Nginx Reverse Proxy with Sub Directory Mapping Rumi, May 30, 2023May 30, 2023 Setup Note: My web application has a sub-directory, 192.168.1.8:8088/messages, that I want to expose to the outside world as messages.mysite.com. I’ve gotten half way there but I seem to be stuck. My requirements are as follows Redirect the site from HTTP to HTTPS. As I cannot edit the links the web application generates, I need to be able to accept requests from the client such as messages.mysite.com/messages?id=23023. Do not allow reverse proxy access to the root web application, 192.168.1.8:8088 or to any sub-directory other than 192.168.1.8:8088/messages and its children. Reference Solution: Redirecting is a server response to tell client to load another URL. Reverse proxying is telling the server to send the request to another server and return the response back to the client. The HTTP to HTTPS redirect should always be a simple redirect of the HTTP URL to the corresponding HTTPS URL, without modifications. There is rarely any need to modify the URL path at this step. Reference Solution: server { listen 80; server_name messages.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name messages.example.com; ssl_certificate /etc/letsencrypt/live/messages.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/messages.example.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot location = / { proxy_pass http://192.168.1.8:8088/messages; proxy_buffering off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /messages { proxy_pass http://192.168.1.8:8088/messages; proxy_buffering off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } I removed the $upstream variable, because the configuration is easier to read when the location / and proxy_pass variables are next to each other. This setup forwards requests as follows: https://messages.example.com/ => http://192.168.1.8:8088/messages https://messages.example.com/?some=value => http://192.168.1.8:8088/messages?some=value https://messages.example.com/message => http://192.168.1.8:8088/messagesmessage Related Administrations Collected Articles Configurations (Linux) nginxReverse Proxy
Enable IPTables on Rocky Linux 8 September 2, 2023 Disabling firewalld You can’t really run the old iptables utilities alongside firewalld. They’re just not compatible. The best way to get around this is to disable firewalld entirely (no need to uninstall it unless you want to) , and reinstall the iptables utilities. Disabling firewalld can be done using these… Read More
Icininga on SSL June 25, 2012 This is intended to be an introduction for implementation of stronger authentication and server security focused around the CGI web interface. There are many ways to enhance the security of your monitoring server and Icinga environment. This should not be taken as the end all approach to security…. Read More
TimeZone adjust in Linux June 6, 2014 For Redhat/CentOS/Fedora/SL distribution Type the redhat-config-date command at the command line to start the time and date properties tool, run: # redhat-config-date OR type setup and select time zone configuration. This tool is recommended for remote ssh text based sessions. # setup Select timezone configuration. Just follow on screen… Read More