Hello, no right now i have single nsd with many subdomains clients, without
docker.
For example: sub1.domain.com, sub2.domain.com etc. What i want is to move
each one of this subdomains to a separeted docker container. But I need to
move them one by one, because I still testing my application on docker, so
I want to move for example sub1 today test it, next time sub2 test it and
so on.
While im working on one subdomain i still want to serve other subdomains.
So my idea was to move host's nsd to other ports 8080 and 8443 and install
nginx reverse proxy, so i can redirect some subdomains to host's nsd and
some to dockerized nsd.
Thanj you
On Tue, 5 Mar 2024, 18:08 Gustaf Neumann (sslmail), <neum...@wu.ac.at>
wrote:
> Hi Maxsym,
>
> if i understand correctly, you are sending from the docker host requests
> to a single dockerized nginx instance, that forwards these requests to a
> single dockerized nsd backend instance. The nginx instance distinguishes
> the incoming requests to the same port based on the host header field. And
> the same should happen as well on the backend (nsd).
>
> Is this a correct understanding of your setup?
>
> This is somewhat unusual, since typically one uses nginx to forward
> requests to multiple backend instances. So i am not sure, why you are doing
> this. I am not an nginx expert, but my suspicion is that one does not need
> 2 nginx “server” definitions for this.
>
> The problem that you are seeing is that on the backend, you see always the
> same host header field, which is used for virtual hosting. Correct?
>
> Maybe install for your backend servers the following script e.g. under the
> name “info.tcl” and show the result of “curl -H ….” requests, and what you
> are expecting.
>
> all the best
> -g
>
> ns_return 200 text/plain [subst [ns_trim -delimiter | {
> |[join [lmap {key value} [ns_set array [ns_conn headers]] {set _
> "$key: $value\n"}] ""]
> |
>
> |ns_conn host: [ns_conn host]
>
> |ns_conn peer: [ns_conn peeraddr]
> |ns_conn peer -source configured: [ns_conn peeraddr -source
> configured]
> |ns_conn peer -source direct: [ns_conn peeraddr -source direct]
>
> |ns_conn peer -source forwarded: [ns_conn peeraddr -source forwarded]
>
> }]]
>
>
>
> On 04.03.2024, at 11:45, Maksym Zinchenko <siqsu...@gmail.com> wrote:
>
> I have a Naviserver with a couple of virtual web servers listening on a
> single ip:port. I want to move all those virtual servers to Docker
> containers gradually. So I'm trying to install Nginx Reverse Proxy on my
> Docker container and configure it to redirect requests to my host
> Naviserver.
>
> I've changed my Naviserver config to listen to 8080 and 8443 ports on
> docker host gateway IP:
>
> /opt/ns/bin/nsd -w -u nsadmin -t /opt/ns/conf/dz_nsd.tcl -b
>> 172.17.0.1:8080,172.17.0.1:8443
>
>
> In my Nginx config I have 2 listeners one for dev and dummy1 subdomains:
>
> server {
>> listen 80;
>> server_name dev.daidze.org;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_pass http://172.17.0.1:8080/;
>> }
>> }
>>
>> server {
>> listen 443 ssl;
>> server_name dev.daidze.org;
>> ssl_certificate /opt/ns/modules/nsssl/fullchain.pem;
>> ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem;
>> ssl_prefer_server_ciphers on;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_pass https://172.17.0.1:8443/;
>> }
>> }
>>
>> server {
>> listen 80;
>> server_name dummy1.daidze.org;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_pass http://172.17.0.1:8080/;
>> }
>> }
>>
>> server {
>> listen 443 ssl;
>> server_name dummy1.daidze.org;
>> ssl_certificate /opt/ns/modules/nsssl/fullchain.pem;
>> ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem;
>> ssl_prefer_server_ciphers on;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_pass https://172.17.0.1:8443/;
>> }
>> }
>
>
> I'm using proxy_set_header Host $http_host; to redirect the headers real
> Host parameter to my host Naviserver installation, but I'm getting response
> only from the dev Virtual server. It doesn't matter what url I request
> dev.daidze.org or dummy1.daidze.org. Here an example of request to
> https://dummy1.daidze.org/ :
>
> dev server
>> X-Real-IP: 172.64.238.37
>> X-Forwarded-For: 165.90.99.154, 172.64.238.37
>> Host: dummy1.daidze.org
>> X-Forwarded-Proto: https
>> Connection: close
>> accept-encoding: gzip, br
>> CF-RAY: 85f13d442cd66671-MAD
>> CF-Visitor: {"scheme":"https"}
>> user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0)
>> Gecko/20100101 Firefox/123.0
>> accept:
>> text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
>>
>> accept-language: en-US,en;q=0.5
>> upgrade-insecure-requests: 1
>> sec-fetch-dest: document
>> sec-fetch-mode: navigate
>> sec-fetch-site: none
>> sec-fetch-user: ?1
>> sec-gpc: 1
>> pragma: no-cache
>> cache-control: no-cache
>> CF-Connecting-IP: 165.90.99.154
>> CDN-Loop: cloudflare
>> CF-IPCountry: CV
>
>
> What am I doing wrong? According to Naviserver docs redirection is done
> based on the content of the *host* header field. Right? So this should
> work.
>
> Thank you,
> Maksym
> _______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
>
>
> _______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
>
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
