<div dir="auto">Hello</div><div dir="auto"><br></div><div dir="auto">> <span style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)">and found that it is always redirecting to the first server configured in the nginx.conf file.</span><div><br></div></div><div dir="auto">This is expected behaviour when you have not defined a default_server or you are not sending the appropriate host header in your request (you are not confirming how things are set in the http client you are using).</div><div dir="auto"><br></div><div dir="auto">The default behaviour is defined here:</div><div dir="auto"><div dir="auto"><span style="font-family:"Google Sans",Roboto,"Helvetica Neue",Arial,sans-serif;font-size:20px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important;color:rgb(31,31,31)"><div style="font-family:"Google Sans",Roboto,"Helvetica Neue",Arial,sans-serif"><a href="https://nginx.org/en/docs/http/request_processing.html">https://nginx.org/en/docs/http/request_processing.html</a></div><div style="font-family:"Google Sans",Roboto,"Helvetica Neue",Arial,sans-serif" dir="auto">> <span style="font-family:sans-serif;font-size:medium;text-align:justify;float:none;display:inline!important;color:rgb(0,0,0)">In this configuration nginx tests only the request’s header field “Host” to determine which server the request should be routed to. If its value does not match any server name, or the request does not contain this header field at all, then nginx will route the request to the default server for this port. In the configuration above, the default server is the first one — which is nginx’s standard default behaviour. It can also be set explicitly which server should be default, with the </span><code style="text-align:justify;font-family:monospace;color:rgb(0,0,0)">default_server</code><span style="font-family:sans-serif;font-size:medium;text-align:justify;float:none;display:inline!important;color:rgb(0,0,0)"> parameter in the </span><a href="https://nginx.org/en/docs/http/ngx_http_core_module.html#listen" style="font-family:sans-serif;text-align:justify">listen</a><span style="font-family:sans-serif;font-size:medium;text-align:justify;float:none;display:inline!important;color:rgb(0,0,0)"> directive.</span></div></span></div><div dir="auto"><span style="font-family:"Google Sans",Roboto,"Helvetica Neue",Arial,sans-serif;font-size:20px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important;color:rgb(31,31,31)"><br></span></div><div dir="auto"><br></div><br></div><div dir="auto">I am assuming you want the default to be: </div><div dir="auto"><div><a href="http://mcr.itt.aws.oprd.com.au" target="_blank" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgba(0,0,0,0);border-color:rgb(66,133,244);color:rgb(66,133,244)">mcr.itt.aws.oprd.com.au</a></div><br></div><div dir="auto"><br></div><div dir="auto">thus change the listen parameters on its server block:</div><div dir="auto"><div><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)">server {<u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u><u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u></p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)" dir="auto"> listen 443 ssl default_server;<u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u><u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u></p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)" dir="auto"> listen 80 default_server;<u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u></p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"> server_name<span class="Apple-converted-space" style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"> </span><a href="http://mcr.itt.aws.oprd.com.au" target="_blank" style="background-color:rgba(0,0,0,0);border-color:rgb(66,133,244);color:rgb(66,133,244)">mcr.itt.aws.oprd.com.au</a>;</p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)" dir="auto">…</p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)" dir="auto"><Rest of your config></p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)" dir="auto">}</p><br class="Apple-interchange-newline"></div>Cheers</div><div dir="auto">J</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 15 Nov 2023 at 23:44, Raman Meenakshisundaram via nginx <<a href="mailto:nginx@nginx.org">nginx@nginx.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">
<div lang="EN-AU" link="#0563C1" vlink="#954F72" style="overflow-wrap: break-word;">
<div class="m_1329475687128052385WordSection1">
<p class="MsoNormal">Hi<u></u><u></u></p>
<p class="MsoNormal">I am trying to download a docker image through nginx, and found that it is always redirecting to the first server configured in the nginx.conf file.
<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I am doing a podman pull "podman pull --tls-verify=false <a href="http://mcr.itt.aws.orpd.com.au/devcontainers/python:dev-3.9-buster" target="_blank">mcr.itt.aws.orpd.com.au/devcontainers/python:dev-3.9-buster</a>" but it is wrongly going to <a href="http://docker-alice.itt.aws.oprd.com.au" target="_blank">docker-alice.itt.aws.oprd.com.au</a><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">We have setup route53 record in AWS already. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Below is the nginx.conf file content:<u></u><u></u></p>
<p class="MsoNormal">----------------------------------------------------------------------------------------------------------------------------------------<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">For more information on configuration, see:<u></u><u></u></p>
<p class="MsoNormal"># * Official English Documentation: <a href="http://nginx.org/en/docs/" target="_blank">
http://nginx.org/en/docs/</a><u></u><u></u></p>
<p class="MsoNormal"># * Official Russian Documentation: <a href="http://nginx.org/ru/docs/" target="_blank">
http://nginx.org/ru/docs/</a><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">user nginx;<u></u><u></u></p>
<p class="MsoNormal">#worker_processes auto;<u></u><u></u></p>
<p class="MsoNormal">worker_processes 4;<u></u><u></u></p>
<p class="MsoNormal">worker_rlimit_nofile 4096;<u></u><u></u></p>
<p class="MsoNormal">error_log /var/log/nginx/error.log;<u></u><u></u></p>
<p class="MsoNormal">pid /run/nginx.pid;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"># Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.<u></u><u></u></p>
<p class="MsoNormal">include /usr/share/nginx/modules/*.conf;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">events {<u></u><u></u></p>
<p class="MsoNormal"> worker_connections 4096;<u></u><u></u></p>
<p class="MsoNormal">}<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">http {<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> proxy_send_timeout 120;<u></u><u></u></p>
<p class="MsoNormal"> proxy_read_timeout 300;<u></u><u></u></p>
<p class="MsoNormal"> proxy_connect_timeout 300;<u></u><u></u></p>
<p class="MsoNormal"> proxy_buffering off;<u></u><u></u></p>
<p class="MsoNormal"> proxy_request_buffering off;<u></u><u></u></p>
<p class="MsoNormal"> # allow large uploads of files<u></u><u></u></p>
<p class="MsoNormal"> client_max_body_size 1G;<u></u><u></u></p>
<p class="MsoNormal"> keepalive_timeout 5 5;<u></u><u></u></p>
<p class="MsoNormal"> tcp_nodelay on;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {<u></u><u></u></p>
<p class="MsoNormal"> '' 'registry/2.0';<u></u><u></u></p>
<p class="MsoNormal"> }<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">server {<u></u><u></u></p>
<p class="MsoNormal"> listen 443 ssl;<u></u><u></u></p>
<p class="MsoNormal"> listen 80;<u></u><u></u></p>
<p class="MsoNormal"> server_name <a href="http://docker-alice.itt.aws.oprd.com.au" target="_blank">docker-alice.itt.aws.oprd.com.au</a>;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> ssl_certificate /etc/nginx/ssl/selfsigned_wildcard_san_cert.crt;<u></u><u></u></p>
<p class="MsoNormal"> ssl_certificate_key /etc/nginx/ssl/privatekey_selfsigned_wildcard_san.pem;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> # Docker /v2 and /v1 (for search) requests<u></u><u></u></p>
<p class="MsoNormal"> resolver <a href="http://10.78.128.2:53" target="_blank">10.78.128.2:53</a> valid=300s ipv6=off;<u></u><u></u></p>
<p class="MsoNormal"> resolver_timeout 10s;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> location /v2 {<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header Host $host:$server_port;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Real-IP $remote_addr;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-Proto "https";<u></u><u></u></p>
<p class="MsoNormal"> set $backend "<a href="http://nexus.itt.aws.oprd.com.au" target="_blank">nexus.itt.aws.oprd.com.au</a>";<u></u><u></u></p>
<p class="MsoNormal"> proxy_pass <a href="https://$backend/repository/proxy-to-nonprod-hosted$request_uri" target="_blank">
https://$backend/repository/proxy-to-nonprod-hosted$request_uri</a>;<u></u><u></u></p>
<p class="MsoNormal"> #proxy_pass <a href="https://nexus.itt.aws.oprd.com.au/repository/proxy-to-nonprod-hosted/$request_uri" target="_blank">
https://nexus.itt.aws.oprd.com.au/repository/proxy-to-nonprod-hosted/$request_uri</a>;<u></u><u></u></p>
<p class="MsoNormal"> }<u></u><u></u></p>
<p class="MsoNormal"> location /v1 {<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header Host $host:$server_port;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Real-IP $remote_addr;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-Proto "https";<u></u><u></u></p>
<p class="MsoNormal"> set $backend "<a href="http://nexus.itt.aws.orpd.com.au" target="_blank">nexus.itt.aws.orpd.com.au</a>";<u></u><u></u></p>
<p class="MsoNormal"> proxy_pass <a href="https://$backend/repository/proxy-to-nonprod-hosted$request_uri" target="_blank">
https://$backend/repository/proxy-to-nonprod-hosted$request_uri</a>;<u></u><u></u></p>
<p class="MsoNormal"> #proxy_pass <a href="https://nexus.itt.aws.oprd.com.au/repository/proxy-to-nonprod-hosted/$request_uri" target="_blank">
https://nexus.itt.aws.oprd.com.au/repository/proxy-to-nonprod-hosted/$request_uri</a>;<u></u><u></u></p>
<p class="MsoNormal"> }<u></u><u></u></p>
<p class="MsoNormal"> location / {<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header Host $host:$server_port;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Real-IP $remote_addr;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-Proto "https";<u></u><u></u></p>
<p class="MsoNormal"> set $backend "<a href="http://nexus.itt.aws.oprd.com.au" target="_blank">nexus.itt.aws.oprd.com.au</a>";<u></u><u></u></p>
<p class="MsoNormal"> proxy_pass <a href="https://$backend/" target="_blank">https://$backend/</a>;<u></u><u></u></p>
<p class="MsoNormal"> #proxy_pass <a href="https://nexus.itt.aws.oprd.com.au/" target="_blank">
https://nexus.itt.aws.oprd.com.au/</a>;<u></u><u></u></p>
<p class="MsoNormal"> }<u></u><u></u></p>
<p class="MsoNormal">}<u></u><u></u></p>
<p class="MsoNormal"><div><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)">server {<u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u><u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u></p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"> listen 443 ssl;<u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u><u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u></p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"> listen 80;<u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u><u style="background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"></u></p><p class="MsoNormal" style="font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;background-color:rgba(0,0,0,0);border-color:rgb(0,0,0);color:rgb(0,0,0)"> server_name<span class="Apple-converted-space"> </span><a href="http://mcr.itt.aws.oprd.com.au" target="_blank" style="background-color:rgba(0,0,0,0);border-color:rgb(66,133,244);color:rgb(66,133,244)">mcr.itt.aws.oprd.com.au</a>;</p></div><br></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> ssl_certificate /etc/nginx/ssl/selfsigned_wildcard_san_cert.crt;<u></u><u></u></p>
<p class="MsoNormal"> ssl_certificate_key /etc/nginx/ssl/privatekey_selfsigned_wildcard_san.pem;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> # Docker /v2 and /v1 (for search) requests<u></u><u></u></p>
<p class="MsoNormal"> resolver <a href="http://10.78.128.2:53" target="_blank">10.78.128.2:53</a> valid=300s ipv6=off;<u></u><u></u></p>
<p class="MsoNormal"> resolver_timeout 10s;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"> location /v2 {<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header Host $host:$server_port;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Real-IP $remote_addr;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-Proto "https";<u></u><u></u></p>
<p class="MsoNormal"> set $backend "<a href="http://nexus.itt.aws.oprd.com.au" target="_blank">nexus.itt.aws.oprd.com.au</a>";<u></u><u></u></p>
<p class="MsoNormal"> proxy_pass <a href="https://$backend/repository/mcr-proxy$request_uri" target="_blank">
https://$backend/repository/mcr-proxy$request_uri</a>;<u></u><u></u></p>
<p class="MsoNormal"> }<u></u><u></u></p>
<p class="MsoNormal"> location /v1 {<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header Host $host:$server_port;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Real-IP $remote_addr;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-Proto "https";<u></u><u></u></p>
<p class="MsoNormal"> set $backend "<a href="http://nexus.itt.aws.orpd.com.au" target="_blank">nexus.itt.aws.orpd.com.au</a>";<u></u><u></u></p>
<p class="MsoNormal"> proxy_pass <a href="https://$backend/repository/mcr-proxy$request_uri" target="_blank">
https://$backend/repository/mcr-proxy$request_uri</a>;<u></u><u></u></p>
<p class="MsoNormal"> }<u></u><u></u></p>
<p class="MsoNormal"> location / {<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header Host $host:$server_port;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Real-IP $remote_addr;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<u></u><u></u></p>
<p class="MsoNormal"> proxy_set_header X-Forwarded-Proto "https";<u></u><u></u></p>
<p class="MsoNormal"> set $backend "<a href="http://nexus.itt.aws.oprd.com.au" target="_blank">nexus.itt.aws.oprd.com.au</a>";<u></u><u></u></p>
<p class="MsoNormal"> proxy_pass <a href="https://$backend/" target="_blank">https://$backend/</a>;<u></u><u></u></p>
<p class="MsoNormal"> #proxy_pass <a href="https://nexus.itt.aws.oprd.com.au/" target="_blank">
https://nexus.itt.aws.oprd.com.au/</a>;<u></u><u></u></p>
<p class="MsoNormal"> }<u></u><u></u></p>
<p class="MsoNormal">}<u></u><u></u></p>
<p class="MsoNormal">}<u></u><u></u></p>
</div>
<br>
*********************************************************************<br>
We acknowledge the traditional custodians of the land on which we meet, work <br>
and live. We pay our respects to the ancestors and Elders, past and present. <br>
<br>
The information in this email and any attachments may contain confidential, privileged <br>
or copyright material belonging to us, related entities or third parties. If you are not <br>
the intended recipient you are prohibited from disclosing this information. If you <br>
have received this email in error, please contact the sender immediately by return <br>
email or phone and delete it. We apologise for any inconvenience caused. We use <br>
security software but do not guarantee this email is free from viruses. You assume <br>
responsibility for any consequences arising from the use of this email. This email <br>
may contain personal views of the sender not authorised by us.<br>
*********************************************************************
</div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div></div>