Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

Francis Daly francis at daoine.org
Tue Jun 1 06:54:26 UTC 2021


On Sat, May 29, 2021 at 07:11:38PM +0530, Amila Gunathilaka wrote:

Hi there,

It sounds like you have the main part solved by changing the "health
check" request to be one that your port-9091 upstream is able to handle,
which is good.

> >As I understand it, the load balancer is making the request "OPTIONS /"
> >to nginx, and nginx is responding with a http 405, and you don't want
> >nginx to do that.
> 
> >What response do you want nginx to give to the request?
> 
> Yes you are absolutely right I wanted nginx to stop that 405 response and
> give the success response 200 or even 401 which I can confirm my proxy pass
> and basic auth is working.

After you decide what response you want nginx to give to the request,
you can configure nginx to do that.

In this case, if you want nginx to give a 401 if no valid credentials are
provided, then you want something like auth_basic; if you want nginx to
give a 200 if no valid credentials are provided, then you must not have
something like auth_basic.

> Also I think that 405 response is coming *from nginx itself *to the
> external load balancer because external load balancer directly
> communicating with the nginx (80) and also my upstream server (9091 port
> server)  is not a webapp it's just a binary file running inside docker
> container.

>From nginx's point of view, it does not matter what the upstream/back-end
service is; it matters that it responds correctly to http requests.

When I use a similar configuration to yours, I see the OPTIONS request
being sent to the upstream and getting a 405 from there.

> Anyway I thought to fix the OPTIONS method fix on the external load
> balancer itself ,  and I logged in to my external load balancer configs
> page and I changed the  HTTP health checks using OPTIONS into *GET *
> method.
> ANd yeah now 405 error gone.  But now I'm getting 401 responses , which
> should be the correct response since I'm using a basic auth in my
> nginx.conf file.  Below is my nginx.conf  FYI

Good stuff.

This says that, for any request starting with /metrics, nginx should
check for valid credentials or return 401; and then pass the request to
the upstream and return whatever it returns.

>         location /metrics {
>              proxy_pass http://127.0.0.1:9091/metrics;

One small thing: because the end of the "proxy_pass" directive is
exactly equal to the full "location" value, you could omit it from the
"proxy_pass"; that is, you could instead use

	proxy_pass http://127.0.0.1:9091;

but when what you have works, it works.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list