Separated reverse proxy for different users

Francis Daly francis at daoine.org
Sun Sep 3 09:16:58 UTC 2017 

On Sat, Sep 02, 2017 at 03:53:52PM -0400, ivy wrote:

Hi there,

there are a few things here I'm not sure about.

>   location / { 
>     try_files $uri $uri/ =404; 

Why is that line there? That probably says "return 404 to most
requests". You report that you get a 404 to most requests. Remove that
line if you cannot say what you think it should be doing.

>     auth_basic "restricted content"; 
>     auth_basic_user_file "/home/secure/.passwords"; 
>     auth_request_set $auth_status $upstream_status; 
> 
>      proxy_pass http://127.0.01:$rp_port 

If you copy-paste'd that line, you possibly have some typos in your config.

If you transcribed that line, then this is an indication of why you
should not transcribe.

> 2017/09/02 12:46:32 [error] 26959#26959: *1905 connect() failed (111:
> Connection refused) while connecting to upstream, client: client_ip, server:
> ..., request: "POST / HTTP/1.1", upstream: "http://server_ip:10081/", host:

"10081" corresponds to "john", yes? Your proxy_pass line wanted to talk
to 127.0.0.1, but the log line says server_ip.

I suspect that you are not testing with the configuration/logs that you
are showing here.

Anyway: the log line says that the server on 10081 is not running. Is
the server on 10081 running? If not, make it be running before you test again.

> I added URI in the proxy_pass line:
>             proxy_pass http://127.0.0.1:$rp_port$uri;

That should not be necessary, if the first problems are solved.

> - However, on request of any sub-location (like: my.site.info/about) the
> proxy_pass generates redirect to itself.

Just for clarity: a 404 is not a redirect to itself.

The 404 probably comes from your try_files line, before proxy_pass takes
effect. Your upstream server on port 10081 probably shows nothing in
its logs for this request.

> Here
> (https://www.jethrocarr.com/2013/11/02/nginx-reverse-proxies-and-dns-resolution/)
> provided number of workarounds with changing upstreams. I tried all of them
> with the same result as above - sub-locations give error 404.

I don't see any suggestions on that page that are relevant to you; you
don't have varying hostnames in your proxy_pass directives, unless I
have missed something.

> I'd glad to try more ideas.

Remove the try_files line; and if something remains imperfect, build a
test system that does not have any secret names or addresses and show
the actual tested configuration, request, and logged result.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

More information about the nginx mailing list