config on how to redirect multiple external sites under same server but different subdomain. Pls note the external sites are inaccessible and need the reverse proxy via XYZ to make accessible.
I found existing nginx config already a proxy set up for site1 : AAA proxied through http://XYZ:8088. Below is the existing config. Now, how do I go about adding another site2 to be proxied via http://XYZ:8088/site2
So far, I tried to add additional section at the bottom of config similar to site1 (which is perfectly working fine), however site2 css/images is lost if I try to hit http://XYZ:8088/site2
server {
listen 8088 default_server;
server_name "";
return 444;
}
server {
listen 8088;
server_name "XYZ.example.com";
charset utf-8;
# Deny access to .htaccess files.
location ~ /\.ht {
deny all;
}
# Proxy to site1 server.
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name:$server_port;
proxy_pass http://site1;
}
# Proxy to site2 server.
location /site2 {
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://site2/;
}
}
upstream site1 {
server site1:1111;
}
upstream site2 {
server site2:2222;
}
Any help would be appreciated. Also if someone can explain why below config is behaving this way ? I understand it has something to do with the additional "/site2" being used now. But how do I make it ignore that.
I am trying to link all the services on my network together with nginx. One of those services is Plex. The nginx server is running inside docker on 192.168.1.150:80. The plex server is running on 192.168.1.149:32400. I also have a homer instance running on 192.168.1.148:80 I have a working config (see below), but I want to change something that I do not know how.
Nginx.conf:
user nginx;
worker_processes 5;
events {
worker_connections 2048;
}
http {
server {
location / {
proxy_pass http://192.168.1.148:80;
}
location /plex {
proxy_pass http://192.168.1.149:32400/web;
}
location /web {
proxy_pass http://192.168.1.149:32400/web;
}
}
}
As you can see, because plex requests resources from subdomain '/web', I have to add the proxy_pass for /web to go to plex as well. This is far from ideal when I want to use the subdomain /web for something else. The plex's index.html requests some script from /web/.... Is there some way to have this request go to /plex/web, so that I can catch it in that subdomain and not in the global one. This way I can use /web for something else.
Thanks in advance
ExellentCoin
Not sure if you found a solution but came across your post researching Plex configs and had the same question. This is what I came up with and works:
location /plex/ {
proxy_pass http://192.168.68.102:32400/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
if ($http_referer ~ /plex/) {
rewrite ^/web/(.*) /plex/web/$1? redirect;
}
I am learning nginx, trying to setup an in-house server. My configuration is:
upstream app{
server app:8000;
}
server {
listen 80;
location /api/app/ {
proxy_pass http://app;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}
I want to request nginx with localhost/api/app/admin, but my app can only respond to app:8000/admin. Hence, I want only admin/ to be passed to the application. I tried using rewrite, but was not able to get the desired result.
Note, this question is moved to stackoverflow from superuser
I got the following nginx conf:
server {
listen 80;
listen 443 ssl;
...
# specific rule to serve versioned js resources
location ~ ^/js/([0-9\.]+)/(.*)$ {
alias /opt/x/public/deploy/js/$1/$2;
}
location / {
add_header P3P 'CP="CAO PSA OUR"';
proxy_pass http://127.0.0.1:8088;
set $ssl off;
if ($scheme = https) {
set $ssl on;
}
proxy_set_header X-Forwarded-Ssl $ssl;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
It works as expected. However if a certain versioned js resource does not exists in the deployed dir, say /opt/x/public/deployed/js/1.1/, it will return 404. What I want is in that case nginx shall pass the request to the backend service running at 8088 port instead of returning 404. Is this even doable?
Thanks!
Green
http://wiki.nginx.org/HttpCoreModule#try_files
try_files is your friend, here you can do the order you want to try files and finaly have the proxypass upstream.