Nginx reverse proxy location issues

I’m trying to hide my webservices behind the Nginx HTTP reverse-proxy. I created NixOS nginx config file, which contents, currently, are:

{ pkgs, ... }:
{
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."example.com" = {
      enableACME = true;
      forceSSL = true;
      locations = {
         "/" = {
           proxyPass = "http://127.0.0.1:1212";
        };
      };
    };
  };
}

But proxification works fine only when you define service on the / location. When I change my configuration to something like this:

{ pkgs, ... }:
{
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."example.com" = {
      enableACME = true;
      forceSSL = true;
      locations = {
         "/someservice" = {
           proxyPass = "http://127.0.0.1:1212";
        };
      };
    };
  };
}

to enable proxyfication on the https://example.com/someservice location, it stops working.

So what am I doing wrong? Why proxifying requests at https://example.com/ works fine, but refuses to work on https://example.com/someservice ?

This is likely something to do with whatever it is behind the proxy. Lots of times the software behind the proxy blindly assumes it owns the entire domain it runs under (i.e. location /). If it doesn’t, then it needs to be taught via some config or other that it has to live within some other location (/someservice) in your example.

Some(lots?) of HTTP software is not able to run without a location of /, and can’t be configured to live within a specific path. When that happens, the best thing to do is generate a new name, i.e. someservice.example.com, and give location / to it.

1 Like

Service, I’m trying to proxify - bitwarden_rs self-hosted instance. Thanks for the catch. I tried setting the working URL in bitwarden configuration, but it still refuses to work. And I do not really believe, that the issue is in the proxy, because in my case - proxy acts as regular client, who would send request to bitwarden directly. The only difference between usual client and my Nginx proxy is that Nginx retranslates my requests to the bitwarden

for bitwarden_rs in particular, behind a ‘/’ or root domain location: https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples a complete example.

But behind a subpath, you have do something like this: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-an-alternate-base-dir

1 Like

YAY! You got it to work! You might think about sharing the solution here(and/or there) in concrete terms! i.e. your actual nix config (with yourdomain.com replaced with example.com for instance) and any gotchas, etc.