Score:0

nginx reverse proxy 404 with two servers

va flag

I have a problem with my NGINX configuration. I have two webservers running on windows servers. Which one is called from outside with 443 and then should be forwarded to the server with 41001. The second server block should be called the FQDN and nginx should forward this to FQDN.com/test. Internal and external.

On the first server block this takes forever to load and nothing seems to work. With the second server block I get a 404 back.

This is what my configurations look like and the error logs

server {
    server_name test.example.com;
    return 301 http://test.example.com/test$request_uri;
    }


server {
        listen  443 ssl http2;
        listen  [::]:443 ssl http2;
 
        access_log /var/log/nginx/test_service_access.log;
        error_log /var/log/nginx/test_service_error.log;

        ssl_certificate /etc/nginx/ssl/test.com.pem;
        ssl_certificate_key /etc/nginx/ssl/test.key;
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G>        ssl_prefer_server_ciphers off;

        location /test {
        proxy_pass https://10.10.10.10/test/;
        }

        client_max_body_size    0;
        proxy_connect_timeout   90s;
        proxy_send_timeout              90s;
        proxy_read_timeout              90s;
        send_timeout                    90;
    }

server {
        server_name test2.example.com;
        # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
        return 301 https://test2.example.com$request_uri;
}

server {
        listen  443 ssl http2;
        listen  [::]:443 ssl http2;
        server_name test2.example.com;

        access_log /var/log/nginx/test2_service_access.log;
        error_log /var/log/nginx/test2_service_error.log;

        ssl_certificate /etc/nginx/ssl/test2.example.com.pem;
        ssl_certificate_key /etc/nginx/ssl/test2example.key;

#       ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G>
        ssl_prefer_server_ciphers off;

        add_header Strict-Transport-Security max-age=15768000;

        location / {

#       resolver 10.150.10.10 8.8.8.8;
        proxy_pass https://test2.example.com:41001/;
        proxy_redirect  https://test2.example.com:41001/ https://test2.example.com/;

        client_max_body_size    0;
        proxy_connect_timeout   90s;
        proxy_send_timeout              90s;
        proxy_read_timeout              90s;
        send_timeout                    90;
        }
    }
}

I looked at the error.logs and this is what came up.

2022/02/13 12:54:58 [error] 2620#2620: *15 open() "/usr/share/nginx/html/DocuWare/Platform/LoginRedirect" failed (2: No such file or directory), client: xxx.xxx.xxx.xxx, server: , request: "GET /DocuWare/Platform/LoginRedirect?returnUrl=%2fdocuware%2fPlatform%2fWebClient%2f HTTP/2.0", host: "test2.domain.com", referrer: "https://test.domain.com/docuware/Platform/WebClient/"

2022/02/13 12:35:17 [error] 2541#2541: *1 upstream timed out (110: Connection timed out) while connecting to upstream, client:

Regarding the first error, I don't understand exactly what is wrong

As I understand it, I need to define an upstream for the server with port 41001, is that correct?

Am I missing something here?

UPDATE

I have adjusted my configuration to the smallest so that I can test this. As follows my configuration looks like this

######################################################################
   upstream abacus {
      server 10.120.50.11; 
   }
   
   server {
      listen 80;
      server_name abacus.example.com;
      return 301 https://abacus.example.com$request_uri;
   }
    
   server {
      listen 443 ssl;
      server_name abacus.example.com;
      ssl_certificate /etc/nginx/ssl/xxx.com.pem;
      ssl_certificate_key /etc/nginx/ssl/xxx.key;
      ssl_protocols TLSv1.2 TLSv1.3;

      access_log /var/log/nginx/abacus_service_access.log;
      error_log /var/log/nginx/abacus_service_error.log;

   location / {
      proxy_pass http://abacus;
   }
}

#######################################################################
   upstream docuware {
      server 10.120.50.10; 
   }
   
   server {
      listen 80;
      server_name docuware.example.com;
      return 301 https://docuware.example.com$request_uri;
   }
   
   server {
      listen 443 ssl;
      server_name docuware.example.com;
      ssl_certificate /etc/nginx/ssl/xxx.pem;
      ssl_certificate_key /etc/nginx/ssl/xxx.key;
      ssl_protocols TLSv1.2 TLSv1.3;

      access_log /var/log/nginx/docuware_service_access.log;
      error_log /var/log/nginx/docuware_service_error.log;
      
   location / {
      proxy_pass http://docuware/docuware;
   }
}
}

When I access the server "abacus.example.com", I get to the IIS homepage. So here I have to define that I come from outside with 443 (HTTPS) and I am redirected to port 23001.

If I access the server "docuware.example.com/docuware", I get a 404 - File or directory was not found. So here I have to define somehow that it can access the server with the subpath.

In the internal network this works without problems. I am redirected to "docuware.example.com/DocuWare/Platform/WebClient/ClientAccount/xxx".

Do you see here what I have to adjust? I've been beating my head against it for hours.

djdomi avatar
za flag
proxy_pass is imho wrongly set
us flag
Please add example requests, which exact URL you are trying to request, and what is the expected result and actual result.
va flag
i edited my post for more information
va flag
@TeroKilkanen Added the updates for the requests
us flag
Are you using the exact same URL when accessing via internal network and external network?
va flag
@TeroKilkanen Yes i do. From inside i access with "https://docuware.domain.com/docuware" and "https://abacus.domain.com" and it works. So that's why i'm struggling how i can make that work from external. For the abacus server would a proxypass with ":23001" and redirect work? and for the docuware with the subpath "/docuware" from external..i really have no clue how to solve that.
Score:0
us flag

One thing that is likely needed is setting proper Host header for the proxied headers:

For abacus:

location / {
    proxy_set_header Host abacus.example.com;
    proxy_pass http://abacus;
}

For docuware:

location /docuware {
    proxy_set_header Host docuware.example.com;
    proxy_pass http://docuware/docuware/;
}
va flag
Thanks a lot! this solved my problem with abacus. It's working now. Still got troubles with docuware. I get a 404 page not found but the url changes to "/Platform/WebClient/". The error log says, "/usr/share/nginx/html/Platform/WebClient/index.html" is not found"
us flag
What is the full URL that it changes to?
va flag
hello Tero! Thanks a lot for ur knowledge and help. I managed to get it work. i set the header host and the proxy_pass with / at the end and set the read_timeout. Know everything works! the only last thing is to change the url "docuware.domain.com" to "docuware.domain.com/docuware" automatically when access it via browser. I think i can solve that :)
Score:0
cl flag

First error says that nginx cannot find the specific file at the location which he has. One way to solve that is to give nginx a specific folder for files that are requested. That's how web servers work.

I am not sure if you can redirect user with nginx from non-SSL traffic to SSL traffic. Both request and response should be the same encrypted/non-encrypted no matter how many steps there are to access target server from user web browser.

Look into the nginx logs if nginx goes into loop, while request is going to the same server which is redirected.

va flag
and how can i do that? i managed it now to get the IIS frontpage with "docuware.domain.com/docuware" but now i'm stuck again...
pbies avatar
cl flag
@Cyanmodex9 do what?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.