Nginx reverse proxy hide url

Question

Here is my nginx proxy.conf file,

server {
    listen port 9090;
    root /usr/share/nginx/html; # not sure whether this line is needed or not
    index index.html; # not sure whether this line is needed or not
    location / {
        proxy_pass http://google.com
    }
}

I'm trying to hide the original website address, example google.com behind my localhost:9090.

But when i start nginx service using this proxy.conf file and type localhost:9090 in my browser it is correctly redirecting me to google.com but it is revealing the url google.com in the browser.

I saw some questions here like How to hide backend URL/URI with Nginx reverse proxy , but i didn't quite get an answer to my problem.

If you need any additional information regarding this please ask in the comments. I'm ready to provide any information if that allows you to give me a solution to my problem.

Answer 1

Example for Ubuntu 16.04 and Ubuntu 18.04

Backends that return hard (301) or temporary (302 or newer 303) redirects to the browser – the browser executes them – can easily take the user away from your Nginx. This can be intercepted with Lua.

What I show here is at least legally in the grey area, but rather black (regarding Google). Do not bring into production! All the security headers that Google attaches to the requests will spoil your fun anyway.

Installation

# sudo apt purge nginx-*  # maybe necessary, backup your /etc/nginx/… configs before!
sudo add-apt-repository ppa:nginx/stable
sudo apt-cache show nginx-extras | grep -P '((xenial)|(bionic))'
sudo apt install nginx-extras  # Lua support (nginx-extras is > nginx-full)

Config

/etc/nginx/sites-available/test.conf

server
{
    listen 80;
    listen [::]:80;

    server_name niegit.com;

    # Nginx vs. Lua
    #
    # Comment: # vs. --
    # Concat: NIL vs. ..
    # $request_uri vs. ngx.var.request_uri  # path with query string
    # $is_args$args vs. ngx.var.is_args .. ngx.var.args  # query string
    # $1 vs. ngx.var[1]  # regex capturing group 1
    # $2 vs. ngx.var[2]  # regex capturing group 2

    location /
    {
        rewrite_by_lua_block
        {
            -- Probs with AJAX/XHR and/or Websockets!
            ngx.log(ngx.ALERT, 'See this text in /var/log/nginx/error.log')
            local map = {
                GET = ngx.HTTP_GET,
                POST = ngx.HTTP_POST,
            }
            ngx.req.read_body()
            local res = ngx.location.capture('/location_2' .. (ngx.var.request_uri or ''), {
               method = map[ngx.var.request_method],
               body = ngx.var.request_body
            })

            -- Detect/change redirect...
            local redirect_target = res.header.Location
            if redirect_target and res.status > 300 and res.status < 309 then
                ngx.log(ngx.ALERT, redirect_target)
                local redirect_target_changed, n, err = ngx.re.gsub(redirect_target, 'https?[:]//(?:www[.])?google[.]com(?:[:][0-9]*)?', 'http://niegit.com')
                ngx.log(ngx.ALERT, redirect_target_changed)
                return ngx.redirect(redirect_target_changed, 303)
            else
                ngx.exec('@named_location_3')
                return ngx.exit(ngx.HTTP_OK)
            end
        }
    }

    location /location_2
    {
        proxy_pass https://www.google.com/;
    }

    location @named_location_3
    {
        proxy_pass https://www.google.com$request_uri;
    }
}

Activate

cd /etc/nginx/sites-enabled
sudo ln -s ../sites-available/test.conf test.conf
sudo nginx -t
sudo service nginx reload  # or newer: sudo systemctl reload nginx

If there are no sites-available and sites-enabled folders, simply put test.conf in your conf.d folder.

Testing

curl -I niegit.com  # not active at the moment

If you offer foreign backends under your own domain, this should only happen for test purposes or you ask the owner. The example shown here can of course be used legally for your own backends and save your ass. ;)