Hello Maksym,
The log files of the Naviserver could shed light on the issue.
And without knowing the contents of dz_nsd.tcl it is difficult to give
feedback.
Finally: you have both SSL and plain HTTP frontend (and backend?)
configured, so the result might differ depending if you make a https://
or http:// request.
Best Regards,
Georg
On 3/4/24 11:45, Maksym Zinchenko wrote:
I have a Naviserver with a couple of virtual web servers listening on
a single ip:port. I want to move all those virtual servers to Docker
containers gradually. So I'm trying to install Nginx Reverse Proxy on
my Docker container and configure it to redirect requests to my host
Naviserver.
I've changed my Naviserver config to listen to 8080 and 8443 ports on
docker host gateway IP:
/opt/ns/bin/nsd -w -u nsadmin -t /opt/ns/conf/dz_nsd.tcl -b
172.17.0.1:8080 <http://172.17.0.1:8080>,172.17.0.1:8443
<http://172.17.0.1:8443>
In my Nginx config I have 2 listeners one for dev and dummy1 subdomains:
server {
listen 80;
server_name dev.daidze.org <http://dev.daidze.org>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.17.0.1:8080/;
}
}
server {
listen 443 ssl;
server_name dev.daidze.org <http://dev.daidze.org>;
ssl_certificate /opt/ns/modules/nsssl/fullchain.pem;
ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://172.17.0.1:8443/;
}
}
server {
listen 80;
server_name dummy1.daidze.org <http://dummy1.daidze.org>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.17.0.1:8080/;
}
}
server {
listen 443 ssl;
server_name dummy1.daidze.org <http://dummy1.daidze.org>;
ssl_certificate /opt/ns/modules/nsssl/fullchain.pem;
ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://172.17.0.1:8443/;
}
}
I'm using proxy_set_header Host $http_host; to redirect the headers
real Host parameter to my host Naviserver installation, but I'm
getting response only from the dev Virtual server. It doesn't matter
what url I request dev.daidze.org <http://dev.daidze.org> or
dummy1.daidze.org <http://dummy1.daidze.org>. Here an example of
request to https://dummy1.daidze.org/ :
dev server
X-Real-IP: 172.64.238.37
X-Forwarded-For: 165.90.99.154, 172.64.238.37
Host: dummy1.daidze.org <http://dummy1.daidze.org>
X-Forwarded-Proto: https
Connection: close
accept-encoding: gzip, br
CF-RAY: 85f13d442cd66671-MAD
CF-Visitor: {"scheme":"https"}
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0)
Gecko/20100101 Firefox/123.0
accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
sec-gpc: 1
pragma: no-cache
cache-control: no-cache
CF-Connecting-IP: 165.90.99.154
CDN-Loop: cloudflare
CF-IPCountry: CV
What am I doing wrong? According to Naviserver docs redirection is
done based on the content of the /host/ header field. Right? So this
should work.
Thank you,
Maksym
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
