Hi Maxsym,
if i understand correctly, you are sending from the docker host requests to a
single dockerized nginx instance, that forwards these requests to a single
dockerized nsd backend instance. The nginx instance distinguishes the incoming
requests to the same port based on the host header field. And the same should
happen as well on the backend (nsd).
Is this a correct understanding of your setup?
This is somewhat unusual, since typically one uses nginx to forward requests to
multiple backend instances. So i am not sure, why you are doing this. I am not
an nginx expert, but my suspicion is that one does not need 2 nginx “server”
definitions for this.
The problem that you are seeing is that on the backend, you see always the same
host header field, which is used for virtual hosting. Correct?
Maybe install for your backend servers the following script e.g. under the name
“info.tcl” and show the result of “curl -H ….” requests, and what you are
expecting.
all the best
-g
ns_return 200 text/plain [subst [ns_trim -delimiter | {
|[join [lmap {key value} [ns_set array [ns_conn headers]] {set _ "$key:
$value\n"}] ""]
|
|ns_conn host: [ns_conn host]
|ns_conn peer: [ns_conn peeraddr]
|ns_conn peer -source configured: [ns_conn peeraddr -source configured]
|ns_conn peer -source direct: [ns_conn peeraddr -source direct]
|ns_conn peer -source forwarded: [ns_conn peeraddr -source forwarded]
}]]
> On 04.03.2024, at 11:45, Maksym Zinchenko <siqsu...@gmail.com> wrote:
>
> I have a Naviserver with a couple of virtual web servers listening on a
> single ip:port. I want to move all those virtual servers to Docker containers
> gradually. So I'm trying to install Nginx Reverse Proxy on my Docker
> container and configure it to redirect requests to my host Naviserver.
>
> I've changed my Naviserver config to listen to 8080 and 8443 ports on docker
> host gateway IP:
>
>> /opt/ns/bin/nsd -w -u nsadmin -t /opt/ns/conf/dz_nsd.tcl -b 172.17.0.1:8080
>> <http://172.17.0.1:8080/>,172.17.0.1:8443 <http://172.17.0.1:8443/>
> In my Nginx config I have 2 listeners one for dev and dummy1 subdomains:
>
>> server {
>> listen 80;
>> server_name dev.daidze.org <http://dev.daidze.org/>;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_pass http://172.17.0.1:8080/;
>> }
>> }
>>
>> server {
>> listen 443 ssl;
>> server_name dev.daidze.org <http://dev.daidze.org/>;
>> ssl_certificate /opt/ns/modules/nsssl/fullchain.pem;
>> ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem;
>> ssl_prefer_server_ciphers on;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_pass https://172.17.0.1:8443/;
>> }
>> }
>>
>> server {
>> listen 80;
>> server_name dummy1.daidze.org <http://dummy1.daidze.org/>;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_pass http://172.17.0.1:8080/;
>> }
>> }
>>
>> server {
>> listen 443 ssl;
>> server_name dummy1.daidze.org <http://dummy1.daidze.org/>;
>> ssl_certificate /opt/ns/modules/nsssl/fullchain.pem;
>> ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem;
>> ssl_prefer_server_ciphers on;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_pass https://172.17.0.1:8443/;
>> }
>> }
>
> I'm using proxy_set_header Host $http_host; to redirect the headers real Host
> parameter to my host Naviserver installation, but I'm getting response only
> from the dev Virtual server. It doesn't matter what url I request
> dev.daidze.org <http://dev.daidze.org/> or dummy1.daidze.org
> <http://dummy1.daidze.org/>. Here an example of request to
> https://dummy1.daidze.org/ :
>
>> dev server
>> X-Real-IP: 172.64.238.37
>> X-Forwarded-For: 165.90.99.154, 172.64.238.37
>> Host: dummy1.daidze.org <http://dummy1.daidze.org/>
>> X-Forwarded-Proto: https
>> Connection: close
>> accept-encoding: gzip, br
>> CF-RAY: 85f13d442cd66671-MAD
>> CF-Visitor: {"scheme":"https"}
>> user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0)
>> Gecko/20100101 Firefox/123.0
>> accept:
>> text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
>>
>> accept-language: en-US,en;q=0.5
>> upgrade-insecure-requests: 1
>> sec-fetch-dest: document
>> sec-fetch-mode: navigate
>> sec-fetch-site: none
>> sec-fetch-user: ?1
>> sec-gpc: 1
>> pragma: no-cache
>> cache-control: no-cache
>> CF-Connecting-IP: 165.90.99.154
>> CDN-Loop: cloudflare
>> CF-IPCountry: CV
>
> What am I doing wrong? According to Naviserver docs redirection is done based
> on the content of the host header field. Right? So this should work.
>
> Thank you,
> Maksym
> _______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
