I have a docker network running with this configuration (from docker-compose.yaml):
networks:
network:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.28.1.0/24
(My network is named network)
I have an Angular frontend running in a container on this network (172.28.1.4). The frontend web server is an nginx server.
From the web server I would like calls to various backends (authentication and database) to go directly to these servers without exposing them to the outside world.
I.e to authenticate a user, something like this: httpClient.post('172.28.1.5:8080/_user/login', credentials)
I believe this should be done in the nginx configuration, but I am pretty clueless on how to allow access to 172.28.1.5 from nginx without exposing 172.28.1.5
The servers are visible to each other seen from a Docker perspective
I have tried using a reverse proxy and that works, but I cannot block access to the location from external ips
location ~/_user(/.*)*/?$ {
proxy_pass http://auth_server:8080; //auth_server points to 172.28.1.5
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
The proxy setup. I have changed the names of the servers to clarify their role in the network.
The frontend can call the database_server like this:
http://external.ip.address:443/_api/any_path
Unfortunately, so can anyone else :)
server {
listen 443;
server_name localhost;
location ~/_user(/.*)*/?$ {
proxy_pass http://authentication_server:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location ~/_api(/.*)*/?$ {
proxy_pass http://database_server:80;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location ~/ {
proxy_pass http://ui_frontend_server:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
My docker setup makes this possible as it maps the name "authentication_server" with 172.28.1.3
authentication_server_service:
container_name: authentication_server
build: ../authentication_server/
image: authentication_server_image:latest
networks:
network:
ipv4_address: 172.28.1.3
Related
I'm having issue allowing Cypress to test other routes besides "/" within CI builder.
I've come across this repo where core developer demoed how to run spec tests when services are created and managed using docker-compose.
Unfortunately the repo isn't demoing how can I get Cypress to test other routes. I'm getting 200 on "/" but getting 404 on others.
cypress.json:
{
1 "baseUrl": "http://nginx:80",
2 "video": false
3 }
docker-compose.yml:
services:
...
...
nginx:
build:
context: ./services/nginx
dockerfile: Dockerfile
restart: always
ports:
- 80:80
depends_on:
- users
- client
Root route gives 200 but all other throw 404:
CypressError: `cy.visit()` failed trying to load:
http://nginx:80/register
The response we received from your web server was:
> 404: Not Found
nginx.conf file:
server {
listen 80;
location / {
proxy_pass http://client:3000;
proxy_http_version 1.1;
proxy_redirect default;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /users {
proxy_pass http://users:5000;
proxy_http_version 1.1;
proxy_redirect default;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /auth {
proxy_pass http://users:5000;
proxy_http_version 1.1;
proxy_redirect default;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
I have an application with two github repos one for react and one for rails app. Requirement is all the routes should go to Rails server except routes starting with /catalog should go to to React app. Rails app server will communicate with React Server internally. SSL is configured on Nginx level.
I have created 3 different apps in heroku :
Rails server app
React server app
Web Server(Nginx)
My nginx server config looks like :
upstream rails {
server $HEROKU_APP_rails_URL;
}
upstream react {
server $HEROKU_APP_react_URL;
}
server {
listen $PORT;
server_name *.xyz.com;
# large_client_header_buffers 4 32k;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rails;
}
location /catalog {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://react;
}
}
with above config I am getting HTTP 400 error on Nginx and it is not able to redirect the request. Please let me know what am i doing wrong.
Finally managed to solve this issue.. My nginx config looks like
upstream upstream_app_a {
server app_a.herokuapp.com:443;
}
upstream upstream_app_b {
server app_b.herokuapp.com:443;
}
server {
listen $PORT;
location / {
set $upstream upstream_app_a;
proxy_pass https://$upstream;
proxy_ssl_name app_a.herokuapp.com;
proxy_set_header x-forwarded-host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host app_a.herokuapp.com;
}
location /static {
set $upstream upstream_app_b;
proxy_pass https://$upstream/static;
proxy_set_header Host app_b.herokuapp.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /product_catalog {
set $upstream upstream_app_b;
proxy_pass https://$upstream;
proxy_ssl_name app_b.herokuapp.com;
proxy_set_header x-forwarded-host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host app_b.herokuapp.com;
}
}
Please make sure you set correct value for header
proxy_set_header Host app_a.herokuapp.com
We managed to solve this issue by referring to article
I have a container running, and the exposed port is 8080.
I'm using nginx to proxy pass to the docker container. However I can't get the js/css etc files to be served up. Below is some of the nginx config, and the request is coming in (according to the debug log on nginx) as /auth/resources/7.0.0/admin/keycloak/js/authz/authz-services.js?
They are coming up with a 404. The config is:
listen 80 default_server;
listen [::]:80 default_server;
location /keycloak/ {
# proxy header
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host example.com/keycloak ;
rewrite /keycloak/(.*) /$1 break;
proxy_pass http://127.0.0.1:8080/;
}
location /auth/ {
# proxy header
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^\/(.*) /$1 break;
proxy_pass http://127.0.0.1:8080/;
}
I have a simple application with two separated containers: one to the backend (api-container) and other to the frontend (front-container).
I`d like to configure ngnix to redirect all requests from domain api.myurl.com to backend container and all requests from myurl.com to the frontend container.
To do that I configured the ngnix, as showed below:
server {
listen 80;
server_name myurl.com;
location / {
resolver 127.0.0.11;
proxy_pass http://front-container:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name api.myurl.com;
location / {
resolver 127.0.0.11;
proxy_pass http://api-container:3010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Everything works almost fine. When I access http://myurl.com everything is ok but when access another route like http://myurl.com/other the ngnix returns 404 error. This route works like a charm without ngnix.
What is wrong in my configuration?
Important: ngninx is running also in a container in the same network to other containers.
I have following server structure:
first nginx, that redirects all requests to nginx in docker container. I want it just to handle https and proxy requests to nginx that cant handle https
Full config
Related config (nginx-recommended-proxy-headers here) (I just tried every header that could help, didn't work):
location / {
proxy_pass http://127.0.0.1:23000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Protocol https;
proxy_set_header X-Url-Scheme https;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_pass_header Set-Cookie;
proxy_buffering off;
proxy_ssl_session_reuse off;
include /nix/store/avmqrlsy7dfh6bz1r6yzw3wvrvb0wzf1-nginx-recommended-proxy-headers.conf;
}
nginx in docker container. It glues rails server and responsivefilemanager. It exists to allow tesing of both server and filemanager, but does not handle https.
Docker-compose
nginx:
stdin_open: true
tty: true
extends:
file: chunks/nginx.yml
service: nginx
build:
args:
- NGINX_CACHE=on
ports:
- 23000:80
env_file:
- ./envs/filemanager-static-path.env
- ./envs/carrierwave-dirs.env
environment:
- BACKEND_URL=http://be:3000
- FILEMANAGER_URL=http://filemanager:80
volumes:
- filemanager_upload_data:/filemanager_upload_dir
- carrierwave_public_upload_data:/public_upload
- carrierwave_cache_data:/carrierwave_cache_dir
- ${SOURCE_DIR:-..}:/public
depends_on:
- be
- filemanager
Full config
Related config
location / {
proxy_pass $BACKEND_URL;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_buffering off;
proxy_ssl_session_reuse off;
}
rails server, just rails server, default prod config
And with this config I have ActionController::InvalidAuthenticityToken issue.
Please help me. How this should work? What rails is expecting? https worked with this config when I had only 1 nginx and backend.
I've updated nixpkgs and issue disappeared