Prevent NGINX to remove the port

Question

I want to keep the ServerName and Port dynamicly on my rewrite: Lets say the Firewall redirect port 8081 to 80. So, if i access the webserver for example with "192.168.1.123/frontend" or "my.domain.tld:8081/frontend" i should be redirect to "192.168.1.123/frontend/" or "my.domain.tld:8081/frontend/"

If i use the normal redirect rewrite ^(.*[^/])$ $1/ permanent; and i access with the port 8081 the port got removed. (I already tried port_in_redirect off;)

I use almost the default configuration:

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;
        rewrite ^(.*[^/])$ $1/ permanent;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi.conf;
        }
}

Thank you in anticipation!

SOLUTION: Thanks to the NGINX Mailing list! I fixed this problem with a rewrite rule:

if (-d $request_filename) {
    rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}

Nginx has no idea that there is a port in request. So, you can't prevent it. But you could redirect to a full uri instead — Alexey Ten, Sep 16 '16 at 05:00
Anyway it's a weird idea to make firewall redirect port 8081 to 80 — Alexey Ten, Sep 16 '16 at 05:01
@AlexeyTen why does nginx does not know that there is a port? If I access the website with my.domain.tld:8081/frontend/ nginx does not remove the port, the port only got removed if I access without the slash at the end — Gurkengewuerz, Sep 16 '16 at 05:40
Nginx does not remove port because it does not redirect you. It doesn't care what you see in browser. But it accept connection on port 80 and this is the only port nginx knows about. When you access url without slash nginx redirects you to url with slash and at this moment it generated url without port (because 80 is default). — Alexey Ten, Sep 16 '16 at 08:08
When I've tested various options that others reported to be successful, it first wasn't working. I had to clear the cache of the site (e.g. by using Developer Tools -> Network -> [x] Disable Cache) to finally see the successful redirect. — Leon, Nov 24 '22 at 00:25

Ghis · Accepted Answer · 2018-09-03T12:10:29.320

13

I finally found a solution to the problem you've well described. I made it work with URL rewriting, but it seemed a bit overkill.

So, for anyone having the same problem, it appears the cleanest solution would be to replace this :

proxy_set_header Host $host;

with this :

proxy_set_header Host $http_host;

With this setup, Nginx will keep the port in your redirections, no matter you firewall configuration.

Hope this helps. Cheers !

edited Sep 03 '18 at 12:10

answered Aug 26 '18 at 17:41

Ghis

845
10
16

1

Hello, what is the explanation of this? I am very interested why it works – nurgasemetey May 05 '21 at 10:49
Also worked for me and fixed my issue , had oAuth redirection localhost:8000 going localhost because of missing slashtail ... now works as expected. – sebastienbarbier Jan 25 '22 at 11:30

score 2 · Answer 2 · answered Nov 06 '18 at 22:07

a good chunk of mine... about 1/3rd of the file... /etc/nginx/sites-enabled/Site.conf

might see some helpful stuff in here... everything works... my nginx is tuned up. my ssl gets 100% across the board too, and the ports i do expose have really long complicated ass passwords i had to write down to remember, or there's just dev and testing junk that can't do any harm. but still.. obscured so you can put your own darn values in.

    ####################################################
    upstream dev {
        server 127.0.0.1://port// weight=1 fail_timeout=300s;
        keepalive 16;
      }
    ####################################################
    upstream l33t {
        server 127.0.0.1://port// weight=1 fail_timeout=300s;
        keepalive 16;
      }
    ####################################################
    upstream authserver {
        server 127.0.0.1://PORT// weight=1 fail_timeout=300s;
        keepalive 16;
      }


    #######################
    #  whereyougoing :80  #
    #######################

#nowhere..         you're going.... nowhere...

    ######################
    #   - FORCE HTTPS -  #
    ######################

    server {
        listen 80;
        server_name YOURSITE.COM;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://YOURSITE.COM permanent;
    }

    server {
        listen 80;
        server_name www.YOURSITE.COM;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://www.YOURSITE.COM permanent;
    }


    server {
        listen 80;
        server_name auth.YOURSITE.COM;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://auth.YOURSITE.COM permanent;
    }

    server {
        listen 80;
        server_name its.YOURSITE.COM;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://its.YOURSITE.COM permanent;
    }


    ######################################################
    #############  SSL SERVER starts here  ###############
    ######################################################

    server {

        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        server_name YOURSITE.COM www.YOURSITE.COM auth.YOURSITE.COM its.YOURSITE.COM;
        root /var/www/wordpress;
        index index.php index.htm index.html;
        access_log /var/log/nginx/rocketstack_ssl_access.log;
        error_log /var/log/nginx/rocketstack_ssl_error.log;

    #######################################
    #            Lock it down             #
    #######################################

    # SSL certificate locations
        ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;

    # Exclusions
        include snippets/exclusions.conf;

    # Security
        include snippets/security.conf;
        include snippets/ssl.conf;

    # Fastcgi cache rules
        include snippets/fastcgi-cache.conf;
        include snippets/limits.conf;
        include snippets/nginx-cloudflare.conf;

    ############################################
    #             port-authority               #
    ############################################

    if (-d $request_filename) {
        rewrite [^/]$ $scheme://$http_host$uri/ permanent;
    }

    ############################################
    #                Locations                 #
    ############################################

        location / {
            try_files $uri $uri/  /index.php?$args;
        }

        location /FOO {
            alias /var/www/devl;
            index index.php index.html index.htm;
            try_files $uri $uri/               /index.php?$args;
            autoindex                          on;
        }

        location /BAR {

              proxy_set_header Origin           http://$host;
              proxy_set_header Host             $http_host:$server_port;
              proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
              proxy_set_header Upgrade          $http_upgrade;
              proxy_set_header Connection       $http_connection;
              proxy_http_version 1.1;
          }


    ################# Fastphp accelleration #############

        location ~ \.php$ {
            try_files $uri =404;
            include snippets/fastcgi-params.conf;
            fastcgi_pass unix:/run/php/php7.2-fpm.sock;

    # Skip cache based on rules in snippets/fastcgi-cache.conf.

            fastcgi_cache_bypass     $skip_cache;
            fastcgi_no_cache         $skip_cache;

    # Define memory zone for caching.

            fastcgi_cache rocketstack;

    # Define caching time.

            fastcgi_cache_valid 60m;

    #increase timeouts

            fastcgi_read_timeout 3000;
            fastcgi_connect_timeout 3000;
            fastcgi_send_timeout 3000;
            proxy_read_timeout 3000;
            proxy_connect_timeout 3000;
            proxy_send_timeout 3000;
            send_timeout 3000;

    # Flexible SSL to be used So the server can talk non-ssl internally

            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-NginX-Proxy true;
        }
    }

    ##############################################
    ###########    Server ends here    ###########
    ###########                        ###########
    ###########  Call upstream starts  ###########
    ###########                        ###########
    ##############################################



          #######################
          #     auth-serve      #
          #######################

    server {
        listen 9001 ssl;

    #############  Lock it down  ################

    # SSL certificate locations
        ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;

    # Exclusions

        include snippets/exclusions.conf;

    # Security

        include snippets/security.conf;
        include snippets/ssl.conf;

    # Fastcgi cache rules

        include snippets/fastcgi-cache.conf;
        include snippets/limits.conf;
        include snippets/nginx-cloudflare.conf;

    ###########  Send to Location upstream ##############

        location /authserver {
            proxy_redirect /*                 /$1;
            proxy_pass http://authserver/;
            proxy_set_header Origin           $host;
            proxy_set_header Host             $host:$server_port;
            proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header Upgrade          $http_upgrade;
            proxy_set_header Connection       $http_connection;
            proxy_http_version 1.1;
        }

Melvin · Answer 3 · 2022-08-01T10:06:03.267

I have tried the configuration in vhost with above mention

I also have similar case, I have a odoo instance in my home network need access from internet, but My port 80;443 has blocked by my ISP, So I have to use other ports, I use port forwarding in my router 8059 forward to 192.168.1.106:443

Try #1 when I Entered

erp.example.com:8059

return [not working] erp.example.com/web

which Nginx remove the port number i entered automatically

Try #2 Entered

erp.example.com:8059/web

   Return [successful] erp.example.com:8059/web/login

Try #3 another appplication [Nextcloud] Entered

nextloud.example.com:8060

   Return [successful] See, Nextcloud working well, is apication problem or  Nginx?

Prevent NGINX to remove the port

3 Answers3

Linked