Welcome! Log In Create A New Profile

Advanced

Reverse proxy for multiple domains

Posted by Mik J via nginx 
Mik J via nginx
Reverse proxy for multiple domains
August 10, 2017 11:20PM
Nginx: 1.10.2


Hello,

I'm tryging to get reverse proxy working with multiple domains


I have application1.org and application2.org.


The client requesting these URLs, arrives one the reverse proxy.

On this reverse proxy I have a virtual host which looks like that

server {

listen 80;

server_name application1.org;

access_log /var/log/nginx/application1.org.access.log;

error_log /var/log/nginx/application1.org.error.log;

....


location ^~ / {

proxy_pass http://10.1.1.10:80/app/application1/;

proxy_redirect off;

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

}

And another virtual host for application2 which is similar with

proxy_pass http://10.1.1.10:80/app/application2/;


The server behind the reverse proxy is the same right now



On the web server behind the proxy I just have one virtual host which is the default one

server {

listen 80 default_server;

server_name _;

index index.html index.htm index.php;

root /var/www/htdocs;


location ^~ /app/application1 {

root /var/www;

index index.php;

location ~ \.php$ {

root /var/www;

try_files $uri =404;

fastcgi_pass unix:/run/php-fpm.application1.sock;

fastcgi_split_path_info ^(.+\.php)(/.+)$;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

location ^~ /app/application2 {
root /var/www;
index index.php;
location ~ \.php$ {
root /var/www;
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm.application2.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}

Questions:

1) Is it the right way to do this ?

2) When I access the application from Internet using application1.org, I am redirected to application1.org/app/application1 I don't know why. And I have to add one more section on the reverse proxy
location ^~ /app/application1 {
proxy_pass http://10.1.1.10:80/app/application1/;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Is there a better way to do it ?

Thank you
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Reverse proxy for multiple domains
August 17, 2017 09:40PM
On Thu, Aug 10, 2017 at 09:17:14PM +0000, Mik J via nginx wrote:

Hi there,

> I have application1.org and application2.org.
>
> The client requesting these URLs, arrives one the reverse proxy.
>
> On this reverse proxy I have a virtual host which looks like that
>
> server {
> server_name application1.org;
> location ^~ / {
> proxy_pass http://10.1.1.10:80/app/application1/;
> }
>
> And another virtual host for application2 which is similar with
>
> proxy_pass http://10.1.1.10:80/app/application2/;
>
>
> The server behind the reverse proxy is the same right now

> 1) Is it the right way to do this ?

I think that trying to reverse-proxy an application at a different part
of the url tree to where the app thinks it is installed, is difficult.

So if application1 believes that it is installed at /app/application1,
I would suggest to expose that to the world. (Or: if you want the world
to see it at /, then configure the internal server so that it is at /
there too.)

Then your external config is mostly just "proxy_pass
http://10.1.1.10:80;";, possibly with "location = / { return 301
/application/app1/; }"

The *internal* config could probably have one server{} for each
application as well.

> 2) When I access the application from Internet using application1.org, I am redirected to application1.org/app/application1 I don't know why. And I have to add one more section on the reverse proxy

> Is there a better way to do it ?

I'm not sure why that extra section is necessary, unless the "..." part
of your config is important.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Mik J via nginx
Re: Reverse proxy for multiple domains
August 18, 2017 09:10AM
Thank you Francis for your answer
Actually is does this with a simple index.html page# cat index.htmlTEST
What would you do if you had ?
CLIENT <-> INTERNET <->Reverse_Proxy<->Web_ServerOn de web server I just use one default virtual host with multiple sections. Thats because the pages are called by the reverse proxy server like http://10.1.1.10:80/app/application1/; and it can't use a FQDN because it's in a private adressing
Is there a way that the reverse proxy connects to 10.1.1.10 but pretend the GET/POST queries use application1.org ?

I'd prefer my application would be accessible by www.application1.org than www.application1.org/app/application1 like right now



Le Jeudi 17 août 2017 21h35, Francis Daly <[email protected]> a écrit :


On Thu, Aug 10, 2017 at 09:17:14PM +0000, Mik J via nginx wrote:

Hi there,

> I have application1.org and application2.org.
>
> The client requesting these URLs, arrives one the reverse proxy.
>
> On this reverse proxy I have a virtual host which looks like that
>
> server {
> server_name application1.org;
> location ^~ / {
> proxy_pass        http://10.1.1.10:80/app/application1/;
> }
>
> And another virtual host for application2 which is similar with
>
> proxy_pass http://10.1.1.10:80/app/application2/;
>
>
> The server behind the reverse proxy is the same right now

> 1) Is it the right way to do this ?

I think that trying to reverse-proxy an application at a different part
of the url tree to where the app thinks it is installed, is difficult.

So if application1 believes that it is installed at /app/application1,
I would suggest to expose that to the world. (Or: if you want the world
to see it at /, then configure the internal server so that it is at /
there too.)

Then your external config is mostly just "proxy_pass
http://10.1.1.10:80;";, possibly with "location = / { return 301
/application/app1/; }"

The *internal* config could probably have one server{} for each
application as well.

> 2) When I access the application from Internet using application1.org, I am redirected to application1.org/app/application1 I don't know why. And I have to add one more section on the reverse proxy

> Is there a better way to do it ?

I'm not sure why that extra section is necessary, unless the "..." part
of your config is important.

    f
--
Francis Daly        francis@daoine.org


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Reverse proxy for multiple domains
August 20, 2017 10:10PM
On Fri, Aug 18, 2017 at 07:01:26AM +0000, Mik J via nginx wrote:

Hi there,

> What would you do if you had ?
> CLIENT <-> INTERNET <->Reverse_Proxy<->Web_Server

That is the normal case, is it not? So just "use nginx as normal".

> On de web server I just use one default virtual host with multiple
> sections.

I think that if you configure your "back-end" server that way, you are
more likely to have problems reverse proxying than if you configure
"one virtual host = one application".

If you want to reverse-proxy an application installed at one part of its
local url hierarchy, so that it looks like it is installed at another
part of the url hierarchy, then it is your job to make sure that any
part of the content returned that the client browser might interpret as
a url on this server, is correctly relative to the "another part". (It
presumably is by default relative to the "one part".)

Unless the application was written with a config option to make that
job trivial, I think it is easier to have the "public" url and "private"
url be the same.

On your system, you can configure it however you want to.

> Thats because the pages are called by the reverse proxy server
> like http://10.1.1.10:80/app/application1/; and it can't use a FQDN
> because it's in a private adressing

I don't follow that last part.

It can use a hostname if you want it to use a hostname.

I expect that it will be easier for you if you use a hostname, or if
you use two services listening on different ports.

> Is there a way that the reverse proxy connects to 10.1.1.10 but pretend
> the GET/POST queries use application1.org ?

If you can describe the http request that you want the client to make
to nginx; and describe the matching http request that you want nginx to
make to the back-end, it may be clearer what you mean.

> I'd prefer my application would be accessible by www.application1.org than
> www.application1.org/app/application1 like right now

From the config you have shown, nginx makes the application available
at www.application1.org. It looks to me like it is the back-end which
causes it to appear at www.application1.org/app/application1.

Possibly you should remove "proxy_redirect off;", and remove the
"proxy_set_header Host $http_host;" line.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Mik J via nginx
Re: Reverse proxy for multiple domains
August 27, 2017 01:30PM
Hello Francis,
Thank you for your answer.I've done many tests since then and yes indeed the problem came from the application => wordpress

It's necessary to define these two variables WP_HOME and WP_SITEURL or $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'] in wp-config.php
From that question> Thats because the pages are called by the reverse proxy server
> like http://10.1.1.10:80/app/application1/;and it can't use a FQDN
> because it's in a private adressing
Francis: I don't follow that last part.=> I mean that the reverse proxy uses an IP to connect to the backend web server. If it used a fqdn, it has to resolve it, through a dns request

I still have problems, the site doesn't diplay properly because it can't load a javascript
On the reverse proxyserver {
    listen 80;
    listen 443 ssl;
    server_name application1.org;
....
    location / {
        location ~ /\.ht { deny  all; }
        proxy_pass        http://10.1.1.10/app1/;
        proxy_http_version 1.1;
        proxy_set_header  X-Real-IP        $remote_addr;
        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_pass_header Set-Cookie;
    }


On the backend serverserver {
        listen 80 default_server;
        server_name _;
        index index.php;
        root /var/www/htdocs;
....
        location /app1 {
          root /var/www/htdocs/;
          access_log /var/log/nginx/app1.access.log xforwardedLog;
          error_log /var/log/nginx/app1.error.log;
          index index.php;
          try_files $uri $uri/ /app1/index.php$is_args$args;          location ~ /\. { deny  all; }
          gzip off;
          location ~ \.php$ {
              root           /var/www/htdocs;
              try_files $uri =404;
              fastcgi_pass   unix:/run/php-fpm.app1.sock;
              fastcgi_split_path_info ^(.+\.php)(/.+)$;
              fastcgi_index  index.php;
              fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
              include        fastcgi_params;
          }


The request for the javascript looks like thathttp://application1.org/?wooslider-javascript=load&t=1503832510&ver=1.0.0 HTTP/1.1It arrives on the backend server I see it in the logs (file specified in the stanza location)
10.1.1.10 forwarded for IP_CLIENT - - [27/Aug/2017:13:15:12 +0200] "GET /app1/?wooslider-javascript=load&t=1503832510&ver=1.0.0 HTTP/1.1" 404 5 "http://application1.org/"; "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
If I access a file from the internet, it works fine
http://application1.org/wp-content/themes/Avada/images/divider-02.gifSo there's just a problem with the previous URL
Another question, if I want to set expires header, would it be better to do it on the reverse proxy or on the backend server ?
Regards


Le Dimanche 20 août 2017 22h08, Francis Daly <[email protected]> a écrit :


On Fri, Aug 18, 2017 at 07:01:26AM +0000, Mik J via nginx wrote:

Hi there,

> What would you do if you had ?
> CLIENT <-> INTERNET <->Reverse_Proxy<->Web_Server

That is the normal case, is it not? So just "use nginx as normal".

> On de web server I just use one default virtual host with multiple
> sections.

I think that if you configure your "back-end" server that way, you are
more likely to have problems reverse proxying than if you configure
"one virtual host = one application".

If you want to reverse-proxy an application installed at one part of its
local url hierarchy, so that it looks like it is installed at another
part of the url hierarchy, then it is your job to make sure that any
part of the content returned that the client browser might interpret as
a url on this server, is correctly relative to the "another part". (It
presumably is by default relative to the "one part".)

Unless the application was written with a config option to make that
job trivial, I think it is easier to have the "public" url and "private"
url be the same.

On your system, you can configure it however you want to.

> Thats because the pages are called by the reverse proxy server
> like http://10.1.1.10:80/app/application1/; and it can't use a FQDN
> because it's in a private adressing

I don't follow that last part.

It can use a hostname if you want it to use a hostname.

I expect that it will be easier for you if you use a hostname, or if
you use two services listening on different ports.

> Is there a way that the reverse proxy connects to 10.1.1.10 but pretend
> the GET/POST queries use application1.org ?

If you can describe the http request that you want the client to make
to nginx; and describe the matching http request that you want nginx to
make to the back-end, it may be clearer what you mean.

> I'd prefer my application would be accessible by www.application1.org than
> www.application1.org/app/application1 like right now

From the config you have shown, nginx makes the application available
at www.application1.org. It looks to me like it is the back-end which
causes it to appear at www.application1.org/app/application1.

Possibly you should remove "proxy_redirect off;", and remove the
"proxy_set_header Host $http_host;" line.

Good luck with it,

    f
--
Francis Daly        francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Reverse proxy for multiple domains
August 30, 2017 08:00PM
On Sun, Aug 27, 2017 at 11:27:05AM +0000, Mik J via nginx wrote:

Hi there,

> > Thats because the pages are called by the reverse proxy server
> > like http://10.1.1.10:80/app/application1/;and it can't use a FQDN
> > because it's in a private adressing
> Francis: I don't follow that last part.=> I mean that the reverse proxy uses an IP to connect to the backend web server. If it used a fqdn, it has to resolve it, through a dns request

The backend web server can care about the IP:port you connect to, and
the Host: header you send.

You can connect to 10.1.1.10:80 and send a Host: header of "app1" if
you want to. No dns resolution involved.

Anyway, it sounds like you have this part working now; so that's good.


> I still have problems, the site doesn't diplay properly because it can't load a javascript

> The request for the javascript looks like thathttp://application1.org/?wooslider-javascript=load&t=1503832510&ver=1.0.0 HTTP/1.1It arrives on the backend server I see it in the logs (file specified in the stanza location)
> 10.1.1.10 forwarded for IP_CLIENT - - [27/Aug/2017:13:15:12 +0200] "GET /app1/?wooslider-javascript=load&t=1503832510&ver=1.0.0 HTTP/1.1" 404 5 "http://application1.org/"; "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"

A request for /?some-thing came to nginx; nginx reverse-proxied the request
as /app1/?same-thing. That is all you want nginx to do, so it is working.

If your back-end wordpress handles that request incorrectly, that is a
question for your back-end wordpress configuration.

People on this list who know about wordpress configuration are more
likely to see the question if it is in a new thread with words like
"wordpress" in the Subject: line.

(If the actual question is "why does my browser request /?some-thing
instead of /thing.js ?", that might also be related to the back-end
config.)

> Another question, if I want to set expires header, would it be better to do it on the reverse proxy or on the backend server ?

Again, I'd suggest that people who know about "wordpress" and "expires"
are much more likely to see that question if it is in a thread with an
obvious Subject: line.

Good luck with it!

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login