Home / server / Questions / 1017631
Accepted
Anadi Misra
Asked: 2020-05-19 04:57:10 +0800 CST

error configuring proxy pass for upstream app

  • 772

I have an application running as a docker container mapped to port 8080; On this same server I also have nginx also configured to serve a Laravel application which has some URLs that have api at context root https://example.com/api/news for example. The docker application URLs starts with either web/ or api/ so to avoid URL proxy confusions I'm trying to serve all docker container application /comments context path, thereby Laravel requests continue from host/api and docker app URL host/comments/api etc. I have following locations in the configuration (in the order described here)

upstream remark42 {
    server 127.0.0.1:8080 weight=100 max_fails=5 fail_timeout=5;
}

server {
    listen 80;
    server_name www.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    access_log /var/www/example.com/storage/logs/access.log;
    error_log /var/www/example.com/storage/logs/error.log;

    ssl_certificate /etc/nginx/ssl/example_com_chain.crt;
    ssl_certificate_key /etc/nginx/ssl/example_com.key;

    root /var/www/example.com/public/;
    index index.php index.html index.htm;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass    unix:/run/php/php7.4-fpm.sock;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param   APP_ENV  production;
        include         fastcgi_params;
    }

    location /comments {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        rewrite ^/comments(.*) /$1 break;
        proxy_pass http://remark42/;
    }

    location ~* \.(?:css|js)$ {
        access_log        on;
        etag              on;
        if_modified_since exact;
        add_header Pragma "public";
        add_header        Cache-Control "max-age=31557600, public, must-revalidate, proxy-revalidate";
    }

And then at the end of file 

location / {
  try_files $uri $uri/ /index.php?$args;
}

I get a 404 error on accessing https://www.example.com/comments/web/embed.js or https://www.example.com/comments/api/v1/user?blah

with the JS file giving following error in logs 

2020/05/18 18:05:54 [error] 3047#3047: *5035 open() "/var/www/example.com/public/comments/web/last-comments.js" failed (2: No such file or directory), client: 49.207.48.221, server: , request: "GET /comments/web/last-comments.js HTTP/2.0", host: "www.example.com", referrer: "https://www.example.com/blogs/yet-another-svn-change-log-tool"

So the proxy pass doesn't work and it tries to fetch js files from disk.

nginx

2 Answers

  1. As documented in the ngx_http_rewrite_module documentation, after a rewrite, the location is searched again - so after the rewrite the location ~* \.(?:css|js)$ is entered instead of executing the proxy_pass.

    If what you want to do is to represent resources from http://127.0.0.1:8080/ under http://www.example.com/comments/, then proxy_pass will do this automatically. From the NGINX Reverse Proxy documentation:

    If the URI is specified along with the address, it replaces the part of the request URI that matches the location parameter.

    "URI" here means the part after the upstream name, which you specified as /.

    So your location should be simply written as such:

       location /comments/ {
        proxy_set_header ...;
        proxy_pass http://remark42/;
    }

    Note the ending / on the location path to make the mapping canonical - so https://www.example.com/comments/web/embed.js is proxied to http://remark42/web/embed.js ( /comments/ is mapped to / ).

    Otherwise, you'd get something like this: https://www.example.com/comments/web/embed.js -> http://remark42//web/embed.js - note the double slash. This is often not a problem as the upstream server should handle this and canonicalize the double slash, but it is not correct.

    • 1
  2. Best Answer

    I believe there are two solutions to your problem.

    location ^~ /comments/ {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass http://remark42/;
}

    or

    location ^~ /comments {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    rewrite ^/comments(.*) /$1 break;
    proxy_pass http://remark42;
}

    To understand, read nginx proxy module

    The first solution, is based upon

    If the proxy_pass directive is specified with a URI, then when a request is passed to the server, the part of a normalized request URI matching the location is replaced by a URI specified in the directive

    Ie. /comments is replaced by /

    The second solution is based on

    When the URI is changed inside a proxied location using the rewrite directive, and this same configuration will be used to process a request (break):

    location /name/ {
    rewrite    /name/([^/]+) /users?name=$1 break;
    proxy_pass http://127.0.0.1;
}

    In this case, the URI specified in the directive is ignored and the full changed request URI is passed to the server.

    You were passing an URI, the last "/" in "http://remark42/".

    • 1