I am facing a weird situation. I want to load a webpage sitting behind Nginx. So I proxy pass a webpage request to squid
as shown below in the snippet:
location /about-me/yellow {
proxy_pass http://@squid/http://my-site.example.com/?nu=1&l=2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Request-URI $request_uri;
proxy_redirect off;
}
When the URL /about-me/yellow
is hit the request is forwarded to squid
but the request received is /http://my-site.example.com/?nu=1&l=2
i.e. with a leading forward slash. Why does this happen? The error that I get is INVALID_URI
. What is it that I am missing? Here is my complete Nginx configuration.
upstream @squid {
server x.x.x.x:3128;
}
server {
root /public/; ## <-- Your only path reference.
index index.php;
server_name preprod.mygov.in;
listen 83;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload";
add_header 'Referrer-Policy' 'no-referrer-when-downgrade';
add_header X-Frame-Options "SAMEORIGIN";
add_header Content-Security-Policy upgrade-insecure-requests;
### Disable HTTP Methods
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 405;
}
# Enable compression, this will help if you have for instance advagg module
# by serving Gzip versions of the files.
gzip_static on;
location ~ ^/s3/files/styles/ {
try_files $uri @rewrite;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 10.0.0.0/8;
deny all;
}
location ~* ^.+(\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/(.+)\.(phtml|pl|py|jsp|asp|aspx|shtml|htm|sh|cgi|exe) {
deny all;
}
location ~ ^/sites/(.+)\.php$ {
deny all;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
# This is cool because no php is touched for static content
try_files $uri @rewrite;
}
location ~ ^/s3/files/styles/ {
try_files $uri @rewrite;
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
#rewrite ^/(.*)$ /index.php?q=$1;
}
fastcgi_connect_timeout 200;
fastcgi_send_timeout 200;
fastcgi_read_timeout 200;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~* \.(css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location ~* \.(js|json)$ {
expires 1d;
log_not_found off;
}
location ~* \.(svg|woff|woff2)$ {
expires 30d;
log_not_found off;
}
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
location /about-me/yellow {
proxy_pass http://@squid/http://my-site.example.com/?wid=675&lang=bn;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Request-URI $request_uri;
proxy_redirect off;
}
}
Error screenshot:
Is this not the correct way to forward the request to squid? Anything that I am missing?
I would expect the first line of your squid configuration to contain