"Proxy proxy"!

Denis F. Latypoff denis at gostats.ru
Fri Sep 26 14:50:01 MSD 2008

Hello Igor,

Friday, September 26, 2008, 5:37:28 PM, you wrote:

> Hi,

> We have a linux box hosted at an ISP which has been running various  
> sites on Apache for some time. I'm in the process of porting the sites
> on it to nginx. At the moment I just have the default ('_') nginx  
> server proxy_pass-ing everything to Apache on a local high port like so:

>         server {
-                 listen                  x.x.x.x:80;
-                 server_name     _       default;
+                 listen                  x.x.x.x:80 default;
+                 server_name     _;

>                 location / {
>                         proxy_pass            ;
>                         proxy_set_header        Host                $http_host;
-                         proxy_set_header        X-Real-Remote-IP    $remote_addr;
+                         proxy_set_header        X-Real-IP           $remote_addr;
>                         proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
>                 }
>         }

> and I'm just implementing new specific server {} blocks identified  
> with server_name for each site as I go. All the sites work fine, so  
> far so good.

> The Apache setup is configured to act as a forward proxy, restricted  
> to our network and with basic auth, as we occasionally need to check  
> how things look from outside our network, or to be able to look back  
> at our network from outside.

> I've added the local address in the Allow from list in the Apache  
> proxy config, but I can't seem to get it to allow proxy requests for  
> remote URLs; it just says 403. It allows proxy requests for sites  
> hosted on that machine, but nothing else. I'm fairly sure the Apache  
> config is otherwise good, as we've been using it like this for a while
> and it hasn't changed other than the new local Allow address.

> Perhaps it's something to do with host-header mangling, or similar ...
> Is there a way to get this to work? I guess we could open port 8080 on
> the firewall so that we can access the Apache proxy directly, but I'm
> interested to know if there's another way.

> Thanks,
> Igor

Best regards,
 Denis                            mailto:denis at gostats.ru

More information about the nginx mailing list