Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Prevent NGINX to remove the port

I want to keep the ServerName and Port dynamicly on my rewrite: Lets say the Firewall redirect port 8081 to 80. So, if i access the webserver for example with "192.168.1.123/frontend" or "my.domain.tld:8081/frontend" i should be redirect to "192.168.1.123/frontend/" or "my.domain.tld:8081/frontend/"

If i use the normal redirect rewrite ^(.*[^/])$ $1/ permanent; and i access with the port 8081 the port got removed. (I already tried port_in_redirect off;)

I use almost the default configuration:

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;
        rewrite ^(.*[^/])$ $1/ permanent;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi.conf;
        }
}

Thank you in anticipation!


SOLUTION: Thanks to the NGINX Mailing list! I fixed this problem with a rewrite rule:

if (-d $request_filename) {
    rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
like image 681
Gurkengewuerz Avatar asked Sep 15 '16 19:09

Gurkengewuerz


2 Answers

I finally found a solution to the problem you've well described. I made it work with URL rewriting, but it seemed a bit overkill.

So, for anyone having the same problem, it appears the cleanest solution would be to replace this :

proxy_set_header Host $host;

with this :

proxy_set_header Host $http_host;

With this setup, Nginx will keep the port in your redirections, no matter you firewall configuration.

Hope this helps. Cheers !

like image 129
Ghis Avatar answered Nov 12 '22 06:11

Ghis


a good chunk of mine... about 1/3rd of the file... /etc/nginx/sites-enabled/Site.conf

might see some helpful stuff in here... everything works... my nginx is tuned up. my ssl gets 100% across the board too, and the ports i do expose have really long complicated ass passwords i had to write down to remember, or there's just dev and testing junk that can't do any harm. but still.. obscured so you can put your own darn values in.

    ####################################################
    upstream dev {
        server 127.0.0.1://port// weight=1 fail_timeout=300s;
        keepalive 16;
      }
    ####################################################
    upstream l33t {
        server 127.0.0.1://port// weight=1 fail_timeout=300s;
        keepalive 16;
      }
    ####################################################
    upstream authserver {
        server 127.0.0.1://PORT// weight=1 fail_timeout=300s;
        keepalive 16;
      }


    #######################
    #  whereyougoing :80  #
    #######################

#nowhere..         you're going.... nowhere...

    ######################
    #   - FORCE HTTPS -  #
    ######################

    server {
        listen 80;
        server_name YOURSITE.COM;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://YOURSITE.COM permanent;
    }

    server {
        listen 80;
        server_name www.YOURSITE.COM;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://www.YOURSITE.COM permanent;
    }


    server {
        listen 80;
        server_name auth.YOURSITE.COM;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://auth.YOURSITE.COM permanent;
    }

    server {
        listen 80;
        server_name its.YOURSITE.COM;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://its.YOURSITE.COM permanent;
    }


    ######################################################
    #############  SSL SERVER starts here  ###############
    ######################################################

    server {

        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        server_name YOURSITE.COM www.YOURSITE.COM auth.YOURSITE.COM its.YOURSITE.COM;
        root /var/www/wordpress;
        index index.php index.htm index.html;
        access_log /var/log/nginx/rocketstack_ssl_access.log;
        error_log /var/log/nginx/rocketstack_ssl_error.log;

    #######################################
    #            Lock it down             #
    #######################################

    # SSL certificate locations
        ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;

    # Exclusions
        include snippets/exclusions.conf;

    # Security
        include snippets/security.conf;
        include snippets/ssl.conf;

    # Fastcgi cache rules
        include snippets/fastcgi-cache.conf;
        include snippets/limits.conf;
        include snippets/nginx-cloudflare.conf;

    ############################################
    #             port-authority               #
    ############################################

    if (-d $request_filename) {
        rewrite [^/]$ $scheme://$http_host$uri/ permanent;
    }

    ############################################
    #                Locations                 #
    ############################################

        location / {
            try_files $uri $uri/  /index.php?$args;
        }

        location /FOO {
            alias /var/www/devl;
            index index.php index.html index.htm;
            try_files $uri $uri/               /index.php?$args;
            autoindex                          on;
        }

        location /BAR {

              proxy_set_header Origin           http://$host;
              proxy_set_header Host             $http_host:$server_port;
              proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
              proxy_set_header Upgrade          $http_upgrade;
              proxy_set_header Connection       $http_connection;
              proxy_http_version 1.1;
          }


    ################# Fastphp accelleration #############

        location ~ \.php$ {
            try_files $uri =404;
            include snippets/fastcgi-params.conf;
            fastcgi_pass unix:/run/php/php7.2-fpm.sock;

    # Skip cache based on rules in snippets/fastcgi-cache.conf.

            fastcgi_cache_bypass     $skip_cache;
            fastcgi_no_cache         $skip_cache;

    # Define memory zone for caching.

            fastcgi_cache rocketstack;

    # Define caching time.

            fastcgi_cache_valid 60m;

    #increase timeouts

            fastcgi_read_timeout 3000;
            fastcgi_connect_timeout 3000;
            fastcgi_send_timeout 3000;
            proxy_read_timeout 3000;
            proxy_connect_timeout 3000;
            proxy_send_timeout 3000;
            send_timeout 3000;

    # Flexible SSL to be used So the server can talk non-ssl internally

            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-NginX-Proxy true;
        }
    }

    ##############################################
    ###########    Server ends here    ###########
    ###########                        ###########
    ###########  Call upstream starts  ###########
    ###########                        ###########
    ##############################################



          #######################
          #     auth-serve      #
          #######################

    server {
        listen 9001 ssl;

    #############  Lock it down  ################

    # SSL certificate locations
        ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;

    # Exclusions

        include snippets/exclusions.conf;

    # Security

        include snippets/security.conf;
        include snippets/ssl.conf;

    # Fastcgi cache rules

        include snippets/fastcgi-cache.conf;
        include snippets/limits.conf;
        include snippets/nginx-cloudflare.conf;

    ###########  Send to Location upstream ##############

        location /authserver {
            proxy_redirect /*                 /$1;
            proxy_pass http://authserver/;
            proxy_set_header Origin           $host;
            proxy_set_header Host             $host:$server_port;
            proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header Upgrade          $http_upgrade;
            proxy_set_header Connection       $http_connection;
            proxy_http_version 1.1;
        }
like image 35
Kai Gouthro Avatar answered Nov 12 '22 06:11

Kai Gouthro