Score:0

Server

nginx reverse proxy - proxy_pass leads to 503 service unavailable

kevin

11/15/22, 4:59 PM

i have to following configuration:

server {

    listen: 8080;
 
    location / {
        proxy_pass           https://somehost.abc.xyz;
        proxy_redirect       off;
        proxy_set_header     Host somehost.abc.xyz;
        proxy_set_header     X-Real-IP somehost.abc.xyz;
        proxy_set_header     X-Forwarded-For somehost.abc.xyz;
        proxy_set_header     X-Forwarded-Host somehost.abc.xyz;
        proxy_set_header     HELLO pizza;
    }

}

Whenever i hit the the proxy, let's say i go to http://localhost:8080/home , i get 503 service unavailable (not from the nginx service, from the app i'm trying to go to https://somehost.abc.xyz/home).

But if i just go to https://somehost.abc.xyz/home or do a redirect return 301 https://somehost.abc.xyz/home; its all good and i get to the app. Although this doesn't help me, beacuse i want to get there through the proxy so i can add a request header to every request that goes through.

Any ideas what could possibly cause this and how to solve it?

615

0 + 13

nginx

reverse-proxy

503-error

proxypass

Michael Hampton

11/15/22, 5:01 PM

Check your application's logs.

kevin

11/15/22, 5:05 PM

@MichaelHampton somehost.abc.xyz is not my application, i should have stated it in the question

Michael Hampton

11/15/22, 5:07 PM

You will have to contact whoever runs that application for assistance.

kevin

11/15/22, 5:09 PM

@MichaelHampton i did, he said he doesn't know why this is happening, any ideas what could cause this?

Michael Hampton

11/15/22, 5:10 PM

If he doesn't know, then nobody else has any hope. I think he is just trying to get rid of you. He is certainly _capable_ of knowing why it doesn't work. If he did not investigate, then he probably doesn't want you to do what you are trying to do.

kevin

11/15/22, 5:13 PM

@MichaelHampton he just doesn't really care to help, because not his problem i guess

Michael Hampton

11/15/22, 5:16 PM

You will have to work that out with him somehow.

Gerard H. Pille

11/15/22, 5:47 PM

Do you know what headers like X-Forwarded-For and X-Real-IP are used for?

kevin

11/15/22, 6:18 PM

@MichaelHampton i talked with the guy, he said he will show me the logs on sunday, hopefully i will understand more the problem and i will have more to share about the problem.

kevin

11/15/22, 6:27 PM

@GerardH.Pille X-headers are holds info about the request's origin, like x-forwarded-for is for identifying the ip of the client (user) who connected through the proxy. x-real-ip holds the ip of the user.

Gerard H. Pille

11/15/22, 6:33 PM

If you know that, then why put the application host name in them?

kevin

11/15/22, 7:20 PM

@GerardH.Pille because i don't see any reason why we care about those headers value, or am i wrong and i should care about them?

Gerard H. Pille

11/15/22, 8:34 PM

If you want to communicate, you don't talk nonsense.

djdomi

8/21/23, 5:05 PM

IMHO if the destination is not in your hands this question will be planty offtopic due the fact that it can be also a malware or spoofing try and this should definitely not bw supported

Score:1

Server

Imran Nababan

8/16/23, 6:30 PM

Try to use backend port on proxy_pass address, and is it header "HELLO" is valid to backend app?

server {
            listen: 8080;
     
            location / {
                proxy_pass          https://somehost.abc.xyz:443;
                proxy_redirect      off;
                proxy_set_header    Host                somehost.abc.xyz;
                proxy_set_header    X-Real-IP           $remote_addr;
                proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header    X-Forwarded-Host    your.host.address;
                proxy_set_header    HELLO               pizza;
    
                
                proxy_ssl_server_name   on;
                proxy_ssl_name      somehost.abc.xyz;
                # Optional
                proxy_ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
                proxy_ssl_ciphers   'Required SSL Ciphers';
                proxy_ssl_trusted_certificate   "/path/to/your/ca-cetificates.crt";
            }
        }

EDIT: using SSL Backend you should define proxy_ssl_name if you don't have backend ssl certs

0 + 0

djdomi

8/19/23, 5:44 PM

as stated, the user tries to rpoxy someone else server. adding a oort to a default request on a default port is not required and can lead in some situations to a totally different goal

Imran Nababan

8/20/23, 6:49 PM

i see.. the problem is he/she tries to reverse proxy on SSL protocol, should use proxy_ssl_protocols and ciphers, also proxy_ssl_name

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: nginx reverse proxy - proxy_pass leads to 503 service unavailable

TH: nginx reverse proxy - proxy_pass นำไปสู่บริการ 503 ไม่พร้อมใช้งาน

RO: nginx reverse proxy - proxy_pass duce la serviciul 503 indisponibil

RU: Обратный прокси-сервер nginx — proxy_pass приводит к 503 сервису, недоступному

VI: proxy ngược nginx - proxy_pass dẫn đến dịch vụ 503 không khả dụng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.