1

This is another question regarding the Nginx redirect/proxy_pass mechanism.

My problem is the following : I have a website domain.tld and a second one blog.domain.tld. And I want to source the content of domain.tld/blog with the content of blog.domain.tld. It has to be invisible for the user. So, I guess the way to do it would be to use something around the proxy_pass directive.

I tried that without luck : server { listen 443 ssl; [...] location ~ /blog { #rewrite ^/blog(.*) https://blog.domain.tld$1 permanent; proxy_pass https://blog.domain.tld; proxy_set_header Host blog.domain.tld; } location / { proxy_pass http://localhost:8004; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }

But I have a 404 in domain.tld logs : $ curl -I https://domain.tld/blog HTTP/1.1 404 Not Found

My guess is : the request is sent to https//blog.domain.tld/blog whereas it should be sent to https://blog.domain.tld/. So, I'm looking for a way to rewrite this request with the good shape.

Any insights ?

UPDATE: the full config file asked in comment :

server { 
    listen 80;
    server_name zenergie.engie.happy-dev.fr energiefutee.fr;

    root /opt/zenergie/;

    location /.well-known/ {
            try_files $uri =404;
    }

    location / {
            return 301 https://$host$request_uri;
    }
}       

server {
    listen 443 ssl; 

    server_name zenergie.engie.happy-dev.fr energiefutee.fr;
    charset utf-8;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    # disable SSL protocols ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;   # remove deprecated ciphers 
    ssl_prefer_server_ciphers On;
    ssl_certificate /etc/letsencrypt/live/zenergie.engie.happy-dev.fr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/zenergie.engie.happy-dev.fr/privkey.pem;
    ssl_session_cache shared:SSL:128m;  
    #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";     # tell the browser to force HTTPS for one year
    ssl_stapling on;        # activate OCSP
    ssl_stapling_verify on;

    access_log /opt/zenergie/logs/access.log;
    error_log /opt/zenergie/logs/error.log;

    root /opt/zenergie/;

    location ~ /blog {
            #rewrite ^/blog(.*) https://zenenergie-blog.staging.happy-dev.fr$1 permanent;
            proxy_pass https://zenenergie-blog.staging.happy-dev.fr;
            proxy_set_header Host zenenergie-blog.staging.happy-dev.fr;
    }

    location ~ /static/ {
            add_header X-Static hit;
    }

    location ~ /media/ {
            add_header X-Static hit;
    }

    location / {
            proxy_pass http://localhost:8004;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;      
    }

}
Plup
  • 161
  • 1
  • 7
  • Your question doesn't say which of these hostnames you are having trouble with? – Michael Hampton Feb 24 '17 at 21:57
  • I have the problem with both. But I don't think it's really a problem. It's more likely that something is missing in the configuration to "redirect" the proxy_pass request to the root of the targer domain name. – Plup Feb 24 '17 at 22:32

1 Answers1

0

Your blog location should have a rewrite that strips the /blog from the incoming URL, like the below code.

    rewrite ^/blog(.*) /$1 break;

However, usually you want to redirect /blog to /blog/ because any relative urls in your blog will point to the wrong location otherwise. For example, let's say the html returned from the url https://blog.domain.tld/ references the URL image.png. The browser would interpret the full URL as https://blog.domain.tld/image.png. If you don't redirect to /blog/ then serving up the content at https://domain.tld/blog will end up with the browser interpreting that relative link as http://domain.tld/image.png instead of https://domain.tld/blog/image.png. In short, you'll have a broken image.

So here is a version with a redirect too.

    location ~ /blog {
            rewrite ^/blog$ /blog/ redirect;
            rewrite ^/blog(/.*) /$1 break;
            proxy_pass https://blog.domain.tld;
            proxy_set_header Host blog.domain.tld;
    }
Peter Dolberg
  • 316
  • 1
  • 4
  • Thanks but it doesn't work in combination with proxy_pass. The rewrite redirect request from https://domain.tld/blog to https://domain.tld/ and the break prevent the proxy_pass directive from analysis. – Plup Feb 28 '17 at 11:59