2 x Applications using the same domain behind a reverse proxy
Ian Hobson
hobson42 at gmail.com
Wed Jul 27 02:52:27 UTC 2022
Hi Mik,
I am no expert on nginx, just a user, and I have never had to split a
site as you are. That said, I think the error is that you have wrapped
your locations inside each other. This means that when it matches /, it
goes on to pass .php files to app1, without ever looking for /app2.
You need three location statements.
location / {
root /var/www/htdocs/app1
try_files to serve app1 static content
}
location /app2
root /var/www/htdocs/app2
try_files to serve app2 static content
}
location ~ \.php {
# no root needed here
fastcgi stuff here
}
The line within \.php that sets SCRIPT_FILENAME to
$document_root$fastcgi_script_name will
pass the different roots to php, so app1 and
app2 will each get the correct script names.
Regards
Ian
On 26/07/2022 08:11, Mik J via nginx wrote:
> Hello everyone,
>
> I'm still trying to solve my implementation.
>
> When I access to example.org, I was to use /var/www/htdocs/app1 and it
> works.
>
> When I access to example.org/app2, I was to use /var/www/htdocs/app2 and
> it doesn't really work.
>
> location / {
> try_files $uri $uri/ /index.php$is_args$args;
> root /var/www/htdocs/app1;
>
> location ~ \.php$ {
> root /var/www/htdocs/app1;
> try_files $uri =450;
> fastcgi_pass unix:/run/php-fpm.sock;
> fastcgi_read_timeout 700;
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
> include fastcgi_params;
> }
>
> }
>
> location /app2 {
> #root /var/www/htdocs/app2;
> alias /var/www/htdocs/app2;
> try_files $uri $uri/ /index.php$is_args$args;
>
> location ~ \.php$ {
> root /var/www/htdocs/app2;
> #alias /var/www/htdocs/app2;
> try_files $uri =450;
> fastcgi_pass unix:/run/ php-fpm.sock;
> # fastcgi_read_timeout 700;
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
> include fastcgi_params;
> }
> }
>
> I have created an index.html file in /var/www/htdocs/app2, when I access
> it with example.org/app2/index.html I can see the html text.
>
> Problem
> My application has to be accessed with index.php so when I type
> example.org/app2/index.php, Nginx should process
> /var/www/htdocs/app2/index.php
> The problem is that I receive a code 404. I don't receive a code 450.
> It looks like the condition location /app2 matches but location ~ \.php$
> inside doesn't match
>
>
> Then I tried to replace alias by root just after location /app2 and I do
> get this error code 450. the location ~ \.php$ seems to match but the
> php code is not being processed.
>
> Does anyone has a idea ?
> Le mardi 19 juillet 2022 à 16:32:05 UTC+2, Mik J via nginx
> <nginx at nginx.org> a écrit :
>
>
> Hello Ian,
>
> Thank you for your answer. I did what you told me
>
> Now I have on my reverse proxy
> location / {
> proxy_pass http://10.10.10.10:80;
> proxy_redirect off;
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> # proxy_set_header X-Real-IP
> $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> proxy_set_header Referer
> "http://example.org";
> #proxy_set_header Upgrade $http_upgrade;
> #proxy_pass_header Set-Cookie;
> }
>
> And on the backend server
> server {
> listen 80;
> server_name example.org;
> index index.html index.php;
> root /var/www/htdocs/app1;
>
> access_log /var/log/nginx/example.org.access.log;
> error_log /var/log/nginx/example.org.error.log;
>
> location / {
> try_files $uri $uri/ /index.php$is_args$args;
> root /var/www/htdocs/app1;
>
> }
>
> location /app2 {
> try_files $uri $uri/ /index.php$is_args$args;
> root /var/www/htdocs/app2;
>
> }
> location ~ \.php$ {
> try_files $uri =450;
> fastcgi_pass unix:/run/php-fpm.app1.sock;
> fastcgi_read_timeout 700;
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
> include fastcgi_params;
> }
>
> }
>
> Access to example.org leads me to app1 so it works as expected.
> Access to example.org/app2 doesnt lead me to app2. It seems to me that
> the following line
> proxy_set_header Referer "http://example.org";
> on the reverse proxy could make a confusion ?
>
> I can see that example.org/app2 still lands on /var/www/htdocs/app1
>
> Regards
>
>
> Le mardi 19 juillet 2022 à 06:10:28 UTC+2, Ian Hobson
> <hobson42 at gmail.com> a écrit :
>
>
> Hi Mik,
>
> I think the problem is that your back end cannot distinguish app1 from
> app2. I don't think there is a need for proxy-pass, unless it is to
> spread the load.
>
> I would try the following approach:
>
> Change the root within location / and location /app2 and
> serve static files directly.
>
> When you pass the .php files, the different roots will appear in the
> $document_root location, so
> you can share the php instance.
>
> It will be MUCH more efficient if you use fast-cgi because it removes a
> process create from every php serve.
>
> Finally, you need to protect against sneaks who try to execute code, by
> adding a try_files thus...
>
> location ~ \.php$ {
> try_files $uri =450;
> include /etc/nginx/fastcgi.conf;
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> etc.
>
> Hope this helps.
>
> Ian
>
>
> On 18/07/2022 05:08, Mik J via nginx wrote:
> > Hello,
> >
> > I don't manage to make my thing works although it's probably a classic
> > for Nginx users.
> >
> > I have a domain https://example.org <https://example.org>
> >
> > What I want is this
> > https://example.org <https://example.org >goes on reverse proxy =>
> server1 (10.10.10.10) to
> > the application /var/www/htdocs/app1
> > https://example.org/app2 <https://example.org/app2 >goes on reverse
> proxy => server1 (10.10.10.10)
> > to the application /var/www/htdocs/app2
> > So in the latter case the user adds /app2 and the flow is redirected to
> > the /var/www/htdocs/app2 directory
> >
> > First the reverse proxy, I wrote this
> > ##
> > # App1
> > ##
> > location / {
> > proxy_pass http://10.10.10.10:80; <http://10.10.10.10:80;>
> > proxy_redirect off;
> > proxy_set_header Host $http_host;
> > proxy_set_header X-Real-IP $remote_addr;
> > proxy_set_header X-Forwarded-For
> > $proxy_add_x_forwarded_for;
> > proxy_set_header Referer
> > "http://example.org <http://example.org>";
> > #proxy_set_header Upgrade $http_upgrade;
> > #proxy_pass_header Set-Cookie;
> > }
> > ##
> > # App2
> > ##
> > location /app2 {
> > proxy_pass http://10.10.10.10:80; <http://10.10.10.10:80;>
> > proxy_redirect off;
> > proxy_set_header Host $http_host;
> > proxy_set_header X-Real-IP $remote_addr;
> > proxy_set_header X-Forwarded-For
> > $proxy_add_x_forwarded_for;
> > proxy_set_header Referer
> > "http://example.org <http://example.org>";
> > #proxy_set_header Upgrade $http_upgrade;
> > #proxy_pass_header Set-Cookie;
> > }
> >
> >
> > Second the back end server
> > server {
> > listen 80;
> > server_name example.org;
> > index index.html index.php;
> > root /var/www/htdocs/app1;
> >
> > access_log /var/log/nginx/example.org.access.log;
> > error_log /var/log/nginx/example.org.error.log;
> >
> > location / {
> > try_files $uri $uri/ /index.php$is_args$args;
> >
> > location ~ \.php$ {
> > root /var/www/htdocs/app1;
> > fastcgi_pass unix:/run/php-fpm.app1.sock;
> > fastcgi_read_timeout 700;
> > fastcgi_split_path_info ^(.+\.php)(/.+)$;
> > fastcgi_index index.php;
> > fastcgi_param SCRIPT_FILENAME
> > $document_root$fastcgi_script_name;
> > include fastcgi_params;
> > }
> > }
> >
> > location /app2 {
> > try_files $uri $uri/ /index.php$is_args$args;
> >
> > location ~ \.php$ {
> > root /var/www/htdocs/app2;
> > fastcgi_pass unix:/run/php-fpm.app1.sock;
> > fastcgi_read_timeout 700;
> > fastcgi_split_path_info ^(.+\.php)(/.+)$;
> > fastcgi_index index.php;
> > fastcgi_param SCRIPT_FILENAME
> > $document_root$fastcgi_script_name;
> > include fastcgi_params;
> > }
> > }
> > }
> >
> > The result I have right now is that I can access app1 with
> > http://example.org, <http://example.org, >but i cannot access app2
> with http://example.org/app2 <http://example.org/app2>
> >
> > Also what is the best practice on the backend server:
> > - should I make one single virtual host with two location statements
> > like I did or 2 virtual hosts with a fake name like
> > internal.app1.example.org and internal.app2.example.org ?
> > - can I mutualise the location ~ \.php$ between the two ?
> > - Should I copy access_log and error_log in the location /app2
> statement ?
> >
> > By the way, app1 and app2 are the same application/program but sometimes
> > I want another instance or test app version 1, app version 2 etc.
> >
> > What I tend to do in the past is to have
> > app1.example.org
> > app2.example.org
> > The problem is that it makes me use multiple certificates.
> > Here I want to group all the applications behind one domain name
> > example.org with one certificate and then access different applications
> > with example.org/app1, example.org/app2
> >
> > Thank you
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > nginx mailing list -- nginx at nginx.org <mailto:nginx at nginx.org>
> > To unsubscribe send an email to nginx-leave at nginx.org
> <mailto:nginx-leave at nginx.org>
>
> --
> Ian Hobson
> Tel (+66) 626 544 695
>
> _______________________________________________
> nginx mailing list -- nginx at nginx.org <mailto:nginx at nginx.org>
> To unsubscribe send an email to nginx-leave at nginx.org
> <mailto:nginx-leave at nginx.org>
> _______________________________________________
> nginx mailing list -- nginx at nginx.org <mailto:nginx at nginx.org>
> To unsubscribe send an email to nginx-leave at nginx.org
> <mailto:nginx-leave at nginx.org>
>
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org
--
Ian Hobson
Tel (+66) 626 544 695
More information about the nginx
mailing list