Reverse proxy configuration help

jims nginx-forum at nginx.us
Mon Feb 18 15:06:18 UTC 2013


I am new to nginx, it being recommended to solve a problem.

The problem:  I have a VPS hosting a website and an application server in my
DMZ.  I have a test and prod version of each.  I want both DMZ'ed servers
reverse-proxied such that requests where the referrer is the test web server
always go to the test app server and requests where the referrer is anything
but the test web server always go to the production app server.

The app servers can only be accessed over https, and the proxy will
eventually but not quite yet.

Question:  What is the best way to accomplish this?  I am trying to use two
different registered host names which are registered to the secondary IP on
the VPS, as the proxied names for the app servers, but that's not working
too well.  I wonder if it would be better to have a single server name for
the proxy with the two proxied servers selected based on referrer, rather
than trying to redirect to another server name, with one server name
servicing one proxied server and the other, the other proxied server.

Regardless, I can't seem to get past the connection to the backend server. 
I keep getting a 110 connection failure.  I have tried several
configurations but none seem to work.

The problem I'm running into may be related to use of the valid_referers
directive.  It doesn't seem to do what I need, which is to use one back-end
for requests referred from one web server host but use the other for all
other requests.

If I have two server directives with the same IP but two different server
names, it seems I can't have two location directives, one within each server
name.  If I could get that to work, it seems to me it should allow me to
redirect to the default app server using the valid_referers directive within
the referrer-specific app server's server directive, but that doesn't seem
to work the way I expect, either.

I don't have a config file to post because it has gone through a dozen
iterations already, none of which have been saved.   A generic example of
one that doesn't work would be :

server {
   listen 10.10.10.10:80;
   server_name  devappxy.mydomain.com;
   valid_referers  devweb.mydomain.com;
     if ($invalid_referer) {
        return   301  http://apppxy.mydomain.com$request_uri;
      }
  proxy_bind 10.10.10.10;
  access_log /var/log/nginx/devpxyaccess.log main;
  error_log /var/log/nginx/devpxyerror.log debug;
  location / {
      proxy_pass https://devapp.mydomain.com;
      proxy_redirect https://devapp.mydomain.com / ;
   }
}
server {
  listen 10.10.10.10:80 ;
  server_name apppxy.mydomain.com ;
  proxy_bind 10.10.10.10 ;
  access_log /var/log/nginx/pxyaccess.log main ;
  error_log /var/log/nginx/pxyerror.log debug ;
  location / {
      proxy_pass https://prodapp.mydomain.com ;
      proxy_redirect https://prodapp.mydomain.com / ;
  }
}

When I do that it says "location" directive isn't allowed here...

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,236278,236278#msg-236278



More information about the nginx mailing list