Internal application - Publish on nginx

Francis Daly francis at daoine.org
Fri Dec 3 14:32:58 UTC 2021


On Fri, Dec 03, 2021 at 09:02:29AM -0500, agomes wrote:

Hi there,

> follow the command curl -v.

Thanks for this.

> > GET /app HTTP/1.1

> < HTTP/1.1 302

> < Location: /pwm/public/forgottenpasswordapp?stickyRedirectTest=key
> < Set-Cookie: ID=3fajhL8QWt9TNKBTc8BQVdvqVxf7IZXOkwqt8unh; Path=/pwm/; Secure; HttpOnly; SameSite=Strict

So your upstream redirected to
/pwm/public/forgottenpasswordapp?stickyRedirectTest=key and wanted to
set some cookies with Path=/pwm/. And nginx passed those through to the
client -- so your nginx logs will probably show the "normal" client making
a request for /pwm/public/forgottenpasswordapp?stickyRedirectTest=key,
which will get an error response because you don't have a file
/var/www/pwm/public/forgottenpasswordapp.

proxy_redirect can be used to change the first of those. proxy_cookie_path
can be used to change the second, sort of.

You did set "proxy_redirect default;", but that does not catch the
no-host Location response in this case.

So, I suggest:

* use

    proxy_redirect /pwm/public/forgottenpasswordapp /app;

and repeat the "curl"; you should see either "Location: /app?sticky..." or
"Location: https://x.x.x.com/app?sticky...". If you do, then repeat the
"curl" with the "?sticky..." part attached.

I *suspect* that second request will indicate a "missing cookie" failure.

You can then try to access /app in your browser, and see what that does --
if it also indicates the "missing cookie" failure, then you decide how to
"fix" the cookies.

If you are happy for the cookie to potentially be sent to anything on
your x.x.x.com server, then

    proxy_cookie_path /pwm/ /;

may work. Maybe "/app" and the end could work too -- it does depend on
what else the upstream app might send. (The upstream app is entirely
below /pwm/; the front-end version is not below /app/ (trailing slash);
so it is not trivial to map between the two.)

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list