Rewrite -- failure

Francis Daly francis at daoine.org
Tue Apr 14 22:39:39 UTC 2020 

On Tue, Apr 14, 2020 at 04:38:51PM -0400, Paul wrote:

Hi there,

> My problem is that I need to split serv1.example.com to two physical servers
> (both fully functional on LAN). The first (192.168.aaa.bbb) serving static
> https works fine. But I cannot "rewrite" (redirect, re-proxy?) to the second
> server (192.168.xxx.yyy, Perl cgi) where the request comes in as
> https://serv1.example.com/foo and I need to get rid of "foo"

http://nginx.org/r/proxy_pass -- proxy_pass can (probably) do what
you want, without rewrites. The documentation phrase to look for is
"specified with a URI".

> 	"rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent;" (tried
> permanent, break, last and no flags)

"rewrite" (http://nginx.org/r/rewrite) works on the "/foo" part, not the
"https://" or the "serv1.example.com" parts of the request, which is why
that won't match your requests.

>     location /foo {           # big db server, perfect on LAN, PERL, cgi
>         # rewrite ^/foo(.*) /$1 break;   #tried permanent, break, last and
> no flags

That one looks to me to be most likely to work; but you probably need
to be very clear about what you mean when you think "it doesn't work".

In general - show the request, show the response, and describe the response
that you want instead.

>         # rewrite ^/foo/(.*)$ /$1 last;   #tried permanent, break, last and
> no flags
>         rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent; #tried
> permanent, break, last and no flags
>         proxy_pass http://192.168.xxx.yyy:8084;
>         proxy_set_header Host $host;
>         proxy_http_version 1.1;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>    }

I suggest trying

    location /foo/ {
        proxy_pass http://192.168.xxx.yyy:8084/;
    }

(note the trailing / in both places) and then seeing what else needs to
be added.

Note also that, in any case, if you request /foo/one.cgi which is really
upstream's /one.cgi, and the response body includes a link to /two.png,
then the browser will look for /two.png not /foo/two.png, which will
be sought on the other server. That may or may not be what you want,
depending on how you have set things up.

That is: it is in general non-trivial to reverse-proxy a service at a
different places in the url hierarchy from where the service believes
it is located. Sometimes a different approach is simplest.

> server {
> 
> # automatically sets to https if someone comes in on http
>     listen 80;
>     listen 8084;

Hmm. Is this 8084 the same as 192.168.xxx.yyy:8084 above? If so, things
might get a bit confused.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

More information about the nginx mailing list