NGINX URI With Period Proxy Pass Issue - java

So we have a setup where nginx is our reverse proxy that uses proxy_pass to apache tomcat in several locations. The issue we encountered is this:
If a URI contains a dot/period as a trailing value (e.g. http://example.com/sub/john-doe.), this is not properly forwarded to tomcat.
As per the access log in tomcat, "period" was excluded/removed from the URI path.
(http://example.com/sub/john-doe.). --> (http://192.168.1.10:8080/sub/john-doe)
Testing directly to tomcat via local access (http://192.168.1.10:8080/sub/john-doe.) works fine. The "period" was not removed.
What is the correct configuration for this in nginx?
TIA
nginx 1.19 (windows)
Common configuration
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
add_header X-XSS-Protection "1; mode=block";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 4000M;
location /sub {
proxy_pass http://<ip>:8080/sub
}

Related

nginx reverse proxy with tomcat not working

I am trying to proxy tomcat using nginx. I have this configuration below. Now the problem I am facing is if I access the url by IP(192.168.2.6) then it gets redirected to /auth_app is tomcat which is perfectly fine. The tomcat url redirect to a third party SAML2 provider and once it authenticated it redirected to http://localhost:8080/auth_app/ instead of http://192.168.2.6/auth_app/ and because of that my application doesn't open as tomcat is running on 192.168.2.6 and not localhost.
server {
listen 80 default_server;
server_name _;
error_log /var/log/nginx/abc_error.log;
access_log /var/log/nginx/abc_access.log;
rewrite ^/?$ /auth_app;
location /auth_app {
proxy_redirect off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/auth_app/;
}
}
There should be a config setting in your tomcat app to set the redirect URL to http://192.168.2.6/auth_app/.

Confgure nginx as reverse proxy for wildfly web applications

I have a webapp deployed on a wildfly 10.1 application server.
This webapp is listened on: http://localhost:8080/app-profile-jsp/ (1)
I successful installed nginx. The server is successfull installed and I test to serve static web pages and images.
Now I want configure nginx to acccess the web app from
"http://www.frizio.local" (2) url.
I configure this address in /etc/hosts.
My configuration in nginx is the following:
server {
listen 80;
server_name frizio.local www.frizio.local;
access_log /var/log/nginx/static.access.log;
error_log /var/log/nginx/static.error.log;
root /srv/http/static;
location / {
proxy_pass http://localhost:8080/app-profile-jsp;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
location /pics {
autoindex on;
autoindex_exact_size off;
}
}
When I try to access to (2) the server respond "404 not found".
Thanks in advance
I think you missed the trailing / of the proxypass :
proxy_pass http://localhost:8080/app-profile-jsp/;
An other thing, I don't think you need the proxy_redirect off; here.
Hope it helped !

Spring, SockJS - error during WebSocket handshake: Unexpected response code 400

I have implemented BE application with WebSockets support using Spring Boot. I use SockJS in order to connect to my WebSocket endpoint and during the connection process I get a following error:
error during WebSocket handshake: Unexpected response code: 400
but then (as you can see at the image above) everything is working fine and websocket opened.
Right now I don't understand what can be a reason of this issue and how to fix it. Please help.
UPDATED
Thanks for the paweln1986 help I have fixed version issue with SockJS lib but the issue with Unexpected response code 400 still exists:
I also using nginx in front of Tomcat 8. This is my nginx config:
server {
listen 443 ssl;
server_name myserver.com;
ssl on;
location /api/ {
proxy_pass_header X-XSRF-TOKEN;
proxy_pass http://localhost:8081/api/;
proxy_set_header Origin "http://localhost:8081/api/";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
}
location /dashboard/ {
proxy_pass http://localhost:8081/dashboard/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /manager {
proxy_pass http://localhost:8081/manager/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
root /srv/www/htdocs/myserver/;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /srv/www/htdocs/;
}
}
You have wrong version of SockJS.
On the browser side, applications can use the sockjs-client (version 1.0.x) that emulates the W3C WebSocket API
http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html
You are missing two things under your /api/ section
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
https://www.nginx.com/blog/websocket-nginx/
This complication also occurs if you are using SSL with Amazon load balancers. The listener of the elb should have an entry of SSL(instead of HTTPS) with load balancer port as 443 and instance protocol as TCP with instance port as 80 (Don't forget to add certificate)
This will enable WebSocket traffic to pass through.
For detailed reference :
https://blog.jverkamp.com/2015/07/20/configuring-websockets-behind-an-aws-elb/

How do i deploy a Vaadin Spring server on a non-root URL

I am trying to deploy two instances of a Vaadin Spring application using nginx to redirect requests to the appropriate instance.
The first server should be available at www.example.org/, the second one at www.example.org/second/, both at port 80. The first server listens to port 9002, the second to port 9003.
My nginx configuration looks like this:
server_name www.example.org localhost;
root /;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_cookie_path ~*^/.* /;
proxy_pass http://127.0.0.1:9002/;
proxy_redirect off;
}
location /second/ {
proxy_set_header X-Forwarded-Host $host/second;
proxy_set_header X-Forwarded-Server $host/second;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host/second;
proxy_cookie_path ~*^/.* /;
proxy_pass http://127.0.0.1:9003/;
proxy_redirect off;
}
}
The first server works completely fine.
I can also access the second server; requests to any of its URLs correctly redirect me to its login page. As soon as i click a button, i get a session expired message. From the nginx access logs, it looks like the button click triggers a POST request which goes to /vaadinServlet/UIDL/?v-uiId=0 and returns code 200 (OK).
I believe the request should really go to /second/vaadinServlet/UIDL/?v-uiId=0. Thus, i am stuck on the login page.
Am i correct in my assumption that the vaadinServlet request goes to the wrong URL? If so, how do i get it to go to the correct one?
I am thinking of using nginx to extract the necessary information from the referral URL but i believe it should be possible to configure Vaadin/Spring to handle this case.

Get client's real ip behind upstream

How to get client's ip behind upstream in nginx?
Now I use next configs:
# upstream listener
upstream ts {
server localhost:841 weight=10 max_fails=3 fail_timeout=10s;
server 10.1.3.209:8080 backup;
}
# server listener
server {
listen 80;
server_name 10.9.24.45;
location / {
proxy_pass http://ts;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# app listener
server {
listen 841;
server_name localhost;
charset utf-8;
access_log /var/log/nginx/access_ts.log;
error_log /var/log/nginx/error_ts.log;
client_max_body_size 16M;
set $www /www;
set $root $www/apps/ts/ROOT;
include /etc/nginx/sites-available/locations;
location / {
proxy_pass http://localhost:840;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
include /etc/nginx/sites-available/location-config;
}
}
In my java app I use X-Real_IP header to get client's ip and all were fine, but after I start use another config with upstream I see only 127.0.0.0. Think this correct, but I need to get a real ip for my app.
How can I get a real ip behind nginx upstream?
I see some answers like proxy_set_header realip $remote_addr, but what can I do without my java app change.
i had the same issue, the problem is the header you forward change
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Into:
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;

Categories

Resources