Hello ServerFault community,
I have been encountering numerous issues with my Nginx reverse proxy implementation, specifically regarding the handling of trailing slashes. I would greatly appreciate any assistance or insights you can provide to help me resolve this problem.
Requirements:
I have the following setup:
-DNS name: vpn.internal.example.com (publicly accessible)
-VPN-Server for clients with an internal IP of 192.168.101.10
-VPN-Server for staff with an internal IP of 192.168.101.6
What I'm trying to achieve:
When a user enters the URL vpn.internal.example.com/client/, I want the Nginx proxy to redirect them to the backend server at 192.168.101.10. Subsequently, the user should be able to navigate the website without the trailing slash being removed in the frontend. However, in the backend, the trailing slash should be removed when requesting data from the VPN servers.
Example URLs:
-vpn.internal.example.com/client/login
-vpn.internal.example.com/client/dashboard
-vpn.internal.example.com/client/users
The same principle applies to vpn.internal.example.com/staff/ with corresponding URLs for staff members.
-vpn.internal.example.com/staff/login
-vpn.internal.example.com/staff/dashboard
-vpn.internal.example.com/staff/users
My Issue:
I am experiencing the following problems:
Sometimes when I enter vpn.internal.example.com/client/ or vpn.internal.example.com/staff/, the URL redirects to vpn.internal.example.com.
Occasionally, the URL will remain as vpn.internal.example.com/client/, but if I enter /staff/ instead, it either redirects back to the client's VPN or does not work correctly.
If I manually enter vpn.internal.example.com/staff/login, the login page is displayed. However, if I use staff VPN server credentials, it shows "Authentication Invalid." Surprisingly, if I use the client's VPN server credentials, it works but redirects me back to vpn.internal.example.com.
Configuration:
Here is the Nginx configuration file I have been working with:
upstream vpn-client {
server 192.168.101.10:443;
}
upstream vpn-staff {
server 192.168.101.6:443;
}
server {
listen 80;
listen [::]:80;
root /usr/share/nginx/html;
server_name vpn.internal.example.com;
location /.well-known {
allow all;
}
location /student {
return 301 https://vpn.internal.example.com/client$request_uri;
}
location /staff {
return 301 https://vpn.internal.example.com/staff$request_uri;
}
location / {
return 301 https://vpn.internal.example.com$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/vpn.internal.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/vpn.internal.example.com.key;
server_name vpn.internal.example.com;
location /student/ {
proxy_pass https://vpn-client/;
proxy_ssl_verify off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /staff/ {
proxy_pass https://vpn-staff/;
proxy_ssl_verify off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass https://vpn-client$request_uri;
proxy_ssl_verify off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Conclusion:
I have a feeling that I may have overcomplicated the configuration and exhausted my ideas on how to resolve this, I hope someone can shed a light to me.
