Forward HTTP (or TCP) request through NGINX using subdomain to a specific port

ender.an27

8/12/23, 10:32 AM

I want to expose a local web server through a remote webs server. The remote host has already an Nginx and a web application (webmail). The remote server works as a gateway for the local webserver who's forwarding the port 80 to the remote 8080. This is working.

Now I want to forward the subdomain (e.g., bridge.mydomain.co) requests to the forwarded port. I tried using this:

server {
    listen 80;
    listen [::]:80;
    server_name bridge.mydomain.co;

    location / {
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

The local webserver is running a complex PHP application so it is complaining:

40 errors like:

Refused to load the stylesheet '' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

and 56 of:

Refused to load the script '' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

I know I could expose the forwarded port directly, this works flawlessly. But I want to use (eventually) nginx for TLS termination and then forwarding.

Reading about this issue seems that the local webserver in PHP is refusing the requests. Yet, I don't know how to fix it.

Any help?

0 + 0

php

nginx

port-forwarding

djdomi

8/12/23, 5:36 PM

are you sure that the PHP server is not requesting HTTPS instead of HTTP?

Score:0

Server

ender.an27

8/21/23, 3:04 PM

Figure it out at the end. I needed to pass/add the following headers:

server {
    listen 80;
    listen [::]:80;
    server_name bridge.mydomain.co;

    proxy_pass_header server;

    location / {
        proxy_set_header Host $host;
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bridge.mydomain.co http://bridge.mydomain.co:8080  http://bridge.mydomain.co/core/img/favicon-touch.png; img-src 'self' http://bridge.mydomain.co http://bridge.mydomain.co:8080;";
        proxy_pass http://bridge.mydomain.co:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

I believe the port version is not needed and there are some headers missing that are covered by the "default". So there is room for improvement.

If you want to read an explanation here there is some material from people more knowledgeable than me: https://stackoverflow.com/questions/33300111/how-to-override-content-security-policy-of-site-a-while-using-nginx-proxy-pass-o

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Forward HTTP (or TCP) request through NGINX using subdomain to a specific port

TH: ส่งต่อคำขอ HTTP (หรือ TCP) ผ่าน NGINX โดยใช้โดเมนย่อยไปยังพอร์ตเฉพาะ

RO: Redirecționați cererea HTTP (sau TCP) prin NGINX folosind subdomeniul către un anumit port

RU: Перенаправить запрос HTTP (или TCP) через NGINX с использованием поддомена на определенный порт

VI: Chuyển tiếp yêu cầu HTTP (hoặc TCP) qua NGINX bằng tên miền phụ tới một cổng cụ thể

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.