nginx behind a forward proxy
Francis Daly
francis at daoine.org
Fri Mar 17 15:10:43 UTC 2017
Hi there,
> In one of our deployments, we need to set up an nginx server behind a forward proxy.
Currently, nginx does not read the "server end" of proxied-http that a
client might want to write; and nginx does not write the "client end"
of proxied-http that a server might want to read.
> I would like to submit a patch to support this flow, two options I can think of:
>
> 1. Add a new parameter proxy_uri that will accept nginx variables, and will take priority
> over the existing logic for determining the uri
>
> 2. Add a dedicated flag for stripping the /, e.g. proxy_strip_uri_slash on/off
The client writing to nginx is not writing to a http proxy; so if nginx
is to write to an upstream http proxy, nginx will have to handle any
proxy-specific error responses before returning something useful to
the client.
And nginx will have to obey all of the client-writing-http-via-a-proxy
rules, which is currently does not need to do. (Maybe there are no such
rules that matter that nginx does not already obey.)
What you want would need a patch to the nginx source. But I think that
that patch would involve more than just changing the GET line that
it writes.
> Please let me whether this change makes sense, and which option you think is better
I have nothing to do with the dev team. But I imagine that if a full
solution were provided that cleanly, correctly, and efficiently handled
nginx writing proxy-http to an upstream proxy server, then it would be
considered; and I imagine that a partial solution would be a maintenance
headache.
Luckily, though, if it turns out that a simple "just change the GET
request line" patch is sufficient for your use case, there's no reason
why you shouldn't be able to carry that patch locally, even if it is
not accepted in the stock code.
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx-devel
mailing list