The proxy can add extra (or overwrite) headers to requests it receives and passes through to the back-end. These can be used to communicate information to the back-end. So far I’ve seen a couple used for forcing the use of https in URL scheme: X-Forwarded-Protocol: https X-Forwarded-Ssl: on X-Url-Scheme: https And wikipedia also mentions: # … Read more
I think the greatest benefit is that you’re then able to use the same port (80) for multiple applications. Otherwise, you’d need a new IP address for each nodejs application you have. Depending on how you set things up, you can also configure different folders and subdomains to different nodejs apps running on different ports. … Read more
First add new logging format log_format upstreamlog ‘[$time_local] $remote_addr – $remote_user – $server_name $host to: $upstream_addr: $request $status upstream_response_time $upstream_response_time msec $msec request_time $request_time’; Example output: [18/Nov/2019:10:08:15 -0700] <request IP> – – – <config host> <request host> to: 127.0.0.1:8000: GET /path/requested HTTP/1.1 200 upstream_response_time 0.000 msec 1574096895.474 request_time 0.001 and then redefine accesslog as access_log … Read more
Upgrade to latest version of socket.io (0.6.8 -> npm install socket.io@0.6.8, which is patched to work with HAProxy) and download the latest version of HAProxy. Here is an example config file: global maxconn 4096 # Total Max Connections. This is dependent on ulimit nbproc 2 defaults mode http frontend all 0.0.0.0:80 timeout client 5000 default_backend … Read more
Found something that is working well : server { listen 8001 ssl; ssl_certificate /home/xxx/server.crt; ssl_certificate_key /home/xxx/server.key; error_page 497 301 =307 https://$host:$server_port$request_uri; location /{ proxy_pass http://localhost:8000; proxy_redirect off; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; } }
You can follow the instructions here: Authentication, Authorization and Access Control. The main difference for your reverse proxy is that you’ll want to put the auth stuff inside a Location block, even though the docs say that they’re only allowed in Directory blocks: <Location /> AuthType Basic … </Location> Outside the Location block you can … Read more
The issue is that your if condition is not going to send the headers in the parent in /. If you check the preflight response headers it would be HTTP/1.1 204 No Content Server: nginx/1.13.3 Date: Fri, 01 Sep 2017 05:24:04 GMT Connection: keep-alive Access-Control-Max-Age: 1728000 Content-Type: text/plain charset=UTF-8 Content-Length: 0 And that doesn’t give … Read more
Use try_files and named location block (‘@apachesite’). This will remove unnecessary regex match and if block. More efficient. location / { root /path/to/root/of/static/files; try_files $uri $uri/ @apachesite; expires max; access_log off; } location @apachesite { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8080; } Update: The assumption of this config is that … Read more
It’s not only possible, it’s easy: in nginx the response header values are available through a variable (one per header). See http://wiki.nginx.org/HttpCoreModule#.24sent_http_HEADER for the details on those variables. In your examle the variable would be $sent_http_My_custom_header.
The comment by MK pointed me in the right direction. In the case of Apache 2.4 and up, there are different defaults and a new directive. I am running Apache 2.4.6, and I had to add the following directives to get it working: SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off