Thursday, August 9, 2018

reverse proxy - Simple Nginx proxy_pass (driving me crazy)

Nagios is served by an nginx virtual server named "nagios" with the following configuration:



    # nagios server

    server {
        server_name     nagios;
        root            /usr/share/nagios/share;
        listen          80;
        index           index.php index.html index.htm;
        access_log      /etc/nginx/logs/nagios.access.log; 
        allow 10.10.0.0/16;
        allow 127.0.0.1;



        location ~ \.php$ {
            fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  AUTH_USER "nagios";
            fastcgi_param  REMOTE_USER "nagios";
            fastcgi_index  index.php;
            include        fastcgi.conf;
            }

        location ~ \.cgi$ {

            root            /usr/share/nagios/sbin;
            rewrite         ^/nagios/cgi-bin/(.*)\.cgi /$1.cgi break;
            fastcgi_param   AUTH_USER "nagios";
            fastcgi_param   REMOTE_USER "nagios";
            fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            include         fastcgi.conf;
            fastcgi_pass    unix:/run/fcgiwrap.sock;
            }

        location /nagios {

            alias /usr/share/nagios/share;
        }


This works well from within the LAN. For accessing from external sites. I have a single public address ("newcompany.com"), and I would like to reverse-proxy the entire Nagios site (including the CGI location) to "https://newcompany.com/nagios". I have tried all kinds of rewrites and proxy_passes, none of which wok. Can somebody show me how the location directive "/nagios" within the secured "newcompany.com" server should look like in order to properly reverse-proxy to the nagios server? Here is the current (broken) version of the upstream server:



server {
    server_name newcompany.com antergos1;
    listen 80 default_server;
    root /usr;

    index     index.php index.html index.htm;
    access_log logs/default.access.log;
    error_log logs/default.error.log;


    location ~ \.(php|html|html|cgi)$ {
        fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param   AUTH_USER $remote_user;
        fastcgi_param   REMOTE_USER $remote_user;

        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_index  index.php;
        include        fastcgi.conf;
        }

    location /nagios {
        index index.php index.html index.htm;
        proxy_pass http://nagios/;
        }
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...