I am using nginx in a standard reverse proxy scenario, to pass all requests to /auth
to another host, however I'm trying to use non-standard ports.
My end goal is to have the X-Forwarded-Port
header set to the port that the request comes in on.
Here is my location block in nginx.conf:
location /auth/ { proxy_pass http://otherhost:8090; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port <VAR>; }
This nginx is running in a docker container, that is configured to forward requests from 8085 into 80 in the container, such that the nginx process is listening on 80:
0.0.0.0:8085->80/tcp
When I hit the URL:
http://localhost:8085/auth/
I am correctly redirected to http://otherhost:8090
, but the X-Forwarded-Port
header is missing or wrong.
Where I have <VAR>
in the original block, I have tried the following:
$server_port
- This is the port nginx is listening on (80), not the
request port.
$pass_port
- Seems to be null in my setup, so nginx drops the
header.
$http_port
- This is a random port per request.
$remote_port
- This is a random port per request.
I can change my config at deploy time to hardcode to the known port of incoming requests, but ideally I would be able to change the front port without any change to the nginx config.
I've scoured the nginx variable list but can't find anything like $request_port
. Is there any way for me to achieve my intent?
Option 1 - Altering the log directive format This option can be implemented whether or not the --with-http_realip_module was specified at compilation, and modifies the format for the access_log directive to include the X-Forwarded-For Header contents. In the configuration file /etc/nginx/nginx.
The X-Forwarded-Port request header helps you identify the destination port that the client used to connect to the load balancer.
Forward proxy is something the client sets up in order to connect to rest of the internet. In turn, the server may potentially know nothing about your forward proxy. Nginx is originally designed to be a reverse proxy, and not a forward proxy. But it can still be used as a forward one.
To begin with, open Nginx configuration file with a text editor, and change the port number as shown in the below excerpt. In this excerpt we’ll configure Nginx HTTP server to listen for incoming connections on port 3200.
This makes the solution very simple: all you need to do is configure your server to use the client information from X-Forwarded-For IP when processing data, and not the client IP address it is receiving directly. Nginx is a web server that can act as a reverse proxy as well as a load balancer.
However, the TLS configuration, which is not enabled by default in Nginx, listens for secure connections on port 443. In order to make Nginx HTTP server to listen for incoming web connections on other non-standard ports, we need to edit the main configuration file and change or add a new statement to reflect this fact.
The only workaround I've found is to use a map
rule to get the port from the http_host
variable e.g.
map $http_host $port {
default 80;
"~^[^\:]+:(?<p>\d+)$" $p;
}
This is a just rough idea to write Nginx conf, but I am sure this can help you in redirection
server {
listen 80;
server_name host.docker.internal;
# By default land on localhost:80 to root so in root we copied UI build to the ngnix html dir.
# have a look to docker-compose uiapp service.
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# after location add filter, from which every endpoint starts with or comes in endpoint
# so that ngnix can capture the URL and reroute it.
# like /backend/getUserInfo/<UserId>
# In above example /backend is that filter which will be captured by Ngnix and reroute the flow.
location /backend {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_pass http://<ContainerName>:<PortNumber>;
# In our case Container name is as we setup in docker-compose `beservice` and port 8080
proxy_pass http://beservice:8080;
}
}
For more details you can have a look at this project
https://github.com/dupinder/NgnixDockerizedDevEnv
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With