proxy_pass with variable

Maxim Dounin mdounin at mdounin.ru
Fri Dec 18 19:13:03 UTC 2020 

Hello!

On Fri, Dec 18, 2020 at 06:37:57PM +0000, Jeffrey Knight wrote:

> Hello !
> 
> I'm trying to get up a reverse proxy where my users can pass in a url of the form
> 
> https://my.server.com?https://some.other.server.com
> 
> and it'll proxy to it.
> 
> It works perfectly with this configuration with the proxy_pass target hard coded:
> 
> ```
> server {
>     server_name my.server.com;
> 
>     listen [::]:443 ssl ipv6only=on; # managed by Certbot
>     listen 443 ssl; # managed by Certbot
> 
>     location / {
>         proxy_pass https://some.other.server.com;
>         add_header Cache-Control "public, max-age=3";
> 
>         add_header 'Access-Control-Allow-Origin' "$http_origin";
>         add_header 'X-Frame-Options' "ALLOW FROM $http_origin";
>         add_header 'Access-Control-Allow-Credentials' 'true';
>         add_header 'Vary' 'Origin';
>     }
> }
> ```
> 
> testing with:
> > curl -X POST https://my.server.com -H "Content-Type: application/json" -d "{\"id\": \"123\"}"
> 
> But if I swap out the proxy_pass target with a variable, I'm getting a 502 Bad Gateway.
> 
> ```
> server {
>     server_name my.server.com;
> 
>     listen [::]:443 ssl ipv6only=on; # managed by Certbot
>     listen 443 ssl; # managed by Certbot
> 
>     location / {
>         proxy_pass $args;
>         add_header Cache-Control "public, max-age=3";
> 
>         add_header 'Access-Control-Allow-Origin' "$http_origin";
>         add_header 'X-Frame-Options' "ALLOW FROM $http_origin";
>         add_header 'Access-Control-Allow-Credentials' 'true';
>         add_header 'Vary' 'Origin';
>     }
> }
> ```
> 
> Testing with:
> > curl -X POST https://my.server.com?https://some.other.server.com -H "Content-Type: application/json" -d "{\"id\": \"123\"}"

The 502 error returned by nginx implies there is a relevant 
message in the error log at the "error" level.  What's in the 
error log?

[...]

> [1] https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass

I suspect the relevant quote from this link is:

: Parameter value can contain variables. In this case, if an address 
: is specified as a domain name, the name is searched among the 
: described server groups, and, if not found, is determined using a 
: resolver.

And you don't have resolver defined in your configuration.  But 
the error log should know better.

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx mailing list