I have 2 servers on my network:
one linux machine (192.168.0.2) with a website listening on port 8181 for service1.domain.com
one windows machine (192.168.0.3) with a website listening on port 8080 for service2.domain.com
I want to set up an nginx reverse proxy so that I can route requests like so:
service1.domain.com --> 192.168.0.2:8181 with host header service1.domain.com
service2.domain.com --> 192.168.0.3:8080 with host header service2.domain.com
I have tried with the following config:
### General Server Settings ###
worker_processes 1;
events {
worker_connections 1024;
}
### Reverse Proxy Listener Definition ###
http {
server {
listen 80;
server_name service1.domain.com;
location / {
proxy_pass http://192.168.0.2:8181;
proxy_set_header host service1.domain.com;
}
}
server {
listen 80;
server_name service2.domain.com;
location / {
proxy_pass http://192.168.0.3:8080;
proxy_set_header host service2.domain.com;
}
}
}
But that doesn't seem to work?
Is there anything blindingly obvious that I might be doing wrong here?
this works fine for me:
http {
server {
listen 80;
server_name service1.domain.com;
location / {
proxy_pass http://192.168.0.2:8181;
proxy_set_header host service1.domain.com
}
}
server {
listen 80;
server_name service2.domain.com;
location / {
proxy_pass http://192.168.0.3:8080;
proxy_set_header host service2.domain.com;
}
}
}
have a try?
Related
I am doing load balancing with Nginx. Here is my config
upstream web_backend {
least_conn;
server localhost:8001 max_fails=3 fail_timeout=60s;
server localhost:8002 max_fails=3 fail_timeout=60s;
}
server {
listen 8545;
server_name _;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://web_backend;
}
}
server {
listen 8001;
server_name localhost;
location / {
proxy_pass https://some_other_url/v3/cxnmcdinwrtyf93vcwdiyfx8q6xqwxv9qg7c93fgcb;
}
}
server {
listen 8002;
server_name localhost;
location / {
proxy_pass 'https://chipdunk-dude:gorgeous-serpents-clubbed-orphans#nd-657-555-555-777.dogify.com';
}
}
as you can see the url at port 8002 is weird (dont even know what this kind of urls are called)
because it has ":" in the url, Nginx gives me this error
nginx: [emerg] invalid port in upstream "chipdunk-dude:gorgeous-serpents-clubbed-orphans#nd-657-555-555-777.dogify.com" in /etc/nginx/sites-enabled/default:60
The url at port 8001 works fine.
Everything before the # is userinfo which should be encoded by the browser and included as a separate request header according to RFC 7617.
Nginx is not a browser and cannot do it for you.
You could probably convert that into Base64 and use a proxy_set_header to set the Authorization header.
For example:
proxy_set_header Authorization "Basic Y2hpcGR1bmstZHVkZTpnb3JnZW91cy1zZXJwZW50cy1jbHViYmVkLW9ycGhhbnM=";
proxy_pass https://nd-657...;
Im using NGINX for http proxy like below
http {
server {
server_name example.com;
location / {
proxy_pass http://localhost:3000/;
}
}
}
I would like to know anyway to use NGINX for RTMP something like
rtmp {
server {
server_name example.com;
location / {
proxy_pass rtmp://localhost:1935;
}
}
}
I have looked at Nginx documentation, below configuration can be useful. Nginx TCP and UDP Load Balancing
stream {
server {
listen 3000;
proxy_pass localhost:1935;
proxy_buffer_size 32k;
}
}
#ismaildurmaz's answer was just about what I needed, but in my case I also wanted RTMPS (ie: RTMP over TLS). This was accomplished with:
stream {
server {
listen 1935 ssl;
proxy_pass 127.0.0.1:1936;
proxy_buffer_size 32k;
ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/ssl.key;
}
}
Here, the upstream RTMP server is configured to listen on port 1936, since nginx listens to port 1935 on all interfaces.
Here's the setup:
fowarding_proxy -> server_1, server_2
server_1 -> app1.domain.com, app2.domain.com
server_2 -> app3.domain.com, app4.domain.com
Where each server is running a docker daemon with an nginx reverse-proxy based on the jwilder/nginx-proxy + letsencrypt setup.
Both servers sit behind the same router and I need a way to route traffic correctly to each one based on the host name. I've been trying to use the nginx stream module since I don't want the forwarding proxy to handle any ssl termination, but the $ssl_preread_name directive doesn't (seem) to capture the host name on http traffic and I can't do a 301 on server directives in the stream module. What's the best way to approach this?
I've included an example of the config I'm currently working with and I've tried multiple iterations. Open to any suggestions.
(Also, as an aside, nothing logs to access.log)
Forward_proxy nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
# bare bones content, still nothing written to the log.
log_format main '[$time_local] $remote_addr'
access_log /var/log/nginx/access.log main;
map $ssl_preread_server_name $name {
app1.domain.com server1;
app2.domain.com server1;
app3.domain.com server2;
app4.domain.com server2;
}
upstream server1 {
server server1:80;
}
upstream server2 {
server server1:80;
}
upstream server1_ssl {
server server1:443;
}
upstream server2_ssl {
server server1:443;
}
server {
listen 80;
proxy_pass $name;
ssl_preread on;
}
server {
listen 443;
proxy_pass "${name}_ssl";
ssl_preread on;
}
}
Came up with a solution, happy to hear of better ones.
Instead of a single forwarding-proxy, I created two new nginx containers: One for HTTP traffic and the other for HTTPS traffic and put them both in a single docker-compose file for easier management.
HTTP-forwarding-proxy
http {
map $host $name {
default server1;
app3.strangedreamsinc.com server2;
app4.strangedreamsinc.com server2;
}
upstream server1 {
server server1_ip:8080;
}
upstream server2 {
server server2:8080;
}
server {
listen 80 default_server;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$name;
}
}
}
HTTPS-forwarding-proxy
stream {
map $ssl_preread_server_name $name {
default server1;
app1.strangedreamsinc.com server1;
app2.strangedreamsinc.com server1;
}
upstream server1 {
server server1_ip:8443;
}
upstream server2 {
server server2_ip:8443;
}
server {
listen 443;
proxy_pass $name;
ssl_preread on;
}
}
I'm not convinced there isn't a better way and there's probably something I'm overlooking, but this allows me to transparently route traffic to the correct reverse-proxy and still supports the letsencrypt protocols to apply SSL to my servers.
I have a nginx instance in AWS that has upstream Application layer.
There are two requirements for nginx
- keepalive
- use resolver to dynamically resolve the upstream
I am able to make either of them work.
Here is the config for making keepalive work:
upstream "backend" {
server "appserver.example.com:443";
keepalive 250;
}
server {
resolver 10.0.0.2 valid=60s;
server_name _;
location / {
proxy_http_version 1.1;
proxy_pass https://backend;
}
}
Here is the config for DNS resolver to work:
server {
resolver 10.0.0.2 valid=60s;
server_name _;
set $backend appserver.example.com:443;
location / {
proxy_http_version 1.1;
proxy_pass https://$backend;
}
}
How can I get both DNS resolver and keepalive to work without using a third-party plugin in open source NGinx
According to this Nginx wiki page
there seems to be the jdomain Plugin
http {
resolver 8.8.8.8;
resolver_timeout 10s;
upstream backend {
jdomain www.baidu.com;
# keepalive 10;
}
server {
listen 8080;
location / {
proxy_pass http://backend;
}
}
}
I have some problem about nginx with http and https bypass, In upstream block
upstream block:
upstream bypass{
server 192.168.99.1:80; #http
server 192.168.99.2:443 backup; #https
}
When http 80 have a problem (server down, etc), I want to redirect to https 443,
This block does not work for me.
location block:
location / {
proxy_pass https://bypass;
proxy_redirect off;
}
How can I resolve this?
This works well: Create server config section for each backend on different port and forward to both ports internally without ssl.
In this example, you can see how the first server acts as main server with cached content (available via https) and if cache content is not available, use the second server (via http).
(using nginx 1.19.6, just for reference)
upstream backends {
server 127.0.0.1:8082;
server 127.0.0.1:8081 backup;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# ssl certs etc here
location / {
proxy_pass http://backends;
proxy_next_upstream error timeout http_404 http_403;
}
access_log /var/log/nginx/access.log upstreamlog;
}
server {
listen 8081;
location / {
add_header X-Cache MISS;
proxy_pass http://server1;
proxy_set_header Host server1;
}
}
server {
listen 8082;
location / {
add_header X-Cache HIT;
proxy_pass https://server2;
proxy_set_header Host server2;
}
}
Taking a shot in the dark. Assuming you were having issues mixing HTTP and HTTPS in the upstream, you could try this in the location block:
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass;
proxy_redirect off;
}
}
And if that didn't work, split the bypass upstream block into bypass1 and bypass2 and reference them accordingly in their corresponding location blocks:
upstream bypass1{
server 192.168.99.1:80; #http
}
upstream bypass2{
server 192.168.99.2:443; #https
}
location {
try_files #bypass-http #bypass-https =404;
location #bypass-http {
proxy_pass http://bypass1;
proxy_redirect off;
}
location #bypass-https {
proxy_pass https://bypass2;
proxy_redirect off;
}
}
A third option would be reference them both on port 80, and ensure the second upstream server redirects HTTP requests to HTTPS.