Hello, no right now i have single nsd with many subdomains clients, without docker.
For example: sub1.domain.com, sub2.domain.com etc. What i want is to move each one of this subdomains to a separeted docker container. But I need to move them one by one, because I still testing my application on docker, so I want to move for example sub1 today test it, next time sub2 test it and so on. While im working on one subdomain i still want to serve other subdomains. So my idea was to move host's nsd to other ports 8080 and 8443 and install nginx reverse proxy, so i can redirect some subdomains to host's nsd and some to dockerized nsd. Thanj you On Tue, 5 Mar 2024, 18:08 Gustaf Neumann (sslmail), <neum...@wu.ac.at> wrote: > Hi Maxsym, > > if i understand correctly, you are sending from the docker host requests > to a single dockerized nginx instance, that forwards these requests to a > single dockerized nsd backend instance. The nginx instance distinguishes > the incoming requests to the same port based on the host header field. And > the same should happen as well on the backend (nsd). > > Is this a correct understanding of your setup? > > This is somewhat unusual, since typically one uses nginx to forward > requests to multiple backend instances. So i am not sure, why you are doing > this. I am not an nginx expert, but my suspicion is that one does not need > 2 nginx “server” definitions for this. > > The problem that you are seeing is that on the backend, you see always the > same host header field, which is used for virtual hosting. Correct? > > Maybe install for your backend servers the following script e.g. under the > name “info.tcl” and show the result of “curl -H ….” requests, and what you > are expecting. > > all the best > -g > > ns_return 200 text/plain [subst [ns_trim -delimiter | { > |[join [lmap {key value} [ns_set array [ns_conn headers]] {set _ > "$key: $value\n"}] ""] > | > > |ns_conn host: [ns_conn host] > > |ns_conn peer: [ns_conn peeraddr] > |ns_conn peer -source configured: [ns_conn peeraddr -source > configured] > |ns_conn peer -source direct: [ns_conn peeraddr -source direct] > > |ns_conn peer -source forwarded: [ns_conn peeraddr -source forwarded] > > }]] > > > > On 04.03.2024, at 11:45, Maksym Zinchenko <siqsu...@gmail.com> wrote: > > I have a Naviserver with a couple of virtual web servers listening on a > single ip:port. I want to move all those virtual servers to Docker > containers gradually. So I'm trying to install Nginx Reverse Proxy on my > Docker container and configure it to redirect requests to my host > Naviserver. > > I've changed my Naviserver config to listen to 8080 and 8443 ports on > docker host gateway IP: > > /opt/ns/bin/nsd -w -u nsadmin -t /opt/ns/conf/dz_nsd.tcl -b >> 172.17.0.1:8080,172.17.0.1:8443 > > > In my Nginx config I have 2 listeners one for dev and dummy1 subdomains: > > server { >> listen 80; >> server_name dev.daidze.org; >> >> location / { >> proxy_set_header X-Real-IP $remote_addr; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> proxy_set_header Host $http_host; >> proxy_set_header X-Forwarded-Proto $scheme; >> proxy_pass http://172.17.0.1:8080/; >> } >> } >> >> server { >> listen 443 ssl; >> server_name dev.daidze.org; >> ssl_certificate /opt/ns/modules/nsssl/fullchain.pem; >> ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem; >> ssl_prefer_server_ciphers on; >> >> location / { >> proxy_set_header X-Real-IP $remote_addr; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> proxy_set_header Host $http_host; >> proxy_set_header X-Forwarded-Proto $scheme; >> proxy_pass https://172.17.0.1:8443/; >> } >> } >> >> server { >> listen 80; >> server_name dummy1.daidze.org; >> >> location / { >> proxy_set_header X-Real-IP $remote_addr; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> proxy_set_header Host $http_host; >> proxy_set_header X-Forwarded-Proto $scheme; >> proxy_pass http://172.17.0.1:8080/; >> } >> } >> >> server { >> listen 443 ssl; >> server_name dummy1.daidze.org; >> ssl_certificate /opt/ns/modules/nsssl/fullchain.pem; >> ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem; >> ssl_prefer_server_ciphers on; >> >> location / { >> proxy_set_header X-Real-IP $remote_addr; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> proxy_set_header Host $http_host; >> proxy_set_header X-Forwarded-Proto $scheme; >> proxy_pass https://172.17.0.1:8443/; >> } >> } > > > I'm using proxy_set_header Host $http_host; to redirect the headers real > Host parameter to my host Naviserver installation, but I'm getting response > only from the dev Virtual server. It doesn't matter what url I request > dev.daidze.org or dummy1.daidze.org. Here an example of request to > https://dummy1.daidze.org/ : > > dev server >> X-Real-IP: 172.64.238.37 >> X-Forwarded-For: 165.90.99.154, 172.64.238.37 >> Host: dummy1.daidze.org >> X-Forwarded-Proto: https >> Connection: close >> accept-encoding: gzip, br >> CF-RAY: 85f13d442cd66671-MAD >> CF-Visitor: {"scheme":"https"} >> user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) >> Gecko/20100101 Firefox/123.0 >> accept: >> text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 >> >> accept-language: en-US,en;q=0.5 >> upgrade-insecure-requests: 1 >> sec-fetch-dest: document >> sec-fetch-mode: navigate >> sec-fetch-site: none >> sec-fetch-user: ?1 >> sec-gpc: 1 >> pragma: no-cache >> cache-control: no-cache >> CF-Connecting-IP: 165.90.99.154 >> CDN-Loop: cloudflare >> CF-IPCountry: CV > > > What am I doing wrong? According to Naviserver docs redirection is done > based on the content of the *host* header field. Right? So this should > work. > > Thank you, > Maksym > _______________________________________________ > naviserver-devel mailing list > naviserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > > > _______________________________________________ > naviserver-devel mailing list > naviserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/naviserver-devel >
_______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel