57

So I'm setting up a virtual path when pointing at a node.js app in my nginx conf. the relevant section looks like so:

location /app {
  rewrite /app/(.*) /$1 break;
  proxy_pass http://localhost:3000;
  proxy_redirect off;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Works great, except that when my node.js app (an express app) calls a redirect.

As an example, the dev box is running nginx on port 8080, and so the url's to the root of the node app looks like:

http://localhost:8080/app

When I call a redirect to '/app' from node, the actual redirect goes to:

http://localhost/app

Paul
  • 998
  • 1
  • 11
  • 19
  • 2
    Here some answers that suggest use: proxy_set_header Host $http_host; But no one said that it can cause vulnerability (host header attack). [Attack example here](https://github.com/aspnet/AspNetCore/issues/2954#issuecomment-373284921) And more info [here](https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md) –  Mar 24 '19 at 10:46

4 Answers4

64

I just had to solve the same problem with Jenkins running behind nginx. What did it for me was to include the server port into the Host header that's being sent to Jenkins:

proxy_set_header Host $host:$server_port;

Hope that helps.

Vojislav Stojkovic
  • 741
  • 1
  • 5
  • 5
  • 5
    Bingo. as @mgorven says, node is setting the redirect badly, _because nginx is forwarding the host badly_ – Eric Oct 05 '14 at 18:54
  • 1
    OMG, you have no idea how much it is to me. you saved my day man. 2016, 6 years ago you answered this, and today it saved my days. thank you :) – Jacky Supit Mar 28 '22 at 15:53
28

Per the conversation on this question, the proper resolution is to adjust the proxy's Host header directive.

Change this:

proxy_set_header Host $host;

To this:

proxy_set_header Host $http_host;

$http_host holds the value as specified in HTTP HOST header, which includes the port. Redirects should pick up the custom port without further customization to OP's setup.

These answers (same ticket) elaborate further:

Frank Koehl
  • 381
  • 3
  • 4
22

The problem is that the Node.js application is not issuing the redirect correctly. You may be able to use proxy_redirect to correct this in nginx:

proxy_redirect http://localhost/ http://localhost:8080/;
mgorven
  • 30,615
  • 7
  • 79
  • 122
7

I tried the above solutions, but they all failed whenever the node application issued a fully qualified URL in the location header, such as "http://nodeapp.com:8080/new/location"

So I wound up using the $http_host to pass host and port. And using a match ~^ to rewrite the urls entirely.

  proxy_pass http://10.0.0.3:8080;

  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $http_host;

  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  proxy_redirect default;
  proxy_redirect ~^(https?://[^:]+):\d+(?<relpath>/.+)$ http://10.0.0.3:8000$relpath;

In our case, the Node server is running on 8080, and our nginx proxy is running on 8000. This means that every fully qualified URL in a location header needs to be re-written. Hope this helps someone !!

Mark Riggins
  • 71
  • 1
  • 2