Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

Francis Daly francis at daoine.org
Wed Jun 2 15:27:15 UTC 2021


On Tue, Jun 01, 2021 at 07:40:27PM +0530, Amila Gunathilaka wrote:

Hi there,

> Hope you are doing good ?  Thanks for your quick responses for my emails
> again.  I have 02 questions  for you today,  I will brief it down for your
> ease.

You're welcome.

In general, if the questions are unrelated to the first one, it's best
to start a new mail. That'll help someone search for questions and
answers in the future.

In this case, they are kind-of vaguely related, so we'll keep[ them in
this thread.

> But when I tail the /var.log/nginx/error.log file for
> a moment and even after I log in by type username and password the error
> log gives below error message unless the login is successful.
> 
> 
> *tail -f  /var.log/nginx/error.log output*
> 2021/06/01 11:25:26 [crit] 2379013#2379013: *57800 open()
> "/var/lib/nginx/proxy/4/79/0000002794" failed (*13: Permission denied*)
> while reading upstream, client: 172.20.0.201, server: 172.25.234.105,
> request: "GET /metrics HTTP/1.1", upstream: "http://127.0.0.1:9091/metrics",
> host: "172.25.234.105"
> 
> 
> So my first quiz is why it gives a Permission denied message for my request
> through the browser even after I enter credentials and I can view /metrics
> page contents.

That is almost certainly because you also have "proxy_cache"
(http://nginx.org/r/proxy_cache) and "proxy_cache_path" defined, but
configured to use part of the filesystem that the nginx user is not
allowed to use -- maybe it was created or first run as one user, and
now this user cannot write there?

The simplest-to-understand fix, assuming that this is a test system
where you are happy to start again, is probably to stop nginx, remove
the /var/lib/nginx/proxy/ directory and all of its contents, create the
directory again as the user that nginx runs as, and then start nginx.

You should then see directories and files created, as cacheable responses
are fetched.

(There are other possible fixes too, of course.)

> *quiz (2.) : * My second question for you is if I want to redirect the url,
> such as when I enter  http://172.25.234.105:80  I want it to automatically
> redirect it to the page   http://172.25.234.105/metrics. How could I
> achieve that via nginx ?

Something like

    location = / { return 301 /metrics/; }

should probably work. Any access control on /metrics/ would still apply
to the next request that the client makes, so it probably is ok not to
require authentication for this one request.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list