Nginx reverse proxy only specific sub directory and pass through everything else

Gregor

2/23/24, 6:55 PM

I have development situation where i have a domain with multiple services:

https://somewebpage.com

On this service there are multiple project as subdirectories

https://somewebpage.com <- landing page
https://somewebpage.com/api <- rest api server
https://somewebpage.com/app <- my app

So is it possible (and how) to setup nginx and hosts file to reverse proxy only https://somewebpage.com/app to my local build http://localhost:3000?

The issue is that when app is deployed is has no issues accessing /api rest server but when serving locally my nginx reverse proxy intercepts landing page and rest api server urls as well.

My nginx configuration looks like:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    
    keepalive_timeout  65;
    
    index index.html;

    proxy_max_temp_file_size 0;
    proxy_buffering off;

    server {
        listen 80;
        server_name somewebpage.com;

        location / {
            return 301 https://$host$request_uri;
        }
    }

    server {
        listen 443 ssl;
        server_name somewebpage.com;

        ssl_certificate /etc/ssl/certs/certificate.crt;
        ssl_certificate_key /etc/ssl/certs/ccertificate.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        location /app {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_pass http://localhost:3000;
        }
    }
}

And in my /etc/hosts i have:

127.0.0.1    somewebpage.com

Are there any other tricks on how to achieve similar result?

The reason why i try to do this is that if i do it from my localhost:3000 it will respond with CORS errors and reject my calls to /api.

Or is this too much of security hazard and i have to ask for other way of access to /api?

Thanks for your answers in advance.

461

2 + 0

linux

nginx

web-server

hosts

Score:1

Server

Tero Kilkanen

2/25/24, 8:15 AM

You need to add the following:

location / {
    try_files $uri $uri/ =404;
}

This tells nginx how to handle requests that don't match the other specified location. For more information how nginx selects location block to use, read nginx documentation.

+ 0

Score:0

Server

Gregor

3/14/24, 12:50 AM

I came up with one solution which works for me.

somewebpage.com points to xx.xx.xx.xx static IP address so i just added another proxy forward to that IP address instead of URL similar to Tero Kilkanen answer.

  location / {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_pass https://xx.xx.xx.xx;
  }

That way /etc/hosts file will not intercept my somewebpage.com request as request will bypass domain resolve.

So in the end i ended up with following nginx configuration which worked for me:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    
    keepalive_timeout  65;
    
    index index.html;

    proxy_max_temp_file_size 0;
    proxy_buffering off;

    server {
        listen 80;
        server_name somewebpage.com;

        location / {
            return 301 https://$host$request_uri;
        }
    }

    server {
        listen 443 ssl;
        server_name somewebpage.com;

        ssl_certificate /etc/ssl/certs/certificate.crt;
        ssl_certificate_key /etc/ssl/certs/ccertificate.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        location /app {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_pass http://localhost:3000;
        }

        location / {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_pass https://xx.xx.xx.xx;
        }
    }
}

This solution might not work for everyone due to multiple IP addresses behind the sceenes or dynamic IP addresses or something else. But it worked for me and it was good enough for development purposes.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Nginx reverse proxy only specific sub directory and pass through everything else

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.