0

Is there a "proper" structure for the directives of an NGINX Reverse Proxy? I have seen 2 main differences when looking for examples of an NGINX reverse proxy.

  1. http directive is used to house all server directives. Servers with data are listed in a pool within the upstream directive.
  2. server directives are listed directly within the main directive.

Is there any reason for this or is this just a syntactical sugar difference?

Example of #1 within ./nginx.conf file:

upstream docker-registry {
  server registry:5000;
}

http {
  server {
    listen 80;
    listen [::]:80;

    return 301 https://$host#request_uri;
  }

  server {
    listen 443 default_server;
    ssl on;
    ssl_certificate external/cert.pem;
    ssl_certificate_key external/key.pem;
    
    # set HSTS-Header because we only allow https traffic
    add_header Strict-Transport-Security "max-age=31536000;";

    proxy_set_header Host       $http_host;   # required for Docker client sake
    proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP

    location / {
      auth_basic "Restricted"
      auth_basic_user_file    external/docker-registry.htpasswd;
      
      proxy_pass http://docker-registry; # the docker container is the domain name
    }
    
    location /v1/_ping {
      auth_basic off;
      proxy_pass http://docker-registry; 
    }
  }
}

Example of #2 within ./nginx.conf file:

server {
  listen 80;
  listen [::]:80;
  
  return 301 https://$host#request_uri;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  
  error_log  /var/log/nginx/error.log  info;
  access_log /var/log/nginx/access.log main;

  ssl_certificate     /etc/ssl/private/{SSL_CERT_FILENAME};
  ssl_certificate_key /etc/ssl/private/{SSL_CERT_KEY_FILENAME};

  location / {
    proxy_pass http://app1
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $remote_addr; # could also be `$proxy_add_x_forwarded_for`
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Request-Start $msec;
  }
}
Torc
  • 1,148
  • 6
  • 20
  • 43

1 Answers1

1

I dont quite understand your question, but it seems to me that the second example is missing the http {}, I dont think that nginx will start without it. unless your example2 file is included somehow in the nginx.conf that has the http{}

Tch
  • 1,055
  • 5
  • 11
  • Yes exactly, I have seen both styles on various tutorial-focused articles and within various GitHub repos. The inclusion of the `http` directive or lack thereof for a reverse proxy is what is odd to me. NGINX will start with either structure. Is this potentially because the `nginx.conf` rules are being appended to default rules set out in `/etc/nginx/conf.d/` or something like that? – Torc Jan 24 '21 at 15:50
  • 1
    it sure is. nginx is not allowing such directives outside of http{}. and of course has nothing to do with proxying, reverse proxying or anything else of the kind. server directive is allowed only inside http – Tch Jan 24 '21 at 16:02
  • Excellent, thank you for the clarification! I wish I could see where / why that is happening within the documentation – Torc Jan 24 '21 at 16:11