0

I'm trying to setup a proxy with Nginx for Percona Monitoring and Management (PMM). I'm using their public demo site for a testing purpose.

The goal is to expose PMM interface via URL like https://localhost.local/pmm.

server {
    listen 443 default_server ssl http2;
    server_name localhost;

    ssl_certificate /etc/pki/tls/certs/localhost.crt;
    ssl_certificate_key /etc/pki/tls/private/localhost.key;

    location ^~ /pmm/ {
        proxy_pass https://pmmdemo.percona.com/;
        rewrite ^/pmm/(.*) /$1 break;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Authorization "";
    }

}

There are a few different URLs on the backend software.

This is currently NOT working properly and I can see a 404 requests in the browser console for URLs like https://localhost/graph/public/build/grafana.dark.css?v5.0.4

I tried to add a rewrite rule: rewrite ^/pmm/(.*) /$1 break; but this still didn't help.

HTF
  • 3,148
  • 14
  • 52
  • 82

2 Answers2

1

Viewing the source on Percona's PMM demo page reveals this:

<base href="/graph/" />    
<link rel="stylesheet" href="public/build/grafana.dark.css?v5.0.4">

Put together, these are the source of the 404 URL you mentioned. So the proxy is working correctly for the initial request, it's just that subsequent requests are getting 404'd because they aren't getting directed to the proxy.

The ideal solution seems like it would be to change <base href="/graph/" to <base href="/pmm/graph", but some brief googling reveals that this may not be possible (I see you found the same thread.)

It might be best to simply use a different hostname, e.g. percona.local. This will allow you to use a separate server block in Nginx that does nothing but proxy all requests to your Percona backend. Then you won't have to worry about base URLs, /graph/, etc.

Then, if you're only planning to access Percona from the local machine then you can simply point whatever hostname you desire to 127.0.0.1 in your hosts file, and you're good. If you need any kind of remote access, e.g. intranet, then you'll have to do some messing with DNS.

Joseph Montanaro
  • 548
  • 1
  • 4
  • 13
0

Passing through from NGINX

I used code similar to the following below, to forward a web UI outside of docker, it should work for your use too.

Config changes

upstream source {
    server source:8081;
}

...

location /source/ {
    proxy_pass   http://source/;
    proxy_set_header Authorization "";
}
jrtapsell
  • 1,176
  • 1
  • 10
  • 15