nginx is redirecting to wrong server context
Jeremy Cocks
jeremy at jeremy.cx
Thu Nov 16 01:26:11 UTC 2023
Hello
> and found that it is always redirecting to the first server configured in
the nginx.conf file.
This is expected behaviour when you have not defined a default_server or
you are not sending the appropriate host header in your request (you are
not confirming how things are set in the http client you are using).
The default behaviour is defined here:
https://nginx.org/en/docs/http/request_processing.html
> In this configuration nginx tests only the request’s header field “Host”
to determine which server the request should be routed to. If its value
does not match any server name, or the request does not contain this header
field at all, then nginx will route the request to the default server for
this port. In the configuration above, the default server is the first
one — which is nginx’s standard default behaviour. It can also be set
explicitly which server should be default, with the default_server parameter
in the listen
<https://nginx.org/en/docs/http/ngx_http_core_module.html#listen> directive.
I am assuming you want the default to be:
mcr.itt.aws.oprd.com.au
thus change the listen parameters on its server block:
server {
listen 443 ssl default_server;
listen 80 default_server;
server_name mcr.itt.aws.oprd.com.au;
…
<Rest of your config>
}
Cheers
J
On Wed, 15 Nov 2023 at 23:44, Raman Meenakshisundaram via nginx <
nginx at nginx.org> wrote:
> Hi
>
> I am trying to download a docker image through nginx, and found that it is
> always redirecting to the first server configured in the nginx.conf file.
>
>
>
> I am doing a podman pull "podman pull --tls-verify=false
> mcr.itt.aws.orpd.com.au/devcontainers/python:dev-3.9-buster" but it is
> wrongly going to docker-alice.itt.aws.oprd.com.au
>
>
>
> We have setup route53 record in AWS already.
>
>
>
> Below is the nginx.conf file content:
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>
>
> For more information on configuration, see:
>
> # * Official English Documentation: http://nginx.org/en/docs/
>
> # * Official Russian Documentation: http://nginx.org/ru/docs/
>
>
>
> user nginx;
>
> #worker_processes auto;
>
> worker_processes 4;
>
> worker_rlimit_nofile 4096;
>
> error_log /var/log/nginx/error.log;
>
> pid /run/nginx.pid;
>
>
>
> # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
>
> include /usr/share/nginx/modules/*.conf;
>
>
>
> events {
>
> worker_connections 4096;
>
> }
>
>
>
> http {
>
>
>
> proxy_send_timeout 120;
>
> proxy_read_timeout 300;
>
> proxy_connect_timeout 300;
>
> proxy_buffering off;
>
> proxy_request_buffering off;
>
> # allow large uploads of files
>
> client_max_body_size 1G;
>
> keepalive_timeout 5 5;
>
> tcp_nodelay on;
>
>
>
> map $upstream_http_docker_distribution_api_version
> $docker_distribution_api_version {
>
> '' 'registry/2.0';
>
> }
>
>
>
> server {
>
> listen 443 ssl;
>
> listen 80;
>
> server_name docker-alice.itt.aws.oprd.com.au;
>
>
>
> ssl_certificate /etc/nginx/ssl/selfsigned_wildcard_san_cert.crt;
>
> ssl_certificate_key
> /etc/nginx/ssl/privatekey_selfsigned_wildcard_san.pem;
>
>
>
> # Docker /v2 and /v1 (for search) requests
>
> resolver 10.78.128.2:53 valid=300s ipv6=off;
>
> resolver_timeout 10s;
>
>
>
> location /v2 {
>
> proxy_set_header Host $host:$server_port;
>
> proxy_set_header X-Real-IP $remote_addr;
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> proxy_set_header X-Forwarded-Proto "https";
>
> set $backend "nexus.itt.aws.oprd.com.au";
>
> proxy_pass
> https://$backend/repository/proxy-to-nonprod-hosted$request_uri;
>
> #proxy_pass
> https://nexus.itt.aws.oprd.com.au/repository/proxy-to-nonprod-hosted/$request_uri
> ;
>
> }
>
> location /v1 {
>
> proxy_set_header Host $host:$server_port;
>
> proxy_set_header X-Real-IP $remote_addr;
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> proxy_set_header X-Forwarded-Proto "https";
>
> set $backend "nexus.itt.aws.orpd.com.au";
>
> proxy_pass
> https://$backend/repository/proxy-to-nonprod-hosted$request_uri;
>
> #proxy_pass
> https://nexus.itt.aws.oprd.com.au/repository/proxy-to-nonprod-hosted/$request_uri
> ;
>
> }
>
> location / {
>
> proxy_set_header Host $host:$server_port;
>
> proxy_set_header X-Real-IP $remote_addr;
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> proxy_set_header X-Forwarded-Proto "https";
>
> set $backend "nexus.itt.aws.oprd.com.au";
>
> proxy_pass https://$backend/;
>
> #proxy_pass https://nexus.itt.aws.oprd.com.au/;
>
> }
>
> }
>
> server {
>
> listen 443 ssl;
>
> listen 80;
>
> server_name mcr.itt.aws.oprd.com.au;
>
>
>
> ssl_certificate /etc/nginx/ssl/selfsigned_wildcard_san_cert.crt;
>
> ssl_certificate_key
> /etc/nginx/ssl/privatekey_selfsigned_wildcard_san.pem;
>
>
>
> # Docker /v2 and /v1 (for search) requests
>
> resolver 10.78.128.2:53 valid=300s ipv6=off;
>
> resolver_timeout 10s;
>
>
>
> location /v2 {
>
> proxy_set_header Host $host:$server_port;
>
> proxy_set_header X-Real-IP $remote_addr;
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> proxy_set_header X-Forwarded-Proto "https";
>
> set $backend "nexus.itt.aws.oprd.com.au";
>
> proxy_pass https://$backend/repository/mcr-proxy$request_uri;
>
> }
>
> location /v1 {
>
> proxy_set_header Host $host:$server_port;
>
> proxy_set_header X-Real-IP $remote_addr;
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> proxy_set_header X-Forwarded-Proto "https";
>
> set $backend "nexus.itt.aws.orpd.com.au";
>
> proxy_pass https://$backend/repository/mcr-proxy$request_uri;
>
> }
>
> location / {
>
> proxy_set_header Host $host:$server_port;
>
> proxy_set_header X-Real-IP $remote_addr;
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> proxy_set_header X-Forwarded-Proto "https";
>
> set $backend "nexus.itt.aws.oprd.com.au";
>
> proxy_pass https://$backend/;
>
> #proxy_pass https://nexus.itt.aws.oprd.com.au/;
>
> }
>
> }
>
> }
>
> *********************************************************************
> We acknowledge the traditional custodians of the land on which we meet,
> work
> and live. We pay our respects to the ancestors and Elders, past and
> present.
>
> The information in this email and any attachments may contain
> confidential, privileged
> or copyright material belonging to us, related entities or third parties.
> If you are not
> the intended recipient you are prohibited from disclosing this
> information. If you
> have received this email in error, please contact the sender immediately
> by return
> email or phone and delete it. We apologise for any inconvenience caused.
> We use
> security software but do not guarantee this email is free from viruses.
> You assume
> responsibility for any consequences arising from the use of this email.
> This email
> may contain personal views of the sender not authorised by us.
> *********************************************************************
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20231116/7bb62548/attachment-0001.htm>
More information about the nginx
mailing list