Nginx rewrites URL

Francis Daly francis at daoine.org
Sat Jan 20 14:16:53 UTC 2018 

On Thu, Jan 18, 2018 at 01:01:44PM -0500, P lva wrote:

Hi there,

> I'm trying to get nginx server configured as a reverse proxy serving
> requests to few application servers upstream.
> 
> Server {
> server_name app1.company.domain.com;
> listen 80;
> 
> location / {
>     proxy_pass http://appserver1:app1port/;

I think it is unrelated; but you might be happier with that final "/"
not being there.

>     proxy_pass_request_body on;
>     proxy_intercept_errors on;
>     error_page 301 302 307 = @handle_redirect;

I think this bit is related: why have it? In general, you want the
redirect-response to get to the client, so that the client can make the
correct next request directly.

The thing you want to arrange, though, is that the Location: in the
response refers to a Host: that the client can access, and that is "this
nginx server".

You might be able to arrange that by using

  proxy_set_header Host $server_name;

and/or some version of proxy_redirect, perhaps like

  proxy_redirect http://appserver1:app1port/ /;

See

  http://nginx.org/r/proxy_set_header
  http://nginx.org/r/proxy_redirect

for details.

> 1) This doesn't work with the firewalls. I can get to it only if I open
> appserver1 to accept everyone on that app1port. I tried replacing the
> headers but none of them work.

If you can show the specific example config that you used, and what
result you got, that might be useful.

(If the above suggestions work, then this part is unnecessary, of course.)

> 2) This configuration works when I turn off the firewall, but the address
> in the address bar gets rewritten to http://appserver1:app1port which is a
> a dealbreaker as we definitely don't want to have the upstream server
> appear in the address bar.

The client should never see http://appserver1:app1port. nginx should
(be configured to) edit it from http response headers before sending to
the client; but the app server should (be configured to) make sure that
it never appears in the http response body.

> Also these servers (nginx server and the upstream app server) aren't
> connected to the same DNS as the client. So neither of these servers can
> resolve app1.company.domain.com

That should not matter.

> I'm not sure where the problem lies, and would really appreciate any
> pointers.

If you can see one request from the client to nginx, the matching request
from nginx to upstream, and the two responses, you should be able to see
where "http://appserver1:app1port" is introduced into the response. That's
the place to look to make the change.

	f
-- 
Francis Daly        francis at daoine.org

More information about the nginx mailing list