Home / server / Questions / 661886
In Process
aag
Asked: 2015-01-24 06:58:50 +0800 CST

Simple Nginx proxy_pass (driving me crazy)

  • 772

Nagios is served by an nginx virtual server named "nagios" with the following configuration:

    # nagios server
    server {
        server_name     nagios;
        root            /usr/share/nagios/share;
        listen          80;
        index           index.php index.html index.htm;
        access_log      /etc/nginx/logs/nagios.access.log; 
        allow 10.10.0.0/16;
        allow 127.0.0.1;


        location ~ \.php$ {
            fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  AUTH_USER "nagios";
            fastcgi_param  REMOTE_USER "nagios";
            fastcgi_index  index.php;
            include        fastcgi.conf;
            }

        location ~ \.cgi$ {
            root            /usr/share/nagios/sbin;
            rewrite         ^/nagios/cgi-bin/(.*)\.cgi /$1.cgi break;
            fastcgi_param   AUTH_USER "nagios";
            fastcgi_param   REMOTE_USER "nagios";
            fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            include         fastcgi.conf;
            fastcgi_pass    unix:/run/fcgiwrap.sock;
            }

        location /nagios {
            alias /usr/share/nagios/share;
        }

This works well from within the LAN. For accessing from external sites. I have a single public address ("newcompany.com"), and I would like to reverse-proxy the entire Nagios site (including the CGI location) to "https://newcompany.com/nagios". I have tried all kinds of rewrites and proxy_passes, none of which wok. Can somebody show me how the location directive "/nagios" within the secured "newcompany.com" server should look like in order to properly reverse-proxy to the nagios server? Here is the current (broken) version of the upstream server:

server {
    server_name newcompany.com antergos1;
    listen 80 default_server;
    root /usr;
    index     index.php index.html index.htm;
    access_log logs/default.access.log;
    error_log logs/default.error.log;


    location ~ \.(php|html|html|cgi)$ {
        fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param   AUTH_USER $remote_user;
        fastcgi_param   REMOTE_USER $remote_user;
        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_index  index.php;
        include        fastcgi.conf;
        }

    location /nagios {
        index index.php index.html index.htm;
        proxy_pass http://nagios/;
        }
nginx

2 Answers

  1. I cannot write comments, but I believe the reason you need the trailing slash is because nginx thinks "/nagios" refers to one exact path, for example you might forward "/site.css" to "/css.php?file=site", whereas with the slash on the end, it refers to a whole directory and subdirectories, not just the exact path specified. In this case, you want everything under /nagios/ to be forwarded, so the trailing slash is needed. I'm glad you found your solution.

    • 2

  2. It turns out that the proxy_pass location directivelocation /nagios {} in the upstream server had to be changed into location /nagios/ {}. I do not understand why, but the reverse proxy now works fine.

    • 1