I'm stucking with configuring a Nginx instance embedded in a Docker container which should implement a dynamic reverse proxy for not-enabled CORS web sites.
I was expecting it was an easy task, but it doesn't work under some conditions. This is a working location block:
location ~* ^/proxy/(.*) {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
proxy_pass https://google.com;
}
This configuration works. The google page appears. So it seems Docker is able to resolve google name.
This configuration (which I'm more interested to) doesn't work:
location ~* ^/proxy/(.*) {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
proxy_pass http://$1$is_args$args;
}
It seems that Docker is not able to resolve the name extracted by the first regex group.
If I add in the location block the resolver directive it starts working.
location ~* ^/proxy/(.*) {
resolver 192.168.31.2;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
proxy_pass http://$1$is_args$args;
}
So, where's the difference? Why the resolver directive is needed? Why in the first case (if the proxy path name is hardcoded) everything's working while not in the other case? Is the host resolv.conf file should be used inside the container itself?
I also tried to create the container passing the --dns option but still not working.
Ideas?
Thanks,
Fb
Nginx try to resolve domain_name with upstream directive: if it fail it will try to use resolver to solve your name as DNS. So, in the end, you need to set resolver directive.
Related
I have set up a gitlab container and nginx for proxy_pass but not working.
For example, I type example.com/gitlab, it can proxy_pass to 8086 port.
It can successful to display login page with out photo and the button is not working.
I find that if I add back the port number, it is work normally http://example.com:8086/projects/new
But proxy_pass address is http://example.com/projects/new, it cannot find the file and display 404.
location /gitlab {
proxy_pass http://example.com:8086;
}
how can I handle this case?
http://example.com/projects/new
http://example.com:8086/projects/new
Pass the GITLAB_HOST env in to container
docker run -e GITLAB_HOST=http://example.com/gitlab ....
and pass the request header and proxy port to the proxy server in nginx config
location /gitlab {
proxy_pass http://example.com:8086;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
i have a webapplication running in a docker container behind nginx reverse proxy on the same container network.
the nginx is set up so that foo.bar/app redirect to the container but application seems to try load resources from foo.bar/. i have tried to do what is documented here:https://www.nginx.com/resources/wiki/start/topics/examples/likeapache/
as a result my location block looked like this:
location /app {
root /app;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://webapp/;
}
where webapp is the name of the webapp's docker container in the network
for the location block this is fine
location /app {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://webapp/;
}
the trick is to access with a trailing slash so with foo.bar/app/ rather than with foo.bar/app
additionally adding this line will add the trailing slash automagically:
rewrite ^([^.]*[^/])$ $1/ permanent
I am running Nexus3 in a docker container on a server that also uses nginx reverse-proxy. The problem is that when try to access to nexus repository from a browser, I am getting a broken page that has many console errors. Here's what I see:
After looking at the network tab, I noticed that my server is not setting the proper content-type for my requests. This is an example of a request to a js file:
Does anyone know what this could be? This is what my nginx.conf looks like:
server {
listen 443 ssl http2;
ssl_certificate /etc/ssl/confidential.com/fullchain.cer;
ssl_certificate_key /etc/ssl/confidential.com/*.confidential.com.key;
server_name confidential.com;
location /test {
proxy_pass http://nexus:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
You have:
location /test {
proxy_pass http://nexus:8081/;
The context path of Nexus needs to match the context path served through the reverse proxy. Edit $workdir/etc/nexus.properties and set "nexus-context-path=/test". And change the proxy_pass to be "proxy_pass http://nexus:8081/test".
We're running grafana and nginx in docker swarm, and proxying the url /foobar/ to the swarm instance of grafana. Using this guide, this works with the following config:
# nginx config
server {
resolver 127.0.0.11 valid=30s;
...
location /foobar/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://grafana:3000/;
proxy_next_upstream error timeout http_502;
}
}
# docker-compose
grafana:
image: ${REGISTRY}foo/grafana:${IMAGE_VERSION}
networks:
- foo
volumes:
- grafana:/var/lib/grafana
environment:
- GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s:%(http_port)s/foobar/
However, this causes nginx to die on startup if the grafana service is not available. So to resolve this, we use a variable for the proxy_pass directive and change it to this:
server {
resolver 127.0.0.11 valid=30s;
...
location /foobar/ {
set $grafana http://grafana:3000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass $grafana/;
# proxy_pass http://grafana:3000/;
proxy_next_upstream error timeout http_502;
}
}
However, this causes grafana to reject the request somehow. I can verify that grafana is actually receiving the request (using GF_SERVER_ROUTER_LOGGING=true), and it claims the status is 200 ok, however the only thing I see on the page is
If you're seeing this Grafana has failed to load its application files
1. This could be caused by your reverse proxy settings.
2. If you host grafana under subpath make sure your grafana.ini root_path setting includes subpath
3. If you have a local dev build make sure you build frontend using: npm run dev, npm run watch, or npm run build
4. Sometimes restarting grafana-server can help
Why does grafana behave like this, and how can I set up the proxy pass such that nginx can start up without trying to resolve the grafana URL if it happens to be down?
When using variables complete URL is your responsibility in a proxy pass
location /foobar/ {
set $grafana http://grafana:3000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass $grafana$request_uri;
# proxy_pass http://grafana:3000/;
proxy_next_upstream error timeout http_502;
}
In case the base path is different then you will need to use regular expression to send part of the path
location ~ /foobar/(.*) {
set $grafana http://grafana:3000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass $grafana/$1;
proxy_next_upstream error timeout http_502;
}
This answer: https://stackoverflow.com/a/10469032/3958875 indicates that the ~/ in urls will be set to the actual root of the application if the application is in a virtual directory.
However, I can't seem to find how I can set this path/value.
For example, I have the app behind nginx reverse proxy, so that the root of the app is here: www.mywebsite.com/app1/
Therefore I want all ~/ to be expanded to app1/. How can I accomplish this?
I tried app.UsePathBase("/app1"); in the Configure method in Startup.cs, which didn't seem to do anything.
My nginx config is like:
server {
server_name: apps.mywebsite.com
location / {
...
}
location /app1/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5000/;
}
#Https stuff ...
}
Am I missing something that I can pass to asp.net from nginx?
~ will expand to the content root. That is the effectively the path base that is configured for an incoming request.
What app.UsePathBase() does is tell the application that when the incoming request starts with the specified prefix, then that will be used as the path base. So in your case, when the incoming request starts with /app1, then /app1 will be the path base, and ~ will be expanded to /app1.
If you look at your reverse proxy configuration, you can see however that the path /app1 is not actually passed to the application:
location /app1/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5000/;
}
So when you access the page at /app1/foo, the request path that gets passed to the application will be just /foo. So the /app1 path base isn’t seen by the application and it won’t be able to respond appropriately.
What you need to do instead is actually pass the full path to the application. You then use app.UsePathBase() to configure that path base so that it gets interpreted correctly:
location /app1/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5000/app1/;
}
app.UsePathBase("/app1");
Now, incoming requests at /app1/foo will translate to the same path within your application, the /app1 path base will be used and ~ should expand properly to /app1.
Turns out the error is indeed in my nginx configuration.
By following the documentation on asp and nginx here: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-2.2
I changed my nginx config to:
...
location /app1/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
...
And ~ expanded properly.