Nginx reverse proxy location issues

anon22412468 · October 10, 2020, 1:54pm

I’m trying to hide my webservices behind the Nginx HTTP reverse-proxy. I created NixOS nginx config file, which contents, currently, are:

{ pkgs, ... }:
{
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."example.com" = {
      enableACME = true;
      forceSSL = true;
      locations = {
         "/" = {
           proxyPass = "http://127.0.0.1:1212";
        };
      };
    };
  };
}

But proxification works fine only when you define service on the / location. When I change my configuration to something like this:

{ pkgs, ... }:
{
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."example.com" = {
      enableACME = true;
      forceSSL = true;
      locations = {
         "/someservice" = {
           proxyPass = "http://127.0.0.1:1212";
        };
      };
    };
  };
}

to enable proxyfication on the https://example.com/someservice location, it stops working.

So what am I doing wrong? Why proxifying requests at https://example.com/ works fine, but refuses to work on https://example.com/someservice ?

zie · October 11, 2020, 2:00am

This is likely something to do with whatever it is behind the proxy. Lots of times the software behind the proxy blindly assumes it owns the entire domain it runs under (i.e. location /). If it doesn’t, then it needs to be taught via some config or other that it has to live within some other location (/someservice) in your example.

Some(lots?) of HTTP software is not able to run without a location of /, and can’t be configured to live within a specific path. When that happens, the best thing to do is generate a new name, i.e. someservice.example.com, and give location / to it.

anon22412468 · October 12, 2020, 11:00am

Service, I’m trying to proxify - bitwarden_rs self-hosted instance. Thanks for the catch. I tried setting the working URL in bitwarden configuration, but it still refuses to work. And I do not really believe, that the issue is in the proxy, because in my case - proxy acts as regular client, who would send request to bitwarden directly. The only difference between usual client and my Nginx proxy is that Nginx retranslates my requests to the bitwarden

zie · October 13, 2020, 7:49pm

for bitwarden_rs in particular, behind a ‘/’ or root domain location: Proxy examples · dani-garcia/vaultwarden Wiki · GitHub a complete example.

But behind a subpath, you have do something like this: Using an alternate base dir · dani-garcia/vaultwarden Wiki · GitHub

zie · October 15, 2020, 4:23pm

YAY! You got it to work! You might think about sharing the solution here(and/or there) in concrete terms! i.e. your actual nix config (with yourdomain.com replaced with example.com for instance) and any gotchas, etc.