2 x Applications using the same domain behind a reverse proxy

Mik J mikydevel at yahoo.fr
Tue Jul 26 01:11:45 UTC 2022


 Hello everyone,
I'm still trying to solve my implementation.
When I access to example.org, I was to use /var/www/htdocs/app1 and it works.

When I access to example.org/app2, I was to use /var/www/htdocs/app2 and it doesn't really work.
        location / {
          try_files $uri $uri/ /index.php$is_args$args;
        root /var/www/htdocs/app1;

          location ~ \.php$ {
              root /var/www/htdocs/app1;
              try_files $uri    =450;
              fastcgi_pass      unix:/run/php-fpm.sock;
              fastcgi_read_timeout 700;
              fastcgi_split_path_info ^(.+\.php)(/.+)$;
              fastcgi_index     index.php;
              fastcgi_param     SCRIPT_FILENAME $document_root$fastcgi_script_name;
              include           fastcgi_params;
          }

        }

        location /app2 {
          #root /var/www/htdocs/app2;
          alias /var/www/htdocs/app2;
          try_files $uri $uri/ /index.php$is_args$args;

          location ~ \.php$ {
              root              /var/www/htdocs/app2;
              #alias /var/www/htdocs/app2;
              try_files $uri   =450;
              fastcgi_pass   unix:/run/ php-fpm.sock;#              fastcgi_read_timeout 700;
              fastcgi_split_path_info ^(.+\.php)(/.+)$;
              fastcgi_index  index.php;
              fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
              include        fastcgi_params;
          }
        }

I have created an index.html file in /var/www/htdocs/app2, when I access it with example.org/app2/index.html I can see the html text.
Problem
My application has to be accessed with index.php so when I type example.org/app2/index.php, Nginx should process /var/www/htdocs/app2/index.phpThe problem is that I receive a code 404. I don't receive a code 450.It looks like the condition location /app2 matches but location ~ \.php$ inside doesn't match

Then I tried to replace alias by root just after location /app2 and I do get this error code 450. the location ~ \.php$ seems to match but the php code is not being processed.
Does anyone has a idea ?
    Le mardi 19 juillet 2022 à 16:32:05 UTC+2, Mik J via nginx <nginx at nginx.org> a écrit :  
 
  Hello Ian,
Thank you for your answer. I did what you told me
Now I have on my reverse proxy
     location / {
        proxy_pass              http://10.10.10.10:80;
        proxy_redirect          off;
        proxy_set_header        Host                    $http_host;
        proxy_set_header        X-Real-IP               $remote_addr;
#        proxy_set_header        X-Real-IP               $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
        proxy_set_header        Referer                 "http://example.org";        #proxy_set_header       Upgrade                 $http_upgrade;
        #proxy_pass_header      Set-Cookie;
     }

And on the backend server server {
          listen 80;
          server_name example.org;
          index index.html index.php;
          root /var/www/htdocs/app1;
 
          access_log /var/log/nginx/example.org.access.log;
          error_log /var/log/nginx/example.org.error.log;
 
          location / {
            try_files $uri $uri/ /index.php$is_args$args;
            root /var/www/htdocs/app1;
          }
 
          location /app2 {
            try_files $uri $uri/ /index.php$is_args$args;
            root /var/www/htdocs/app2;
          }            location ~ \.php$ {                try_files $uri    =450;
                fastcgi_pass      unix:/run/php-fpm.app1.sock;
                fastcgi_read_timeout 700;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_index     index.php;
                fastcgi_param     SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include           fastcgi_params;
            }
 }
Access to example.org leads me to app1 so it works as expected.Access to example.org/app2 doesnt lead me to app2. It seems to me that the following lineproxy_set_header        Referer                 "http://example.org";on the reverse proxy could make a confusion ?
I can see that example.org/app2 still lands on /var/www/htdocs/app1

Regards


    Le mardi 19 juillet 2022 à 06:10:28 UTC+2, Ian Hobson <hobson42 at gmail.com> a écrit :  
 
 Hi Mik,

I think the problem is that your back end cannot distinguish app1 from 
app2. I don't think there is a need for proxy-pass, unless it is to 
spread the load.

I would try the following approach:

Change the root within location / and location /app2 and
serve static files directly.

When you pass the .php files, the different roots will  appear in the 
$document_root location, so
you can share the php instance.

It will be MUCH more efficient if you use fast-cgi because it removes a 
process create from every php serve.

Finally, you need to protect against sneaks who try to execute code, by 
adding a try_files thus...

location ~ \.php$ {
    try_files $uri =450;
    include /etc/nginx/fastcgi.conf;
    fastcgi_split_path_info  ^(.+\.php)(/.+)$;
        etc.

Hope this helps.

Ian


On 18/07/2022 05:08, Mik J via nginx wrote:
> Hello,
> 
> I don't manage to make my thing works although it's probably a classic 
> for Nginx users.
> 
> I have a domain https://example.org
> 
> What I want is this
> https://example.org goes on reverse proxy => server1 (10.10.10.10) to 
> the application /var/www/htdocs/app1
> https://example.org/app2 goes on reverse proxy => server1 (10.10.10.10) 
> to the application /var/www/htdocs/app2
> So in the latter case the user adds /app2 and the flow is redirected to 
> the /var/www/htdocs/app2 directory
> 
> First the reverse proxy, I wrote this
>      ##
>      # App1
>      ##
>       location / {
>          proxy_pass              http://10.10.10.10:80;
>          proxy_redirect          off;
>          proxy_set_header        Host                    $http_host;
>          proxy_set_header        X-Real-IP               $remote_addr;
>          proxy_set_header        X-Forwarded-For        
> $proxy_add_x_forwarded_for;
>          proxy_set_header        Referer                
> "http://example.org";
>          #proxy_set_header       Upgrade                 $http_upgrade;
>          #proxy_pass_header      Set-Cookie;
>       }
>      ##
>      # App2
>      ##
>       location /app2 {
>          proxy_pass              http://10.10.10.10:80;
>          proxy_redirect          off;
>          proxy_set_header        Host                    $http_host;
>          proxy_set_header        X-Real-IP               $remote_addr;
>          proxy_set_header        X-Forwarded-For        
> $proxy_add_x_forwarded_for;
>          proxy_set_header        Referer                
> "http://example.org";
>          #proxy_set_header       Upgrade                 $http_upgrade;
>          #proxy_pass_header      Set-Cookie;
>       }
> 
> 
> Second the back end server
> server {
>          listen 80;
>          server_name example.org;
>          index index.html index.php;
>          root /var/www/htdocs/app1;
> 
>          access_log /var/log/nginx/example.org.access.log;
>          error_log /var/log/nginx/example.org.error.log;
> 
>          location / {
>            try_files $uri $uri/ /index.php$is_args$args;
> 
>            location ~ \.php$ {
>                root              /var/www/htdocs/app1;
>                fastcgi_pass      unix:/run/php-fpm.app1.sock;
>                fastcgi_read_timeout 700;
>                fastcgi_split_path_info ^(.+\.php)(/.+)$;
>                fastcgi_index     index.php;
>                fastcgi_param     SCRIPT_FILENAME 
> $document_root$fastcgi_script_name;
>                include           fastcgi_params;
>            }
>          }
> 
>          location /app2 {
>            try_files $uri $uri/ /index.php$is_args$args;
> 
>            location ~ \.php$ {
>                root              /var/www/htdocs/app2;
>                fastcgi_pass      unix:/run/php-fpm.app1.sock;
>                fastcgi_read_timeout 700;
>                fastcgi_split_path_info ^(.+\.php)(/.+)$;
>                fastcgi_index     index.php;
>                fastcgi_param     SCRIPT_FILENAME 
> $document_root$fastcgi_script_name;
>                include           fastcgi_params;
>            }
>          }
> }
> 
> The result I have right now is that I can access app1 with 
> http://example.org, but i cannot access app2 with http://example.org/app2
> 
> Also what is the best practice on the backend server:
> - should I make one single virtual host with two location statements 
> like I did or 2 virtual hosts with a fake name like 
> internal.app1.example.org and internal.app2.example.org ?
> - can I mutualise the location ~ \.php$ between the two ?
> - Should I copy access_log and error_log in the location /app2 statement ?
> 
> By the way, app1 and app2 are the same application/program but sometimes 
> I want another instance or test app version 1, app version 2 etc.
> 
> What I tend to do in the past is to have
> app1.example.org
> app2.example.org
> The problem is that it makes me use multiple certificates.
> Here I want to group all the applications behind one domain name 
> example.org with one certificate and then access different applications 
> with example.org/app1, example.org/app2
> 
> Thank you
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org

-- 
Ian Hobson
Tel (+66) 626 544 695
_______________________________________________
nginx mailing list -- nginx at nginx.org
To unsubscribe send an email to nginx-leave at nginx.org
  _______________________________________________
nginx mailing list -- nginx at nginx.org
To unsubscribe send an email to nginx-leave at nginx.org
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220726/4b4aec32/attachment.htm>


More information about the nginx mailing list