Separated reverse proxy for different users

ivy nginx-forum at forum.nginx.org
Sat Sep 2 19:53:52 UTC 2017


Hi Francis,

Thanks for your reply.
I added default value to map file and replaced "localhost" with 127.0.0.1
So currently the map file looks like:

ivy 10080;
john 10081;
default 65355;

The conf.file looks like:
map $remote_user $rp_port { 
  include /home/secure/reverse_proxy.map; 
}

server { 
  listen 80 default_server; 
  listen [::]:80 default_server ipv6only=on; 
  set $auth_status 100; 
  server_name localhost; 
  root /usr/share/nginx/html; 
  include /etc/nginx/default.d/*.conf; 

  location / { 
    try_files $uri $uri/ =404; 
    auth_basic "restricted content"; 
    auth_basic_user_file "/home/secure/.passwords"; 
    auth_request_set $auth_status $upstream_status; 

     proxy_pass http://127.0.01:$rp_port 
  } 
} 

This gave me following error:
2017/09/02 12:46:32 [error] 26959#26959: *1905 connect() failed (111:
Connection refused) while connecting to upstream, client: client_ip, server:
..., request: "POST / HTTP/1.1", upstream: "http://server_ip:10081/", host:
"server_ip", referrer: "http://server_ip/"

I added URI in the proxy_pass line:
            proxy_pass http://127.0.0.1:$rp_port$uri;
Among many iterative experiments i found that $uri and $request_uri give the
same result:
- On plain root request (like: my.site.info) the needed page is loaded.
client_ip - ivy [02/Sep/2017:14:59:43 -0400] "GET / HTTP/1.1" 200 33185 "-"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/60.0.3112.101 Safari/537.36" "-"

- However, on request of any sub-location (like: my.site.info/about) the
proxy_pass generates redirect to itself.
client_ip - ivy [02/Sep/2017:14:59:47 -0400] "GET /sysinfo/ HTTP/1.1" 404
571 "http://server_ip/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
"-"

Here
(https://www.jethrocarr.com/2013/11/02/nginx-reverse-proxies-and-dns-resolution/)
provided number of workarounds with changing upstreams. I tried all of them
with the same result as above - sub-locations give error 404.

I'd glad to try more ideas.
Thank you.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276150,276228#msg-276228



More information about the nginx mailing list