Nginx Reverse Proxy with Sub Directory Mapping

Rumi,

Setup Note:

My web application has a sub-directory, 192.168.1.8:8088/messages, that I want to expose to the outside world as messages.mysite.com. I’ve gotten half way there but I seem to be stuck. My requirements are as follows

  • Redirect the site from HTTP to HTTPS.
  • As I cannot edit the links the web application generates, I need to be able to accept requests from the client such as messages.mysite.com/messages?id=23023.
  • Do not allow reverse proxy access to the root web application, 192.168.1.8:8088 or to any sub-directory other than 192.168.1.8:8088/messages and its children.

Reference Solution:

Redirecting is a server response to tell client to load another URL. Reverse proxying is telling the server to send the request to another server and return the response back to the client.

The HTTP to HTTPS redirect should always be a simple redirect of the HTTP URL to the corresponding HTTPS URL, without modifications. There is rarely any need to modify the URL path at this step.

Reference Solution:

server {
listen 80;
server_name messages.example.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name messages.example.com;

ssl_certificate /etc/letsencrypt/live/messages.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/messages.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

location = / {
proxy_pass http://192.168.1.8:8088/messages;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

location /messages {
proxy_pass http://192.168.1.8:8088/messages;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

I removed the $upstream variable, because the configuration is easier to read when the location / and proxy_pass variables are next to each other.

This setup forwards requests as follows:

https://messages.example.com/ => http://192.168.1.8:8088/messages
https://messages.example.com/?some=value => http://192.168.1.8:8088/messages?some=value
https://messages.example.com/message => http://192.168.1.8:8088/messagesmessage

Administrations Collected Articles Configurations (Linux)

Leave a Reply

Your email address will not be published. Required fields are marked *