5

I am trying to setup nginx 1.0.12 as a proxy for apache 2.2.15, but faced a strange problem. And I cannot solve it for third day in a row. I have test site c-craft.info and have installed roundcube in /roundcube subdirectory. So here is the problem:

If you will try to open http://c-craft.info/roundcube you will get strange redirect back to your own IP address. So it seems that nginx tries to download static files from the remote_addr. But if you will add trailing slash to uri like roundcube/ it will work.

Another example: try to open http://www.contra.lv - you also will get redirect back to your own IP address and again nginx tries to download static files from the remote_addr.

Interesting thing is that connencting through apache works nice:

c-craft.info:9091/roundcube

contra.lv:9091

I really need your advice how to fix it, cause I am stuck... Here is my current config files:

nginx.conf

user nginx;
worker_processes 2;
pid /var/run/nginx.pid;

events {
    worker_connections 2048;
    use epoll;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $request '
    '"$status" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    client_max_body_size 64m;
    client_body_buffer_size 256k;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    keepalive_timeout 65;

    gzip on;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_buffers 16 8k;
    gzip_disable "MSIE [1-6].(?!.*SV1)";

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

sites-enabled/default

server {
    listen 80 default;
    server_name _;
    server_name_in_redirect off;
    server_tokens off;
    access_log /var/log/nginx/default.access.log;
    error_log /var/log/nginx/default.error.log;

    location / {
        proxy_pass http://8*.***.**.**6:9091;
        include /etc/nginx/proxy.conf;
    }
}

sites-enabled/c-craft.info.conf

server {
    listen 80;
    server_name www.c-craft.info c-craft.info;
    server_name_in_redirect off;

    access_log /var/log/nginx/c-craft.info_access_log;
    error_log /var/log/nginx/c-craft.info_error_log;

    location / {
        proxy_pass http://8*.***.**.**6:9091;
        include /etc/nginx/proxy.conf;
    }

    location ~* ^.+\.(jpe?g|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar)$ {
        expires 30d;
        root /home/c-craft/public_html;
    }
}

sites-enabled/contra.lv.conf

server {
    listen 8*.***.**.**6:80;
    server_name www.contra.lv contra.lv;
    access_log /var/log/nginx/contra.lv_nginx_access_log;
    error_log /var/log/nginx/contra.lv_nginx_error_log;

    location / {
        proxy_pass http://8*.***.**.**6:9091;
        include /etc/nginx/proxy.conf;
    }

    location ~* ^.+\.(jpe?g|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar)$ {
        expires 30d;
        root /home/contra/public_html;
    }
}

proxy.conf

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 16k;
proxy_buffers 32 8k;
proxy_busy_buffers_size 64k;

In apache httpd.conf I have:

Listen 9091
UseCanonicalName Off
<VirtualHost 8*.***.**.**6:9091>

Thank you in advance for any advice you have.

Dmitrijs Rekuns
  • 161
  • 3
  • Why do you have `proxy_redirect off;` set? If you remove that from `proxy.conf`, what happens? – pjmorse Feb 24 '12 at 14:39
  • @pjmorse Thank you for your help. Dunno, I was following the tutorial, cause do not know nginx so well. I just removed `proxy_redirect off;` like `#proxy_redirect off;`, but nothing changed... Still it redirects back to IP. May be the problem not in nginx? Some apache setting or... :( – Dmitrijs Rekuns Feb 24 '12 at 15:50
  • Two more things to try: in all my nginx proxy blocks, I end the block with `break;`. I don't know if that would help you, though, because I can't find documentation for why I'm doing it. :) Another thing my proxy blocks tend to have is an "upstream" definition, such that I am proxying to `http://apache` rather than an IP/port combination as you are. Again, I can't imagine why this would make a difference. If these don't help, you might be right, the issue might be in Apache and not Nginx. – pjmorse Feb 24 '12 at 16:24
  • Nope, nothing helps :( This really drives me crazy... Can't beleive that it is in apache, cause on port 9091 everything works as it should... Oh man, how hard to find where the problem is. Sure, it some little thing that I am missing :( – Dmitrijs Rekuns Feb 24 '12 at 20:23
  • 1
    What's running in Apache? It's gonna be what's generating the redirect, I bet. It's a bit crazy, but I think the `$remote_addr` is ending up in the `Host` header field, which is what it's using to generate the redirect; try commenting out `proxy_set_header Host $host;` and see if the behavior changes? Can you capture a full request in `tcpdump` or wireshark as it's sent from nginx to Apache? – Shane Madden Feb 24 '12 at 21:15
  • @Shane Madden Thank you for your help. I am using virtualmin on server and Apache ir running in `fastcgi` mode. Changing to `mod_php` does not help. If I commenting out `proxy_set_header Host $host;` i get mess when trying to access contra.lv addrees, bet c-craft.info/roundcube still redirects back. How should I use tcpdump to capture request? – Dmitrijs Rekuns Feb 24 '12 at 22:57
  • Ok, I think I found the problem. For some reason `$_SERVER["HTTP_HOST"]` is incorrect - it is getting equal to `$remote_addr`, but not always... this is weird. I am trying to understand how does this happen, is it nginx, apache or PHP problem? – Dmitrijs Rekuns Feb 26 '12 at 13:44
  • So this sounds like nginx problem... you can check two test addresses: http://contra.lv/server.php and http://contra.lv:9091/server.php. You can see, that `HTTP_POST` is different on nginx and apache... – Dmitrijs Rekuns Feb 26 '12 at 14:17
  • 1
    I solved one of the problems. On another forum user adviced me to change `$host` to `$http_host` in the `proxy.conf` and add there new line: `proxy_set_header X-Forwarded-Host $http_host;` `$_SERVER["HTTP_HOST"]` is correct now and contra.lv is working In fact after adding this line `proxy_set_header X-Forwarded-Host $http_host;` everything it started to work. But in all tutorials about nginx as reverse_proxy there is nothing about this line... And the problem with trailing slash still exists: http://c-craft.info/roundcube still redirects back to $remote_addr. – Dmitrijs Rekuns Feb 26 '12 at 19:33
  • Maybe a silly question but have you tried adding the trailing slash to:`proxy_pass http://8*.***.**.**6:9091/;` in the location block? – devatnull Nov 11 '14 at 20:29

1 Answers1

1

Your proxy_pass directives should all have trailing slashes, for example, from your default configuration (amended); 

  server {
    listen 80 default;
    server_name _;
    server_name_in_redirect off;
    server_tokens off;
    access_log /var/log/nginx/default.access.log;
    error_log /var/log/nginx/default.error.log;

    location / {
        proxy_pass http://8*.***.**.**6:9091/;
        include /etc/nginx/proxy.conf;
        }
    }

If you update all of your proxy_pass statements as above to include the trailing slash, you should find that you no longer require the trailing slash in your requested URL, and as such you should no longer see the erroneous returns to your own IP address as you describe.

BE77Y
  • 2,667
  • 3
  • 18
  • 23