Welcome! Log In Create A New Profile

Advanced

Modify url at nginx

Posted by linsonj 
linsonj
Modify url at nginx
July 30, 2018 09:10AM
Hello All,

We have a use case.

Our web application is deployed in tomcat7. At front, nginx is configured as
reverse proxy and all requests are passed through nginx and are forwarded to
tomcat7. Nginx serve static files directly and dynamic requests ( json ) are
forwarded to tomcat7. At backend, we have MySQL db to save the application
settings.


What we want is when client type https://test1.apphost.com , nginx see url
as test1.apphost.com. Before proxy pass request to tomcat7, it should modify
url to https://test.apphost.com so tomcat7 see client url as
test.apphost.com. Once request is processed, response is given back to nginx
and nginx give it back to end url https://test1.apphost.com


This is needed because in our application database, we use domain name to DB
name mapping. Currently one domain name mapping entry is allowed. We want to
allow multiple urls to login to our application from client side. That
means, we use modified url (domain name ) test.apphost.com in database
settings. When client type https://test1.apphost.com, nginx should modify it
to test.apphost.com which matches the database mapping settings thus allow
successful login.

We have following nginx config settings put in place.

server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
error_page 500 502 503 504 /50x.html;
}


server {
listen 443 ssl default_server;

location /server {

proxy_pass http://127.0.0.1:8080/server;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
proxy_request_buffering off;
send_timeout 6000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503
http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_redirect off;
proxy_cache sd6;

add_header X-Proxy-Cache $upstream_cache_status;
proxy_cache_bypass $http_cache_control;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"
always;
add_header Referrer-Policy "no-referrer";
}

ssl on;
ssl_certificate /etc/nginx/ssl/example.com.bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 24h;

keepalive_timeout 300;
access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;

}

Would be of great help if someone can advise us how can we modify the url
based on the use case explained above.
Thank you.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,280695,280695#msg-280695

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Pratyush Kumar
Re: Modify url at nginx
July 30, 2018 09:20AM
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Modify url at nginx
July 31, 2018 12:00AM
On Mon, Jul 30, 2018 at 02:58:56AM -0400, linsonj wrote:

Hi there,

> What we want is when client type https://test1.apphost.com , nginx see url
> as test1.apphost.com. Before proxy pass request to tomcat7, it should modify
> url to https://test.apphost.com so tomcat7 see client url as
> test.apphost.com. Once request is processed, response is given back to nginx
> and nginx give it back to end url https://test1.apphost.com

Untested, but I suggest you add a

upstream test.apphost.com { server 127.0.0.1:8080; }

and then make the following changes:

> location /server {
>
> proxy_pass http://127.0.0.1:8080/server;

change to

proxy_pass http://test.apphost.com;

> proxy_set_header Host $host;

Remove that.

> proxy_redirect off;

Remove that.

> Would be of great help if someone can advise us how can we modify the url
> based on the use case explained above.

If you don't add the "upstream", then you should change

proxy_set_header Host $host;

to

proxy_set_header Host test.apphost.com;

because that is the Host: header that you say you want tomcat to get.

proxy_redirect (http://nginx.org/r/proxy_redirect) will rewrite a http
Location: response header, if it is given the chance.

The only place I think that this should fail, is if the tomcat service
returns http body content which refers to test.apphost.com. Ideally,
it shouldn't, or can be configured not to.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login