nginx is redirecting to wrong server context

Raman Meenakshisundaram raman.meenakshisundaram at insigniafinancial.com.au
Wed Nov 15 23:43:39 UTC 2023 

Hi
I am trying to download a docker image through nginx, and found that it is always redirecting to the first server configured in the nginx.conf file.

I am doing a podman pull "podman pull --tls-verify=false mcr.itt.aws.orpd.com.au/devcontainers/python:dev-3.9-buster" but it is wrongly going to docker-alice.itt.aws.oprd.com.au

We have setup route53 record in AWS already.

Below is the nginx.conf file content:
----------------------------------------------------------------------------------------------------------------------------------------

For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
#worker_processes auto;
worker_processes 4;
worker_rlimit_nofile 4096;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 4096;
}

http {

  proxy_send_timeout 120;
  proxy_read_timeout 300;
  proxy_connect_timeout 300;
  proxy_buffering    off;
  proxy_request_buffering off;
  # allow large uploads of files
  client_max_body_size 1G;
  keepalive_timeout  5 5;
  tcp_nodelay        on;

  map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
    '' 'registry/2.0';
  }

server {
   listen 443 ssl;
   listen 80;
   server_name docker-alice.itt.aws.oprd.com.au;

    ssl_certificate /etc/nginx/ssl/selfsigned_wildcard_san_cert.crt;
    ssl_certificate_key /etc/nginx/ssl/privatekey_selfsigned_wildcard_san.pem;

   # Docker /v2 and /v1 (for search) requests
   resolver 10.78.128.2:53 valid=300s ipv6=off;
   resolver_timeout 10s;

   location /v2 {
     proxy_set_header Host $host:$server_port;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto "https";
     set $backend "nexus.itt.aws.oprd.com.au";
     proxy_pass https://$backend/repository/proxy-to-nonprod-hosted$request_uri;
    #proxy_pass https://nexus.itt.aws.oprd.com.au/repository/proxy-to-nonprod-hosted/$request_uri;
   }
   location /v1 {
     proxy_set_header Host $host:$server_port;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto "https";
     set $backend "nexus.itt.aws.orpd.com.au";
     proxy_pass https://$backend/repository/proxy-to-nonprod-hosted$request_uri;
    #proxy_pass https://nexus.itt.aws.oprd.com.au/repository/proxy-to-nonprod-hosted/$request_uri;
   }
   location / {
     proxy_set_header Host $host:$server_port;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto "https";
     set $backend "nexus.itt.aws.oprd.com.au";
     proxy_pass https://$backend/;
    #proxy_pass https://nexus.itt.aws.oprd.com.au/;
   }
}
server {
   listen 443 ssl;
   listen 80;
   server_name mcr.itt.aws.oprd.com.au;

    ssl_certificate /etc/nginx/ssl/selfsigned_wildcard_san_cert.crt;
    ssl_certificate_key /etc/nginx/ssl/privatekey_selfsigned_wildcard_san.pem;

   # Docker /v2 and /v1 (for search) requests
   resolver 10.78.128.2:53 valid=300s ipv6=off;
   resolver_timeout 10s;

   location /v2 {
     proxy_set_header Host $host:$server_port;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto "https";
     set $backend "nexus.itt.aws.oprd.com.au";
     proxy_pass https://$backend/repository/mcr-proxy$request_uri;
   }
   location /v1 {
     proxy_set_header Host $host:$server_port;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto "https";
     set $backend "nexus.itt.aws.orpd.com.au";
     proxy_pass https://$backend/repository/mcr-proxy$request_uri;
   }
   location / {
     proxy_set_header Host $host:$server_port;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto "https";
     set $backend "nexus.itt.aws.oprd.com.au";
    proxy_pass https://$backend/;
    #proxy_pass https://nexus.itt.aws.oprd.com.au/;
   }
}
}

*******************************************************************************************
We acknowledge the traditional custodians of the land on which we meet, work
and live. We pay our respects to the ancestors and Elders, past and present.

The information in this email and any attachments may contain confidential, privileged
or copyright material belonging to us, related entities or third parties. If you are not
the intended recipient you are prohibited from disclosing this information. If you
have received this email in error, please contact the sender immediately by return
email or phone and delete it. We apologise for any inconvenience caused. We use
security software but do not guarantee this email is free from viruses. You assume
responsibility for any consequences arising from the use of this email. This email
may contain personal views of the sender not authorised by us.
*******************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20231115/d434c37d/attachment.htm>

More information about the nginx mailing list