Welcome! Log In Create A New Profile

Advanced

Re: Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

Francis Daly
June 01, 2021 02:56AM
On Sat, May 29, 2021 at 07:11:38PM +0530, Amila Gunathilaka wrote:

Hi there,

It sounds like you have the main part solved by changing the "health
check" request to be one that your port-9091 upstream is able to handle,
which is good.

> >As I understand it, the load balancer is making the request "OPTIONS /"
> >to nginx, and nginx is responding with a http 405, and you don't want
> >nginx to do that.
>
> >What response do you want nginx to give to the request?
>
> Yes you are absolutely right I wanted nginx to stop that 405 response and
> give the success response 200 or even 401 which I can confirm my proxy pass
> and basic auth is working.

After you decide what response you want nginx to give to the request,
you can configure nginx to do that.

In this case, if you want nginx to give a 401 if no valid credentials are
provided, then you want something like auth_basic; if you want nginx to
give a 200 if no valid credentials are provided, then you must not have
something like auth_basic.

> Also I think that 405 response is coming *from nginx itself *to the
> external load balancer because external load balancer directly
> communicating with the nginx (80) and also my upstream server (9091 port
> server) is not a webapp it's just a binary file running inside docker
> container.

From nginx's point of view, it does not matter what the upstream/back-end
service is; it matters that it responds correctly to http requests.

When I use a similar configuration to yours, I see the OPTIONS request
being sent to the upstream and getting a 405 from there.

> Anyway I thought to fix the OPTIONS method fix on the external load
> balancer itself , and I logged in to my external load balancer configs
> page and I changed the HTTP health checks using OPTIONS into *GET *
> method.
> ANd yeah now 405 error gone. But now I'm getting 401 responses , which
> should be the correct response since I'm using a basic auth in my
> nginx.conf file. Below is my nginx.conf FYI

Good stuff.

This says that, for any request starting with /metrics, nginx should
check for valid credentials or return 401; and then pass the request to
the upstream and return whatever it returns.

> location /metrics {
> proxy_pass http://127.0.0.1:9091/metrics;

One small thing: because the end of the "proxy_pass" directive is
exactly equal to the full "location" value, you could omit it from the
"proxy_pass"; that is, you could instead use

proxy_pass http://127.0.0.1:9091;

but when what you have works, it works.

Cheers,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

Amila Gunathilaka May 17, 2021 10:00PM

Re: Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

Francis Daly May 19, 2021 04:28AM

Re: Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

amiladevops May 29, 2021 09:42AM

Re: Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

Francis Daly June 01, 2021 02:56AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 82
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready