0

I have the following scenario:

  • Nginx server, on IP xxx.xxx.xxx.xx1
  • app1, on IP xxx.xxx.xxx.xx2:3000
  • app2, on IP xxx.xxx.xxx.xx3:5000
  • app3, on IP xxx.xxx.xxx.xx4

I want all apps to be accessible via Nginx, like this:

  • app1 > xxx.xxx.xxx.xx1/app1/
  • app2 > xxx.xxx.xxx.xx1/app2/
  • app3 > xxx.xxx.xxx.xx1/app3/

All apps are in the same network and the IPs are local. The end goal here is to have all apps accessible through a domain that will point to the public IP for the Nginx server. But so far I am trying to get them working on local IPs.

I've been trying for some time now and so far, I came up with this:

server {
    listen 80;
    server_name xxx.xxx.xxx.xx1;

    location /app1/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass https://xxx.xxx.xxx.xx2:3000/;
    }

    location /app2/ {        
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass https://xxx.xxx.xxx.xx3:5000/;
    }

    location /app3/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://xxx.xxx.xxx.xx4/;
    }

    location / {
        rewrite ^/(.*) /app1/$1 last;
    }
}

The problem is that in this case, I can access app1 on xxx.xxx.xxx.xx1/app1/login (just xxx.xxx.xxx.xx1/app1/ does not work). And since this makes sense, we tried a few different things to get them all accessible, but no luck.

location ~ ^/(app1|app2|app3)/ {
    set $route $1;
    rewrite ^/(app1|app2|app3)(/.*)$ $2 break;
    proxy_pass http://xxx.xxx.xxx.xx1/$route;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Also this:

location / {
    rewrite ^/app1/(.*)$ /app1/$1 last;
    rewrite ^/app2/(.*)$ /app2/$1 last;
    rewrite ^/app3/(.*)$ /app3/$1 last;

    proxy_pass http://xxx.xxx.xxx.xx1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location ~ ^/(app1|app2|app3)/ {
    set $route $1;
    rewrite ^/(app1|app2|app3)(/.*)$ $2 break;
    proxy_pass http://xxx.xxx.xxx.xx1/$route;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

And also something like this:

server {
    listen 80;
    server_name 192.168.1.220;

    location /app1/ {
        rewrite ^/app1/(.*)$ /$1 break;
        proxy_pass https://xxx.xxx.xxx.xx2:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /app2/ {
        rewrite ^/app2/(.*)$ /$1 break;
        proxy_pass https://xxx.xxx.xxx.xx3:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /app3/ {
        rewrite ^/app3/(.*)$ /$1 break;
        proxy_pass http://xxx.xxx.xxx.xx4;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location ~ ^/(app1|app2|app3)/ {
        set $route $1;
        rewrite ^/(app1|app2|app3)(/.*)$ $2 break;
        # Proxy the request to the corresponding backend server
        proxy_pass http://xxx.xxx.xxx.xx1/$route;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        return 404;
    }
}

Any thoughts on what am I doing wrong here?

Another problem I am encountering is that, even though app1 seems to be somewhat working on xxx.xxx.xxx.xx1/app1/, every link in the app redirects to xxx.xxx.xxx.xx1/new-page/, instead of xxx.xxx.xxx.xx1/app1/new-page.

Any ideas on how can this be fix through Nginx instead of through changing the links in the app?

4
  • 1
    is your application a secret or has it no name, because it mostly makes research easier when using google
    – djdomi
    Commented Mar 20 at 19:21
  • 2
    Does this answer your question? How can I forward requests from my web server? Commented Mar 20 at 19:38
  • @djdomi No, not really. But they are custom made for our client and don't have a name yet. That's up for them to decide.
    – daydr3am3r
    Commented Mar 21 at 21:27
  • @GeraldSchneider Thanks. I will give it a try, see where it takes me.
    – daydr3am3r
    Commented Mar 21 at 21:27

1 Answer 1

1

Took me a while but I managed to get it done. Here's how I did it, in case someone else needs something similar. In this case, the externalapp and externalapptest represent app3 (test and production)

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    include snippets/self-signed.conf;
    include snippets/ssl-params.conf;
    
    server_name nginx.server.com;

    location /app1/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass https://appstests.server.com:3000/;
    }

    location /app2/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass https://appstests.server.com:5900/;
     }
    
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;

        # X-Forwarded headers
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;

        # Proxy specific variables
        proxy_redirect off;
        proxy_read_timeout 60m;
        proxy_send_timeout 60m;
        proxy_http_version 1.1;
        proxy_connect_timeout 5s;

        # Add support for websockets
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        add_header X-Frame-Options "SAMEORIGIN";

        # proxy_buffering should be on for all but very rare cases
        proxy_buffering on;

        # proxy_buffers should not exceed 63
        proxy_buffers 63 128k;
        proxy_buffer_size 128k;

        proxy_pass https://externalapptest.server.com;
    }
    
    location /internal_authentication/ {
        proxy_set_header Host $http_host;

        proxy_http_version 1.1;
        proxy_set_header Connection '';

        proxy_pass https://externalapptest.server.com;
    }

    location /externalapptest/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;

        # X-Forwarded headers
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;

        # Proxy specific variables
        proxy_redirect off;
        proxy_read_timeout 60m;
        proxy_send_timeout 60m;
        proxy_http_version 1.1;
        proxy_connect_timeout 5s;

        # Add support for websockets
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        # proxy_buffering should be on for all but very rare cases
        proxy_buffering on;

        # proxy_buffers should not exceed 63
        proxy_buffers 63 128k;
        proxy_buffer_size 128k;

        proxy_pass https://externalapptest.server.com;
    }
    
    location /externalapptest/internal_authentication/ {
        proxy_set_header Host $http_host;

        proxy_http_version 1.1;
        proxy_set_header Connection '';

        proxy_pass https://externalapptest.server.com;
    }

    location /externalapp/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;

        # X-Forwarded headers
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https; 

        # Proxy specific variables
        proxy_redirect off;
        proxy_read_timeout 60m;
        proxy_send_timeout 60m;
        proxy_http_version 1.1;
        proxy_connect_timeout 5s;

        # Add support for websockets
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        # proxy_buffering should be on for all but very rare cases
        proxy_buffering on;

        # proxy_buffers should not exceed 63
        proxy_buffers 63 128k;
        proxy_buffer_size 128k;

        proxy_pass https://externalapp.server.com;
    }
    
    location /externalapp/internal_authentication/ {
        proxy_set_header Host $http_host;

        proxy_http_version 1.1;
        proxy_set_header Connection '';

        proxy_pass https://externalapp.server.com;
    }
}

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .