NGINX: Can I use URL Pattern Matching to reverse proxy to different servers?

Started by always_learning, January 16, 2021, 08:58:30 PM

Previous topic - Next topic
I recently was successful at setting up a reverse proxy with Nginx by following this guide: https://forum.opnsense.org/index.php?topic=19305.0

The issue I have run into is that I would like to take that setup and link to different local servers and ports for different purposes.

For example:

https://stuff.example.com > 172.16.0.1 : 80
https://stuff.example.com/docs > 172.16.0.1 : 8080
https://stuff.example.com/music > 172.16.0.5 : 80

And so on.

I thought that adding a Location and specifying URL Pattern and Rewrite rules would enable this, however, either that is not the correct method, or I have been doing it wrong.

How can I accomplish this type of setup?  Is it better to simply use multiple subdomains and proxy each individually?

you can just use multiple locations and assign them to the same HTTP Server

/
/docs
/music

Each of them has a different upstream.

Quote from: fabian on January 18, 2021, 05:24:53 PM
you can just use multiple locations and assign them to the same HTTP Server

/
/docs
/music

Each of them has a different upstream.

Yes, I have done that.  I have two locations set up, each with a different upstream.  I think it is the pattern matching itself that I am getting wrong, somehow.  I am able to successfully connect to the second server from the base URL (i.e. stuff.example.com) if I give it the base location of /.  Otherwise, when I use the URL pattern, I can't get any connection at all.

The attached image "Capture", shows two different locations, one for Nextcloud as /, and one for OnlyOffice as /docs.  Capture2 shows the details of how the OnlyOffice location is set up.  Capture3 shows the URL rewrite I am attempting to use with the OnlyOffice location (I have attempted connecting both with and without a rewrite).

Any advice as to what I am doing wrong?

Just use the default match type. Yours is not a regular expression.

The default is path contains.

Quote from: fabian on January 18, 2021, 11:38:37 PM
Just use the default match type. Yours is not a regular expression.

The default is path contains.

Please forgive me for my ineptitude, but I am somehow messing something up still.

- I have an https server set up to listen on both 80 and 443 and to redirect all traffic to 443.
- The server is watching for incoming traffic for a domain like stuff.example.com
- The server is directing traffic through 2 locations.
   - Location 1 is just the base url of stuff.example.com which is directed to an upstream that connects to and serves a Nextcloud instance from a machine on a private LAN with an IP address like 172.16.0.1
   - Location 2 is only modified by having a /docs at the end.  For example: stuff.example.com/docs, but also has a url rewrite rule with the goal of stripping it of the "/docs" so that it is seen by the upstream as simply the base address of just stuff.example.com/ but rather than port 80, it is sent to port 8080 on the same machine of 172.16.0.1

When I look at all the match types, I do not see any that simply say "path contains" (see attached image).  Also, I am not sure whether or not the URL rewrite rule is actually stripping the /docs off the end of the url, or if I am messing up the configuration in some other way, however, the most success I have had so far was to get a 404 error page to display.

I appreciate the help so far, and thank you in advance for all continued assistance.

Quotegoal of stripping it of the "/docs" so that it is seen by the upstream as simply the base address of just stuff.example.com/
i think it should be something like
rewrite ^/docs(.*)$ $1 break;
just keep in mind that everything is not quite that simple when you play with uri like that
if it might be useful:
https://forum.opnsense.org/index.php?topic=19122.msg87622#msg87622

Wenn der Präfix hinten wieder weg soll, würde ich da eher die upstream url umschreiben und dabei keine rewrite Regel nehmen sondern location mit regex und dann im Path prefix referenzieren.


I had something like this in the past - cannot remember the exact config

location ~ ^/context(?<apppath>.*)$ {
  proxy_pass http://upstream-name:port$apppath;
}

understood thanks!
that's nifty!
(want to test this in plugin - how variable will be passed to proxy_pass directive via config\template)

but @always_learning wants to switch upstreams by the "/context"
so it seems to me that this method is not suitable in this case

so in the context of the question (switching upstreams by dir name and cutting out the dir name) it might even be easier like:

location /music/ {
    proxy_pass http://UpstreamForMusicSiteUID/;  # trailing slash is the key for dir stripping
}

need to test how it will work with just "/" in "Path Prefix" field.

Quote from: Fright on January 21, 2021, 06:57:33 AM
understood thanks!
that's nifty!
(want to test this in plugin - how variable will be passed to proxy_pass directive via config\template)

but @always_learning wants to switch upstreams by the "/context"
so it seems to me that this method is not suitable in this case

so in the context of the question (switching upstreams by dir name and cutting out the dir name) it might even be easier like:

location /music/ {
    proxy_pass http://UpstreamForMusicSiteUID/;  # trailing slash is the key for dir stripping
}

need to test how it will work with just "/" in "Path Prefix" field.

I'm happy to test this idea, but how would I get it to work from the GUI?  Or do I just need to directly edit the configuration text?  If so, where is it located in the os?

EDIT:  I know how to make a location, just not where/how to do the proxy pass.

QuoteI'm happy to test this idea, but how would I get it to work from the GUI?
works at first glance: correct conf record for proxy_pass generated (with trailing slash) and request goes to right upstream without dir



Quotejust not where/how to do the proxy pass
OPNsense generates it for you in /usr/local/etc/nginx/nginx.conf based on GUI parameters )

Quote from: Fright on January 21, 2021, 09:06:17 AM
Quotejust not where/how to do the proxy pass
OPNsense generates it for you in /usr/local/etc/nginx/nginx.conf based on GUI parameters )

Is there a secondary location?  I just made the exact location configuration shown in your previous comment, then when it still resulted in a 404 page, I opened and thoroughly searched through the configuration document multiple times, and while I can find the basic server configuration, the location configuration for /docs/, is nowhere to be found.

QuoteIs there a secondary location?
no, this is the only location
Quotewhile I can find the basic server configuration, the location configuration for /docs/, is nowhere to be found.
hm. sorry, but did you "apply" after making changes? )
inside the server configuration block, after the directives for the logs and error pages paths, the locations configuration blocks should begin: first built-in, and then added by you through the GUI