Re: NGINX Custom Headers [SOLVED]

Started by juliocbc, April 02, 2020, 08:26:12 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
April 02, 2020, 08:26:12 PM Last Edit: April 02, 2020, 10:53:28 PM by juliocbc
Is it possible to add custom HTTP Headers with a custom proxy_set_header directive?
Cloudfence Open Source Team
April 02, 2020, 09:06:11 PM #1
Not in the UI but via CLI using the config include hook. As far as I know I build nginx with the more-Headers 3rd party plug in which is even more powerful BTW.
April 02, 2020, 10:52:56 PM #2 Last Edit: April 02, 2020, 10:54:45 PM by juliocbc
Thanks Fabian!

It is for use with Graylog custom header. As a suggestion maybe in future consider to add something in the GUI like HAProxy plugin rules that allow some custom headers.
Cloudfence Open Source Team
September 05, 2020, 11:50:12 AM #3
I would also like to change the proxy_set_header.

In my case the
Quoteproxy_set_header HOST $host

@juliocbc it worked for you ?

@fabian
when I try to use the config include hook I get
nginx: [emerg] unknown directive "more_set_input_headers

or is there another possibility.
i would like to address multiple vhost apache instances via its server alias behind nginx



September 05, 2020, 01:40:25 PM #4
That means that you have probably copy and pasted something that is either unsupported or incorrect. More Headers is an nginx extension that I included as far as I know.
September 08, 2020, 03:47:58 AM #5
Quote from: fabian on April 02, 2020, 09:06:11 PM
Not in the UI but via CLI using the config include hook. As far as I know I build nginx with the more-Headers 3rd party plug in which is even more powerful BTW.

Any documentation you can direct me to get started with this?
September 08, 2020, 09:40:05 PM #6
Quote from: achandran on September 08, 2020, 03:47:58 AM
Any documentation you can direct me to get started with this?
Yes it would be quite useful along with the list of already built-in/activated headers. I'm having hard time to set reverse proxy for different services. Most information or setups are given with list of headers I can't find in UI and I have no clue what is under the hood...
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
September 11, 2020, 02:27:42 AM #7
Anybody, anything???



Could somebody please point me at direction where I can find documentation of built-in Nginx reverse proxy headers?
I would like to set a proxy for Nextcloud and I need to use following headers:
Quote
proxy_redirect http:// $scheme://; <- I believe set already by "Use https"
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; <- option set in HTTP Server
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
GUI doesn't correspond directly to standard headers' names and without documentation it's almost mission impossible to get it set properly.
Thanks in advance!
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
September 12, 2020, 04:54:25 PM #8
QuoteCould somebody please point me at direction where I can find documentation of built-in Nginx reverse proxy headers?
https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/location.conf
Quoteproxy_redirect http:// $scheme://; <- I believe set already by "Use https"
no. proxy_redirect not used by default afaik. sorry, what are you going to do with this header?
Quoteproxy_set_header Host $host;
already set
Quoteproxy_set_header X-Forwarded-For
set to $proxy_add_x_forwarded_for by location.conf
Quoteproxy_set_header X-Scheme
not used
Quoteproxy_set_header X-Forwarded-Proto $scheme
already set
September 12, 2020, 04:58:57 PM #9 Last Edit: September 12, 2020, 06:52:47 PM by Fright
@fabian
please, could you tell more about hooks?
i see in http.conf strings like
  include {{ server['@uuid'] }}_post/*.conf;
that hooks?
how to use it right? (create an appropriate "uuid_pre/post" folder and place .conf in there?)
(right in plugin description page at github https://github.com/opnsense/plugins/tree/master/www/nginx)

i cant find hook for locations blocks _pre/_post conf-s? they are?
(server hook not suitable for backend header insertion)

Thanks!

ps. i also tried to insert the "more_set_headers" directive. right in nginx.conf in location part and reload nginx.
"unknown directive "more_set_headers" in /usr/local/etc/nginx/nginx.conf:328"
"unknown directive "more_set_input_headers" in /usr/local/etc/nginx/nginx.conf:329"
September 12, 2020, 08:17:52 PM #10
Looks like that includes are really missing thought that a I added them. Should not be hard to change. In mean time you can add them by copying them from server and then replace server by location.
September 12, 2020, 08:29:49 PM #11
Thanks!
will try
cool plugin by the way )
(using with naxsi - works like a charm)
Оh! Please, can you check more_headers module and a couple of issues on github?
Thanks!
September 12, 2020, 11:09:42 PM #12 Last Edit: September 13, 2020, 03:52:10 AM by GreenMatter
Quote from: Fright on September 12, 2020, 04:54:25 PM
no. proxy_redirect not used by default afaik. sorry, what are you going to do with this header?
Thanks for reply! I've been trying to follow various guides of how to setup proxy for Nextcloud

Quoteproxy_set_header X-Forwarded-For
set to $proxy_add_x_forwarded_for by location.conf
Where to find location.conf, somewhere within "/usr/local/etc/nginx"?


EDIT:
Ok, more or less I've managed to run proxy for Nextcloud with use only of GUI. Now I'm facing a problem to connect Nextcloud with Onlyoffice (requires https). There's a way to achieve that described on https://www.onlyoffice.com/blog/2020/01/how-to-configure-reverse-proxy-for-nextcloud-and-onlyoffice-editors/
Long story short, to have following in Nginx conf:
Code Select

proxy_set_header Upgrade $http_upgrade; <- GUI websocket
proxy_set_header Connection $proxy_connection; <- GUI websocket
proxy_set_header X-Forwarded-Host $http_host/editors; <- not in GUI
server {
        listen 80;
        location / {
            proxy_pass_header Server;
            proxy_pass http://nextcloud/;
        }
        location /editors/ {
            proxy_pass http://onlyoffice/;
        }
}
How can I configure above? Still I'm not able to locate separate config file where I could enter missing headers and include in main config...
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
September 13, 2020, 07:22:52 AM #13 Last Edit: September 13, 2020, 04:25:49 PM by Fright
QuoteWhere to find location.conf, somewhere within "/usr/local/etc/nginx"?
/usr/local/opnsense/service/templates/opnsense/nginx/..
QuoteStill I'm not able to locate separate config file where I could enter missing headers and include in main config..
in the end of location.conf right before last brace insert new hook.
so before:
Code Select
{% endif %}{# honeypot #}

}

after:
Code Select
{% endif %}{# honeypot #}
    include {{ location['@uuid'] }}_post/*.conf;
}


go the GUI and apply nginx config (not reload, apply. so opnsense apply new location.conf)
go to the
/usr/local/etc/enginx/nginx.conf and be sure that at the end of location blocks there is a line like:
    include 248efebe-d2e2-401b-b93f-f4d9061bb18c_post/*.conf;
if so, you can create folder like "248efebe-d2e2-401b-b93f-f4d9061bb18c_post" in /usr/local/etc/enginx/,
place a file like "mylocationname.conf" with your directives and Apply nginx conf.
imo that shoud work
(I checked and replaced User-agent header via the hook. works:
Code Select
set $new_user_agent "${http_user_agent} via nginx";
proxy_set_header User-Agent $new_user_agent;
)
at any step, something can go wrong. always make a backup

ps. I'm not sure if we are doing the right thing by discussing this in the [SOLVED]  thread
January 30, 2021, 08:45:43 PM #14
Howdy,

I was wondering if you can post some insight on how you got custom_headers working with nginx?

Print
Go Up Pages1 2
User actions