Re: Reverse proxy for multiple domains
On Mon, May 21, 2018 at 01:57:07PM +, Mik J via nginx wrote:
Hi there,
> I would like to know what is the best practice to setup a web proxy.
>
> I do it like this
> - 1 virtual host per application on the reverse proxy and the proxy_pass
> points to one IP+path
> - 1 virtual host (default) for all application on the backend server but one
> location stanza per application
>
> The problem is that I meet many problems with installation of application:
> magento, glpi, etc
If the problem is *installing* the applications, that might be a
question for the application list. If the problem is *reverse-proxying*
the applications, that might be a question for the nginx list.
It is good to be clear about what the specific problem you are seeing is.
> Is it the correct way to do it ?
It is usually easiest if the front-end /prefix and the back-end /prefix
are identical.
So if the back-end application is happy being installed at /application1/,
then the front-end should reverse-proxy from frontend/application1/ to
upstream1/application1/. In that case, multiple applications could all be
on the same frontend server{}, or on different ones. If different ones,
then it can redirect from / to /application1/ if that is simplest.
If the back-end application insists on being installed at /, then the
front-end should reverse-proxy from frontend/ to upstream2/. In that case,
you will probably need multiple frontend server{}s; one for each similar
application.
> location ^~ / {
> proxy_pass http://10.1.1.10:80/app/application1/;
"/" to "/app/application1/" is possible, but it is easy for things to
go wrong.
For example: if the application returns a link to
/app/application1/file, the next request to the upstream might be to
/app/application1/app/application1/file, which may not work as desired.
> server {
> listen 80 default_server;
This config looks generally right, if it is the correct way to install
this application...
> server_name _;
> index index.html index.htm index.php;
> root /var/www/htdocs;
> location ^~ /app/application1 {
> root /var/www;
> index index.php;
> location ~ \.php$ {
Note, though, that:
> root /var/www;
> try_files $uri =404;
those two lines...
> fastcgi_pass unix:/run/php-fpm.application1.sock;
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> fastcgi_index index.php;
and those two lines, probably do not do anything useful here.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Reverse proxy for multiple domains
Hello,
Sorry if I'm asking again a question on the same topic.
I would like to know what is the best practice to setup a web proxy.
I do it like this
- 1 virtual host per application on the reverse proxy and the proxy_pass points
to one IP+path
- 1 virtual host (default) for all application on the backend server but one
location stanza per application
The problem is that I meet many problems with installation of application:
magento, glpi, etc
Is it the correct way to do it ?
On this reverse proxy I have a virtual host which looks like that
server {
listen 80;
server_name application1.org;
access_log /var/log/nginx/application1.org.access.log;
error_log /var/log/nginx/application1.org.error.log;
...
location ^~ / {
proxy_pass http://10.1.1.10:80/app/application1/;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
On the web server behind the proxy I just have one virtual host which is the
default one
server {
listen 80 default_server;
server_name _;
index index.html index.htm index.php;
root /var/www/htdocs;
location ^~ /app/application1 {
root /var/www;
index index.php;
location ~ \.php$ {
root /var/www;
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm.application1.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Le mercredi 30 août 2017 à 19:57:40 UTC+2, Francis Daly
a écrit :
On Sun, Aug 27, 2017 at 11:27:05AM +, Mik J via nginx wrote:
Hi there,
> > Thats because the pages are called by the reverse proxy server
> > like http://10.1.1.10:80/app/application1/;and it can't use a FQDN
> > because it's in a private adressing
> Francis: I don't follow that last part.=> I mean that the reverse proxy uses
> an IP to connect to the backend web server. If it used a fqdn, it has to
> resolve it, through a dns request
The backend web server can care about the IP:port you connect to, and
the Host: header you send.
You can connect to 10.1.1.10:80 and send a Host: header of "app1" if
you want to. No dns resolution involved.
Anyway, it sounds like you have this part working now; so that's good.
> I still have problems, the site doesn't diplay properly because it can't load
> a javascript
> The request for the javascript looks like
> thathttp://application1.org/?wooslider-javascript=load=1503832510=1.0.0
> HTTP/1.1It arrives on the backend server I see it in the logs (file specified
> in the stanza location)
> 10.1.1.10 forwarded for IP_CLIENT - - [27/Aug/2017:13:15:12 +0200] "GET
> /app1/?wooslider-javascript=load=1503832510=1.0.0 HTTP/1.1" 404 5
> "http://application1.org/; "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0)
> Gecko/20100101 Firefox/54.0"
A request for /?some-thing came to nginx; nginx reverse-proxied the request
as /app1/?same-thing. That is all you want nginx to do, so it is working.
If your back-end wordpress handles that request incorrectly, that is a
question for your back-end wordpress configuration.
People on this list who know about wordpress configuration are more
likely to see the question if it is in a new thread with words like
"wordpress" in the Subject: line.
(If the actual question is "why does my browser request /?some-thing
instead of /thing.js ?", that might also be related to the back-end
config.)
> Another question, if I want to set expires header, would it be better to do
> it on the reverse proxy or on the backend server ?
Again, I'd suggest that people who know about "wordpress" and "expires"
are much more likely to see that question if it is in a thread with an
obvious Subject: line.
Good luck with it!
f
--
Francis Daly fran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Reverse proxy for multiple domains
On Sun, Aug 27, 2017 at 11:27:05AM +, Mik J via nginx wrote: Hi there, > > Thats because the pages are called by the reverse proxy server > > like http://10.1.1.10:80/app/application1/;and it can't use a FQDN > > because it's in a private adressing > Francis: I don't follow that last part.=> I mean that the reverse proxy uses > an IP to connect to the backend web server. If it used a fqdn, it has to > resolve it, through a dns request The backend web server can care about the IP:port you connect to, and the Host: header you send. You can connect to 10.1.1.10:80 and send a Host: header of "app1" if you want to. No dns resolution involved. Anyway, it sounds like you have this part working now; so that's good. > I still have problems, the site doesn't diplay properly because it can't load > a javascript > The request for the javascript looks like > thathttp://application1.org/?wooslider-javascript=load=1503832510=1.0.0 > HTTP/1.1It arrives on the backend server I see it in the logs (file specified > in the stanza location) > 10.1.1.10 forwarded for IP_CLIENT - - [27/Aug/2017:13:15:12 +0200] "GET > /app1/?wooslider-javascript=load=1503832510=1.0.0 HTTP/1.1" 404 5 > "http://application1.org/; "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) > Gecko/20100101 Firefox/54.0" A request for /?some-thing came to nginx; nginx reverse-proxied the request as /app1/?same-thing. That is all you want nginx to do, so it is working. If your back-end wordpress handles that request incorrectly, that is a question for your back-end wordpress configuration. People on this list who know about wordpress configuration are more likely to see the question if it is in a new thread with words like "wordpress" in the Subject: line. (If the actual question is "why does my browser request /?some-thing instead of /thing.js ?", that might also be related to the back-end config.) > Another question, if I want to set expires header, would it be better to do > it on the reverse proxy or on the backend server ? Again, I'd suggest that people who know about "wordpress" and "expires" are much more likely to see that question if it is in a thread with an obvious Subject: line. Good luck with it! f -- Francis Dalyfran...@daoine.org ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Reverse proxy for multiple domains
Hello Francis,
Thank you for your answer.I've done many tests since then and yes indeed the
problem came from the application => wordpress
It's necessary to define these two variables WP_HOME and WP_SITEURL or
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'] in wp-config.php
>From that question> Thats because the pages are called by the reverse proxy
>server
> like http://10.1.1.10:80/app/application1/;and it can't use a FQDN
> because it's in a private adressing
Francis: I don't follow that last part.=> I mean that the reverse proxy uses an
IP to connect to the backend web server. If it used a fqdn, it has to resolve
it, through a dns request
I still have problems, the site doesn't diplay properly because it can't load a
javascript
On the reverse proxyserver {
listen 80;
listen 443 ssl;
server_name application1.org;
...
location / {
location ~ /\.ht { deny all; }
proxy_pass http://10.1.1.10/app1/;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
}
On the backend serverserver {
listen 80 default_server;
server_name _;
index index.php;
root /var/www/htdocs;
...
location /app1 {
root /var/www/htdocs/;
access_log /var/log/nginx/app1.access.log xforwardedLog;
error_log /var/log/nginx/app1.error.log;
index index.php;
try_files $uri $uri/ /app1/index.php$is_args$args; location
~ /\. { deny all; }
gzip off;
location ~ \.php$ {
root /var/www/htdocs;
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm.app1.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
The request for the javascript looks like
thathttp://application1.org/?wooslider-javascript=load=1503832510=1.0.0
HTTP/1.1It arrives on the backend server I see it in the logs (file specified
in the stanza location)
10.1.1.10 forwarded for IP_CLIENT - - [27/Aug/2017:13:15:12 +0200] "GET
/app1/?wooslider-javascript=load=1503832510=1.0.0 HTTP/1.1" 404 5
"http://application1.org/; "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0)
Gecko/20100101 Firefox/54.0"
If I access a file from the internet, it works fine
http://application1.org/wp-content/themes/Avada/images/divider-02.gifSo there's
just a problem with the previous URL
Another question, if I want to set expires header, would it be better to do it
on the reverse proxy or on the backend server ?
Regards
Le Dimanche 20 août 2017 22h08, Francis Daly a écrit :
On Fri, Aug 18, 2017 at 07:01:26AM +, Mik J via nginx wrote:
Hi there,
> What would you do if you had ?
> CLIENT <-> INTERNET <->Reverse_Proxy<->Web_Server
That is the normal case, is it not? So just "use nginx as normal".
> On de web server I just use one default virtual host with multiple
> sections.
I think that if you configure your "back-end" server that way, you are
more likely to have problems reverse proxying than if you configure
"one virtual host = one application".
If you want to reverse-proxy an application installed at one part of its
local url hierarchy, so that it looks like it is installed at another
part of the url hierarchy, then it is your job to make sure that any
part of the content returned that the client browser might interpret as
a url on this server, is correctly relative to the "another part". (It
presumably is by default relative to the "one part".)
Unless the application was written with a config option to make that
job trivial, I think it is easier to have the "public" url and "private"
url be the same.
On your system, you can configure it however you want to.
> Thats because the pages are called by the reverse proxy server
> like http://10.1.1.10:80/app/application1/; and it can't use a FQDN
> because it's in a private adressing
I don't follow that last part.
It can use a hostname if you want it to use a hostname.
I expect that it will be easier for you if you use a hostname, or if
you use two services listening on different ports.
> Is there a way that the reverse proxy connects to 10.1.1.10 but pretend
> the GET/POST queries use application1.org ?
If you can describe the http request that you want the client to make
to nginx; and describe the matching http request that you want nginx to
make to the back-end, it may be clearer what you mean.
> I'd prefer my application would be accessible by www.application1.org than
> www.application1.org/app/application1 like right now
>From the config you have shown, nginx makes the application available
at www.application1.org. It looks to me like it is the back-end
Re: Reverse proxy for multiple domains
On Fri, Aug 18, 2017 at 07:01:26AM +, Mik J via nginx wrote: Hi there, > What would you do if you had ? > CLIENT <-> INTERNET <->Reverse_Proxy<->Web_Server That is the normal case, is it not? So just "use nginx as normal". > On de web server I just use one default virtual host with multiple > sections. I think that if you configure your "back-end" server that way, you are more likely to have problems reverse proxying than if you configure "one virtual host = one application". If you want to reverse-proxy an application installed at one part of its local url hierarchy, so that it looks like it is installed at another part of the url hierarchy, then it is your job to make sure that any part of the content returned that the client browser might interpret as a url on this server, is correctly relative to the "another part". (It presumably is by default relative to the "one part".) Unless the application was written with a config option to make that job trivial, I think it is easier to have the "public" url and "private" url be the same. On your system, you can configure it however you want to. > Thats because the pages are called by the reverse proxy server > like http://10.1.1.10:80/app/application1/; and it can't use a FQDN > because it's in a private adressing I don't follow that last part. It can use a hostname if you want it to use a hostname. I expect that it will be easier for you if you use a hostname, or if you use two services listening on different ports. > Is there a way that the reverse proxy connects to 10.1.1.10 but pretend > the GET/POST queries use application1.org ? If you can describe the http request that you want the client to make to nginx; and describe the matching http request that you want nginx to make to the back-end, it may be clearer what you mean. > I'd prefer my application would be accessible by www.application1.org than > www.application1.org/app/application1 like right now >From the config you have shown, nginx makes the application available at www.application1.org. It looks to me like it is the back-end which causes it to appear at www.application1.org/app/application1. Possibly you should remove "proxy_redirect off;", and remove the "proxy_set_header Host $http_host;" line. Good luck with it, f -- Francis Dalyfran...@daoine.org ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Reverse proxy for multiple domains
On Thu, Aug 10, 2017 at 09:17:14PM +, Mik J via nginx wrote:
Hi there,
> I have application1.org and application2.org.
>
> The client requesting these URLs, arrives one the reverse proxy.
>
> On this reverse proxy I have a virtual host which looks like that
>
> server {
> server_name application1.org;
> location ^~ / {
> proxy_passhttp://10.1.1.10:80/app/application1/;
> }
>
> And another virtual host for application2 which is similar with
>
> proxy_pass http://10.1.1.10:80/app/application2/;
>
>
> The server behind the reverse proxy is the same right now
> 1) Is it the right way to do this ?
I think that trying to reverse-proxy an application at a different part
of the url tree to where the app thinks it is installed, is difficult.
So if application1 believes that it is installed at /app/application1,
I would suggest to expose that to the world. (Or: if you want the world
to see it at /, then configure the internal server so that it is at /
there too.)
Then your external config is mostly just "proxy_pass
http://10.1.1.10:80;;, possibly with "location = / { return 301
/application/app1/; }"
The *internal* config could probably have one server{} for each
application as well.
> 2) When I access the application from Internet using application1.org, I am
> redirected to application1.org/app/application1 I don't know why. And I have
> to add one more section on the reverse proxy
> Is there a better way to do it ?
I'm not sure why that extra section is necessary, unless the "..." part
of your config is important.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
