"Proxy proxy"!

Igor Clark igor at pokelondon.com
Fri Sep 26 14:37:28 MSD 2008


We have a linux box hosted at an ISP which has been running various  
sites on Apache for some time. I'm in the process of porting the sites  
on it to nginx. At the moment I just have the default ('_') nginx  
server proxy_pass-ing everything to Apache on a local high port like so:

	server {
		listen			x.x.x.x:80;
		server_name	_	default;

		location / {
			proxy_set_header	Host                		$http_host;
			proxy_set_header	X-Real-Remote-IP	$remote_addr;
			proxy_set_header	X-Forwarded-For		$proxy_add_x_forwarded_for;

and I'm just implementing new specific server {} blocks identified  
with server_name for each site as I go. All the sites work fine, so  
far so good.

The Apache setup is configured to act as a forward proxy, restricted  
to our network and with basic auth, as we occasionally need to check  
how things look from outside our network, or to be able to look back  
at our network from outside.

I've added the local address in the Allow from list in the Apache  
proxy config, but I can't seem to get it to allow proxy requests for  
remote URLs; it just says 403. It allows proxy requests for sites  
hosted on that machine, but nothing else. I'm fairly sure the Apache  
config is otherwise good, as we've been using it like this for a while  
and it hasn't changed other than the new local Allow address.

Perhaps it's something to do with host-header mangling, or similar ...  
Is there a way to get this to work? I guess we could open port 8080 on  
the firewall so that we can access the Apache proxy directly, but I'm  
interested to know if there's another way.


More information about the nginx mailing list