0

We have been trying for days (we tested hundreds of setups) to make a Nginx Reverse Proxy successfully reverse proxy a web application that needs FQDNs (this is mandatory for this web application to work).

Using the configuration below for the Nginx Reverse Proxy together with a local DNS service (see resolver attribute) that knows the FQDN we can successfully make these http calls...

server {
    access_log /var/log/nginx/apps.mbr.domain.abc-access.log;
    error_log /var/log/nginx/apps.mbr.domain.abc-error.log;
    server_name *.apps.mbr.domain.abc;

    location / {
        proxy_pass https://$host$request_uri;
        resolver 127.0.0.1:53;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_ssl_server_name on;
    }

    listen 443;
    ssl_certificate /etc/letsencrypt/live/apps.mbr.domain.abc/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/apps.mbr.domain.abc/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

... , however if I change the proxy_pass attribute to using an IP as shown here...

server {
    access_log /var/log/nginx/apps.mbr.domain.abc-access.log;
    error_log /var/log/nginx/apps.mbr.domain.abc-error.log;
    server_name *.apps.mbr.domain.abc;

    location / {
        proxy_pass https://10.2.0.18:443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_ssl_server_name on;
    }

    listen 443;
    ssl_certificate /etc/letsencrypt/live/apps.mbr.domain.abc/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/apps.mbr.domain.abc/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

... the web application reports not knowing the URL (error). In other words, clearly there is some parameter/data (we don't know what it is) that is added by the DNS service to the http call.

QUESTION: What is the local DNS service provided parameter/data that Nginx Reverse Proxy is not providing?

NOTE: We are asking this because we believe this is something that can be provided by the Nginx Reverse Proxy itself so that we will not need to use the local DNS service.

Thanks! =D

Eduardo Lucio
  • 1,771
  • 2
  • 25
  • 43
  • 1
    Your question is offtopic here as it pertain more to server configuration than programming. But for `https://10.2.0.18:443;` are you sure that host has the relevant "SSL" certificate with the IP address in it? This is highly unusual. While you can technicall have HTTPS URLs with IP address this is not common, and probably the source of your problem. Can you connect yourself to this URL without errror? As for "there is some parameter/data (we don't know what it is) that is added by the DNS service" no there is not. DNS just maps names to IP addresses. – Patrick Mevzek Jul 27 '21 at 05:19
  • 1
    try adding `proxy_ssl_name $host` – Dusan Bajic Jul 27 '21 at 08:09
  • I completely agree with you @PatrickMevzek ! But the application is OpenShift (OKD) 4.X and this application is a mess! I already told the leader of this project that things can't be like that, but they didn't listen to me and created the application in such a way that it only accepts requests if it's via HTTPS (even if it uses a self-signed SSL certificate). – Eduardo Lucio Jul 27 '21 at 15:31
  • "Can you connect yourself to this URL without errror?" -> Yes! =D – Eduardo Lucio Jul 27 '21 at 15:31
  • @DusanBajic Perfect answer! Problem solved! This was the missing "piece"! Thank you very much! Please put this as an answer so I can accept it! Thanks! =D – Eduardo Lucio Jul 27 '21 at 15:40

0 Answers0