Is there an equivalent of apache's ProxyRemote directive for NginX?
So the scenario is I am behind a corporate proxy and I want to do proxy passes for various services with NginX. I would do it in Apache with the following:
ProxyPass /localStackOverflow/ https://stackoverflow.com/
ProxyPassReverse /localStackOverflow/ https://stackoverflow.com/
ProxyRemote https://stackoverflow.com/ http://(my corporate proxy IP)
I know I need the proxy_pass directive in NginX but can't find what I would use for the ProxyRemote.
Thanks
Not sure how #tacos response can work - possibly something I'm missing but the only way I could sort of get this to work was by rewriting the url and passing on to the corporate proxy. This is shown below:
http {
server {
listen 80;
location / {
rewrite ^(.*)$ "http://www.externalsite.com$1" break;
proxy_pass http://corporate-proxy.mycorp.com:8080;
}
}
}
This works, but does rewrite the url, not sure if this is important to the original use-case..
The servers you proxy behind an Nginx front-end web server are referred to as upstream servers. You will want to refer to the documentation for the HttpUpstreamModule. It's very similair to what you are familiar with. If you don't need load-balancing, you just setup the one upstream server in the configuration and it will serve your purpose.
Related
I have an octoprint server running at http://192.168.1.205. I also have an nginx server hosting myDomain. I want to be able to use the nginx server to pass on a request for http://myDomain/octo to http://192.168.1.205 using a reverse proxy. Here is my nginx code...
server {
server_name myDomain;
location /octo/ {
rewrite ^/octo/(.*) /$1 break; #strip /octo from url
proxy_pass http://192.168.1.205;
}
}
The first http://myDomain/octo request is passed on to http://192.168.1.205 correctly. But after the first response the code in the client makes another request to http://myDomain/moreUri. Since this uri doesn't have /octo nginx doesn't know to send it to http://192.168.1.205/moreUri. Is there a way to have nginx change something in the first response so that the client then makes following requests to http://myDomain/octo/moreUri?
I was able to accomplish this for a case where the octoprint server responded with a redirect. I used ...
proxy_redirect http://192.168.1.205/ http://myDomain/octo/;
and it worked. But that only works on redirects and the following requests were wrong again.
Is there a way to have nginx change something in the first response so
that the client then makes following requests to
http://myDomain/octo/moreUri?
I am not aware that this is possible.
What about to adjust the nginx configuration accordingly ? using location / to process all requests within that block and add an additional redirect directive to address the "Since this uri doesn't have /octo nginx doesn't know to send it to http://192.168.1.205/moreUri" should do the trick.
server {
server_name myDomain;
location / {
rewrite ^/octo/(.*) /$1 break; #strip /octo from url
rewrite ^/(.*)/(.*) /octo/$2 break; #rewrite /moreURI to /octo/moreURI
proxy_pass http://192.168.1.205;
}
}
No matter if the above nginx reconfiguration fixes your issue, i assume the root cause why you need to configure the nginx as reverse proxy in this way might be a misconfigured (or not optimally configured) application. Check the config file if it is possible to configure the applications base path. If so, set it to /octo/ (so the application itself prepends /octo/ to all the links it presents to the user and all requests to the backend automatically) and adjust the rewrite rules accordingly.
I have a server running with Nginx reverse proxy.
We have our application running in another server, which is served using this Nginx proxy. Below is the configuration I have used and its working fine.
location / {
rewrite ^/(.*) /$1 break;
proxy_pass http://10.0.0.121:8000;
}
I would need to download a pdf file in the application machine (10.0.0.121) , which is under /home/ubuntu/app/pdf/data-2021-03-25.pdf.
How could I make the file in application machine downloadable from the proxy server, please help.
Thanks in Advance.
I would simply install another nginx instance on 10.0.0.121 and configure it like this. NON-PROD READY!
server {
listen 8080;
server_name ...;
root /home/ubuntu/app/pdf;
location = /data-2021-03-25.pdf {
try_files $uri $uri/ =404;
}
server {
listen 8090;
location / {
proxy_pass http://localhost:8080;
}
}
}
Not tested but this server will handling the request serving the file. Then you could just use proxy_pass on the other server to proxy the request.
But beside from this option you can use a python, perl, php, java, nodejs, assembly or what ever programming language you want to use to open a http port and serve the file on an incoming request. Its really your choice.
just make sure if you're going for the proxy solution you are sanitizing the requests on your proxy. For example. With a small change in the setup above you could cheat and get any other files from your home/app directory by sending an request like curl -v localhost:8090/pdf/../other/file. So make sure you are using the root(/home/ubuntu/app/pdf/) directive and set a location matching the pdf-file on the proxy-server as well.
That worked in my demo app.
i have a central reverse proxy with nginx, and inside of my environment i have a unified development tool like this:
dev.mycompany.com.br
and some applications like jenkins, artifactory.. working very well
dev.mycompany.com.br/jenkins
dev.mycompany.com.br/artifactory
but now i tryed to add another application (zanata) working in my docker server listening in following address: http://192.168.4.240:8080/zanata
in dev.conf in my nginx server i added the follow configuration for reverse proxy:
location /zanata {
proxy_pass http://192.168.4.240:8080/zanata/;
but returns blank page and 404 http code in access log.
if i remove /zanata like this:
proxy_pass http://192.168.4.240:8080/;
working fine and go to the wildfly welcome page.
somebody have a idea for this work this configuration?
thanks!
I think yo use https on top of your proxy and when zanata redirect it replaces the protocol by http.
curl -vvv https://myserver.com/zanata to see that.
edit your proxy to redirect http to https and it should work.
something like this :
server {
listen 80;`
server_name myserver.com;
return 301 https://$server_name$request_uri;
}
I have a web app developed in VisualAge Smalltalk that uses the ABTWSAC (Web Connect) to do CGI Handling.
In Apache, I simply AddHandler cgi-script .exe in mime module and Options -Indexes FollowSymLinks ExecCGI in Directory module.
(There is also a ISAPI handler that works in IIS).
How on earth do you do this in nginx? Nginx seems to always want a running service on a port or a 'unix' socket (which is clearly not support on windows).
All the googling shows that people assume cgi in nginx must be PHP. None of the examples or explinations tell me how to do what I want to do specifically.
As far as I know Nginx does not have native CGI support. It supports "only" fastCGI.
In my eyes you have four options:
1) Change from ABTWSAC (Web Connect) to seaside. Then use seaside with VisualAge Smalltalk. I would go with this guide
Copied from the link for later reference:
Our Bare Bones Nginx FastCGI Configuration
worker_processes 1;
events
{
worker_connections 1024;
}
http
{
include mime.types;
default_type application/octet-stream;
upstream seaside
{
server localhost:9001;
server localhost:9002;
server localhost:9003;
}
server
{
root /var/www/glass/;
location /
{
error_page 403 404 = #seaside;
}
location #seaside
{
include fastcgi_params;
fastcgi_pass seaside;
}
}
}
2) Reverse proxy to Seaside (again requiring switching from ABTWSAC (Web Connect)), for more see this link
3) Install Apache or lighthttpd, different port than ngnix, on the same server. You want to proxy cgi-bin folder via nginx. I know it kind of beats the purpose for having nginx only, but it is also a possible solution so I'm writing it here.
You can write to your nginx (running on 8888 port) configuration:
location /cgi-bin {
proxy_pass http://127.0.0.1:8888
}
4) As you already suggested running web server with native CGI support like your mentioned apache or lighthttpd.
Dusty,
If I remember correctly, you can also use Web Connect on Top of SST, which basically is just an in-image HTTP server.
So your Web server (nginx) only needs to act as an HTTP (Reverse) Proxy. It is not faster than fastCGI but requires only minimal changes to your Web Connect setup process in the image startup procedure...
I struggle with a problem to conf my nginx reverse proxy to work with gitlab.
Let's say that my gitlab server's IP is 192.168.0.2:8888 on my network. This server is not accessible throught internet. And my proxy is accessible by http://example.org
Due to somes reasons, I can't use subdomain, so I want to configure my proxy to access gitlab throught http://example.org/git.
My nginx proxy is working fine for my other needs and my gitlab server work great on local.
I try this config on my proxy :
...
location /git {
proxy_path http://192.168.0.2:8888;
proxy_set_header Host $host;
}
But when I go to http://example.org/git, I get redirect to http://example.org/users/sign-in. I lost the "git" folder in the url.
I try many thing in this config, adding a "/" at the end of the proxy_path, adding "rewrite ^/git(.*) /$1 break;", etc.
At best, I get the right redirect, http://example.org/git/users/sign-in, but all the resources lead to http://example.org/{resource}
I'm noob at nginx config so I don't know what to try now.
If someone can lead me to the right direction :)
Thx