Score:1

Nginx proxy_pass root to external landing page

fr flag

For a new domain x.co I am setting up, I want the root (x.co) to show an external landing page without changing the url to that of the external landing page.

This landing page has been created on hubspot and published at a.hubspot.b/c

Is there a simple way of achieving this? I checked a few answers like 1, 2, 3, but did not get it.

What I have now is below. It forwards to the landing page changing the url to a.hubspot.b/c. I need the url to stay the same x.co.

FWIW, I also use cloudflare caching and DNS.

server {
        listen 80;
        server_name  x.co www.x.co;
        return         301 https://$server_name$request_uri;
}

server {
        listen       443 ssl http2;
        server_name  x.co www.x.co;

        ssl_certificate      x.co.pem;
        ssl_certificate_key  x.co.key;

        ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            #proxy_pass https://x-12345.hubspotpagebuilder.eu/coming-soon/;

            resolver 8.8.8.8;

            proxy_pass https://x-12345.hubspotpagebuilder.eu/coming-soon;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;


            #root /var/www/frontend/x;
            #root   html;
            #index  index.html index.htm;
        }
    }

Edit/add - stupidly enough I had not bothered checking the nginx error logs. When I did, there were good clues to the problem. The error logs had

"SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes_sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 2401: ......" 

(the ...... at the end means there's more text that I didn't type out here. I am using a Cloudflare cert on my backend and redirecting to a hubspot page in nginx - that seemed like a problem.

And it was. The solution was to add proxy_ssl_server_name on;. All the proxy_set_header directives which I copied in desperation was pointless and could happily be gotten ride of. This page proved very useful in explaining the problem and solution.

Ivan Shatsky avatar
gr flag
I didn't get a couple of things. What should happen with any other request (I mean other that the root request)? Why are you using all those `proxy_set_header` directives? Are you using them on some purpose or just copy-paste them from some example without understanding what do they really did?
Ahron avatar
fr flag
All `proxy_set_headers` and the `resolver` are copy pasted. The rest is my own. When what I had didnt work, I started copy pasting. For non-root requests, a 404 is fine right now.
Ivan Shatsky avatar
gr flag
Try to remove at least `proxy_set_header Host $host;` one. You need a resolver only if the domain name for the `proxy_pass` directive is specified using a variable(s) which is not your case (however it won't do any harm).
Ahron avatar
fr flag
Then I get a Host error bad gateway 502 via Cloudflare
Ivan Shatsky avatar
gr flag
You gen an error 502 after removing the `proxy_set_header Host $host;` directive, not a `resolver` one?
Ahron avatar
fr flag
Yes. I couldn't figure it out.
Ivan Shatsky avatar
gr flag
Sounds really weird. Ok, try to explicitly set the value using `proxy_set_header Host "x-12345.hubspotpagebuilder.eu";`.
Ahron avatar
fr flag
No effect sadly.
Ahron avatar
fr flag
The error logs say "SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes_sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 2401: ......" (the ...... at the end means there's more text that I didn't type out here. I am using a Cloudflare cert on my backend and redirecting to a hubspot page in nginx - that sounds like a problem
Ivan Shatsky avatar
gr flag
You'd better add error log messages editing your question. This looks like some kind of TLS versions mismatch, but it is an area where I do not have profound knowledge. Consider updating your question tags, maybe someone else looks at it.
Ahron avatar
fr flag
Ok, thanks a lot for persisting in trying to help me. I figured it out. It was indeed an SSL issue. Silly of me to not have bothered checking the logs. The solution is to add ` proxy_ssl_server_name on;` all the `proxy_set_headers` copy pasta is pointless given the nature of the problem. This link proved very useful so maybe you could take a look too - https://www.claudiokuenzler.com/blog/1120/nginx-reverse-proxy-ssl-alert-number-40-while-ssl-handshaking-upstream
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.