I have my frontend server running nginx. The backend is on another machine on the same VPN. This is its config:
server {
listen 80;
server_name *.vpn.domain.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect http://10.8.25.102:8100/ http://$server_name/;
}
}
I would like to pass a different host to the backend... I'd like the backend to receive, for requests done tosubdomain.vpn.domain.com the host subdomain.local.domain.com
Is there any way to do this? I'm looking for a regexp substitution (or even a substring substitution) but I'm having surprisingly little success... I thought it would be a piece of cake. I think the solution would be in the lines of
server {
listen 80;
server_name *.vpn.domain.com;
set $my_host $http_host;
replace $my_host .vpn. .local.
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $my_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect http://10.8.25.102:8100/ http://$server_name/;
}
}
It's just that I haven't found yet the proper syntax for replace $my_host .vpn. .local. I don't really care about multiple substitutions... I won't have a.vpn.a.vpn.domain.com
I finally figured it out, I can do
if ($http_host ~ ^(.*)\.vpn\.(.*)$) {
set $my_host $1.local.$2;
}
And then, as there're CSRF validations in place, I also need to rewrite the Referer... so this is how it ended up looking
server {
listen 80;
server_name *.vpn.domain.com;
set $my_host $http_host;
if ($http_host ~ ^(.*)\.vpn\.(.*)$) {
set $my_host $1.local.$2;
}
set $referer $http_referer;
set $referer_host no;
if ($http_referer ~ ^(https?://)([^/]+)(/.*)$) {
set $referer_host $2;
set $rewritten_referer $1$my_host$3;
}
if ($referer_host = $http_host) {
set $referer $rewritten_referer;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $my_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Referer $referer;
proxy_set_header IS_SECURE no;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect https://$my_host/ https://$http_host/;
proxy_redirect http://$my_host/ http://$http_host/;
}
}
Related
I have a problem with connecting my fronted(react/Axios) to backend(Django) data hosted on VPS using Nginx and docker. The problem is weird because I can connect to API by Postman. The issue appears when I try to get data from my frontend(localhost:3000) or from netlify app.
There is Nginx code:
upstream 127.0.0.1 {
server django_gunicorn:8000;
}
server {
listen 80;
location / {
proxy_pass http://127.0.0.1;
}
location /ws {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /static/ {
alias /static/;
}
location /media/ {
alias /code/media/;
}
}
EDIT:
I changed my server name to django_api and i added three more lines in location /, afterwards everything works.
upstream django_api {
server django_gunicorn:8000;
}
server {
listen 80;
location / {
proxy_pass http://django_api;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /ws {
proxy_pass http://django_api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
I have an issue into the configuration of my nginx proxy.
I just try to use regex has it is defined here: https://underthehood.meltwater.com/blog/2017/12/12/lightweight-tests-for-your-nginx-api-gateway/
But nothing works. My server won't start if it is any regex into the path.
I tried:
location ~ ^/tesla/(?<id>.*)$ {
proxy_pass http://localhost:8081/;
proxy_set_header Host $host;
}
or
location ~ ^/tesla/test/ {
proxy_pass http://localhost:8081/;
proxy_set_header Host $host;
}
or
location ~* ^/tesla/test/ {
proxy_pass http://localhost:8081/;
proxy_set_header Host $host;
}
Nothing work. My final aim is to extract a value from the url and do the following thing:
location ~* ^/(<version>.*)/test/ {
proxy_pass http://localhost:8081/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Prefix $version;
}
UPDATE (SOLVED)
I finally succeed thanks to Richard.
Here is the complete code:
location ~* ^/api/(?<version>.*)/(?<service>.*)(/.*/.*)$ {
proxy_pass http://$service.localnetwork:8080$3;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Prefix /api/$version/$service;
proxy_set_header msvc_name $service;
proxy_set_header msvc_version $version;
}
You can't use a proxy_pass with a static URI within a regular expression location block, it will throw an error - see your Nginx error log. See this document for details.
However, you can construct the URI to send upstream by appending variables to the proxy_pass statement. In your case, you could capture the remainder of the URI in the same regular expression.
For example:
location ~* ^/([^/]+)/test(/.*)$ {
proxy_pass http://localhost:8081$2;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Prefix $1;
}
I'm using AWS kibana to search and view the logs that Logstash has indexed. Right now i'm using the default URL from AWS and is only restricted to my IP address. I need to proxy_pass it through nginx, i tried to follow this doc: https://sysadmins.co.za/aws-access-kibana-5-behind-elb-via-nginx-reverse-proxy-on-custom-dns/
But kibana is not loading. I'm getting the following error:
Kibana: Not Found
Error: Not Found
at respond (http://IP/index.js?_b=7562:85344:15)
at checkRespForFailure (http://IP/index.js?_b=7562:85312:7)
at http://IP/index.js?_b=7562:83950:7
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at http://IP/index.js?_b=7562:21035:76
at Scope.$eval (http://IP/index.js?_b=7562:22022:28)
at Scope.$digest (http://IP/index.js?_b=7562:21834:31)
at Scope.$apply (http://IP/index.js?_b=7562:22126:24)
Adding Nignx conf:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name kibana.mydomain.com;
# for elb health checks
location /status {
root /usr/share/nginx/html/ ;
}
location / {
proxy_set_header Host search-aws-es.eu-west-1.es.amazonaws.com;
proxy_set_header X-Real-IP <public-ip-for-instance>;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/;
proxy_redirect https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/ http://<public-ip-for-instance>/kibana/;
}
location ~ (/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
proxy_pass http://search-aws-es.eu-west-1.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
}
On your last location block, add /_plugin/kibana, that fixed it for me.
My working setup (with a VPC based ES but that shouldn't change much as long as you authorize the IP of your proxy within the ES access policy):
server {
listen 80;
server_name kibana.mydomain.com
location / {
proxy_http_version 1.1;
# proxy_set_header Host https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com/_plugin/kibana/;
}
location ~ (/_plugin/kibana|/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
proxy_pass https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Authorization "";
}
}
I'm trying to set up a project using django, gunicorn and nginx and I'm having trouble with the nginx configuration. More precisely when I use try_files.
If I use if (!-f $request_filename) {...} everything works fine but if use
try_files ... Django generates the exception:
Invalid HTTP_HOST header: 'myproject_server'. The domain name provided is not valid according to RFC 1034/1035.
Once everything works using the if ... I assume that the other settings
(gunicorn etc) are correct.
The configuration files I'm using are:
/home/myproject/myproject/settings.py (django)
...
ALLOWED_HOSTS = [192.168.200.100, ]
...
/etc/nginx/sites-available/myproject (this one WORKS)
upstream myproject_server {
unix server:/home/myproject/run/gunicorn.sock fail_timeout = 0;
}
server {
listen 80;
server_name 192.168.200.100;
root /home/myproject;
location /media/ {}
location /static/ {}
location / {
proxy_set_header Host $HTTP_HOST;
proxy_set_header X-Real-IP $REMOTE_ADDR;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
if (!-f $request_filename) {
proxy_pass http://myproject_server;
break;
}
}
}
/etc/nginx/sites-available/myproject (this one DOES NOT WORK)
upstream myproject_server {
unix server: /home/myproject/run/gunicorn.sock fail_timeout = 0;
}
server {
listen 80;
server_name 192.168.200.100;
root /home/myproject;
location /media/ {}
location /static/ {}
location / {
proxy_set_header Host $HTTP_HOST;
proxy_set_header X-Real-IP $REMOTE_ADDR;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri #myproject_backend;
}
location #myproject_backend {
proxy_pass $scheme://myproject_server;
}
}
What am I doing wrong?
Thanks in advance any help.
PS: English is not my native language so I apologize for the (many) errors.
proxy_set_header should be in the same location as proxy_pass.
location / {
try_files $uri #myproject_backend;
}
location #myproject_backend {
proxy_set_header Host $HTTP_HOST;
proxy_set_header X-Real-IP $REMOTE_ADDR;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://myproject_server;
}
I've an Nginx 1.6.2, working as proxy. The backend HTTP server is an Apache.
I'ld like to control the number of connections certain URL, in some vhosts. The exact "location" form is works, but if I pass a regex to "location", it doesn't.
server {
listen 80;
server_name www.myhost.com;
location ~* ^/.*ABCD_promo.*$ {
limit_req zone=one burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://vm-apache4;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://vm-apache4;
}
}
In nginx.conf, I've this directive:
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
before the config part(s) above.
When I change the "location ~* ^/.*ABCD..." to "location /ABCD_promo", then it works. What em I misses?