Friday, September 2, 2022

[FIXED] how to configure nginx as reverse proxy to different nginx running on different subnet with uWSGI?

      , ,      No comments   

Issue

This is one step ahead of this article,

Below is the current flow and configuration and it is working. I can access UI from /16 machine. This was done by someone else. I guess by following above article.

Client------------------nginx----------------------nginx
192.168.13.90/16   eth0 - 192.168.13.2/16   eth0   - 192.168.13.9/16
                                            eth0.1 - 182.28.129.202/24
                                                     |
                                                     |
                                                   uWSGI

I am beginner to nginx and python. I am trying to configure nginx as reverse proxy on eth0.1 interface in the following scenario,

Client------------------nginx---------------------nginx
182.28.129.201/24  eth0 - 192.168.13.9/16   eth0 - 192.168.13.2/16
                   eth0.1 - 182.28.129.202/24
                                                    |
                                                    |
                                                  uWSGI

Below are the current nginx config files with my current trial & error comments,

Edit2 - Comment out the location block for special login.html page from upstream nginx reverse proxy server 

# /etc/nginx/nginx.conf
# 192.168.13.2/16  - this upstream server

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;
    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    access_log /var/log/access.log;
    error_log /var/log/error.log;

    gzip on;
    gzip_disable "msie6";

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

Below is the ui.conf file included by above nginx.conf, # /etc/nginx/sites-enabled/ui.conf

# 192.168.13.2/16  -  this upstream server

server {
    listen 192.168.13.2:80;
    server_name 192.168.13.2:80;

    access_log /var/log/access.log;
    error_log /var/log/error.log;

    # No physical login.html,
    #  it is passing it to root which is login screen
    #location = /login.html {                          <--------- Edit2
    #   return 301 /;
    #}

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/var/run/ui.sock;
    }
}

Following is the nginx.conf on eth0.1 on different subnet,

Edit1 - The problem I am facing with this config is the request is proxied to the upstream nginx server but the response is gzip and chunked. I don't see page loading on the client.

Edit2 - I added location block for special page login.html and it loaded the page but it stuck at the redirect page. See wireshark stream below,

# /etc/nginx/nginx.conf

# eth0   - 192.168.13.9/16
# eth0.1 - 182.28.129.202/24  - Reverse proxy

user www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log debug;

pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  0;   #Disable

    gzip  on;
    gzip_disable    "msie6";                          #   <----------- Edit2

    server {
        listen          182.28.129.202:8080;
        server_name     182.28.129.202:8080;

        #rewrite        ^(.*) $scheme://$server_name$1 permanent;

        location = /login.html {                       #   <---------- Edit2
            proxy_pass              http://192.168.13.2:80/;
        }

        location / {
            proxy_pass              http://192.168.13.2:80;

            #  trial and error
            #proxy_http_version     1.1;
            #proxy_set_header       Host $host;
            #proxy_set_header       X-Real-IP $remote_addr;
            #proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;
            #proxy_set_header       X-Forwarded-Proto http;
            #proxy_bind             192.168.13.9;
            #proxy_buffering        off;
        }
    }
}

Edit2 - Wireshark stream, stuck at redirect page, /home

POST /login.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://182.28.129.202:8080/login.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: 182.28.129.202:8080
Content-Length: 33
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache

password=xxxxxxxxxx&login-submit=Server: nginx/1.6.2
Date: Thu, 07 Dec 2017 20:10:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 239
Connection: close
Location: http://192.168.13.2/home
Set-Cookie: remember_token=admin|c8aa43aab8b27724a207eb28ac7d1034d1e274fc4f528002a2d6106bb7c36a41756f6951d518f632d426a7d8c8257ad00dbab78e3daf7a5bbbc723ba33107e5e; Expires=Fri, 07-Dec-2018 20:10:50 GMT; Path=/
Set-Cookie: session=.eJw1zksKwzAMRdG9eNyBLUeSnc0E2ZJoBgkln1Hp3msonT4uvPMOix92PsN8Hbc9wrJqmAMgdgOPWhJx06jSM-lEuUKN5CzelFJJJY-pRs5QDLkgRWsdPZZkTZETkRikws1gUufeRL0a9zhlHAlXFEDPYlLHW1RI3sAYwoC87Nhkt_360-7Tjh9PdFv38PkC4lY3Tg.DQsxyg.lZrpSNvXnwE-JHT5t6qlYLAQP4Y; Expires=Sun, 07-Jan-2018 20:10:50 GMT; HttpOnly; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="/home">/home</a>.  If not click the link.

First I am trying to be able to access UI over HTTP and then with HTTPS. I am not able to move ahead due to my knowledge in this area so greatly appreciate any guidance.

Thank you,


Solution

I was doing a lot of trial and error and thats where was observing weird errors. Following are the config files which worked for me. Hope it will help some-one.

# 192.168.13.2/16  -  this upstream server

server {
    listen 192.168.13.2:80;
    server_name 192.168.13.2:80;

    access_log /var/log/access.log;
    error_log /var/log/error.log;

    # No physical login.html,
    #  it is passing it to root which is login screen
    location = /login.html {
       rewrite ^ http://192.168.13.2/ last;
    }

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/var/run/ui.sock;
    }
}

# /etc/nginx/nginx.conf

# eth0   - 192.168.13.9/16
# eth0.1 - 182.28.129.202/24  - Reverse proxy

user www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log debug;

pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  0;   #Disable

    gzip  on;
    gzip_disable    "msie6";

    server {
        listen          182.28.129.202:8080;
        server_name     182.28.129.202:8080;

        location / {
            proxy_buffering     off;
            proxy_set_header    Host $http_host;
            proxy_set_header    X-Real-IP $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto http;
            proxy_pass          http://192.168.13.2:80;
        }
    }
}


Answered By - eyePatch
Answer Checked By - Marie Seifert (PHPFixing Admin)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

1,207,371

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...