Separated reverse proxy for different users

Francis Daly francis at
Sun Sep 3 09:16:58 UTC 2017

On Sat, Sep 02, 2017 at 03:53:52PM -0400, ivy wrote:

Hi there,

there are a few things here I'm not sure about.

>   location / { 
>     try_files $uri $uri/ =404; 

Why is that line there? That probably says "return 404 to most
requests". You report that you get a 404 to most requests. Remove that
line if you cannot say what you think it should be doing.

>     auth_basic "restricted content"; 
>     auth_basic_user_file "/home/secure/.passwords"; 
>     auth_request_set $auth_status $upstream_status; 
>      proxy_pass http://127.0.01:$rp_port 

If you copy-paste'd that line, you possibly have some typos in your config.

If you transcribed that line, then this is an indication of why you
should not transcribe.

> 2017/09/02 12:46:32 [error] 26959#26959: *1905 connect() failed (111:
> Connection refused) while connecting to upstream, client: client_ip, server:
> ..., request: "POST / HTTP/1.1", upstream: "http://server_ip:10081/", host:

"10081" corresponds to "john", yes? Your proxy_pass line wanted to talk
to, but the log line says server_ip.

I suspect that you are not testing with the configuration/logs that you
are showing here.

Anyway: the log line says that the server on 10081 is not running. Is
the server on 10081 running? If not, make it be running before you test again.

> I added URI in the proxy_pass line:
>             proxy_pass$rp_port$uri;

That should not be necessary, if the first problems are solved.

> - However, on request of any sub-location (like: the
> proxy_pass generates redirect to itself.

Just for clarity: a 404 is not a redirect to itself.

The 404 probably comes from your try_files line, before proxy_pass takes
effect. Your upstream server on port 10081 probably shows nothing in
its logs for this request.

> Here
> (
> provided number of workarounds with changing upstreams. I tried all of them
> with the same result as above - sub-locations give error 404.

I don't see any suggestions on that page that are relevant to you; you
don't have varying hostnames in your proxy_pass directives, unless I
have missed something.

> I'd glad to try more ideas.

Remove the try_files line; and if something remains imperfect, build a
test system that does not have any secret names or addresses and show
the actual tested configuration, request, and logged result.

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list