Welcome! Log In Create A New Profile

Advanced

Re: Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

All files from this thread

File Name File Size   Posted by Date  
image.png 42 KB open | download amiladevops 05/25/2021 Read message
Francis Daly
May 28, 2021 04:00AM
On Tue, May 25, 2021 at 09:47:47PM +0530, Amila Gunathilaka wrote:

Hi there,

> I'm sorry for taking time to reply to this, you were so keen about my
> problem. Thank you.

No worries at all -- the mailing list is not an immediate-response medium.

> Actually my problem was when sending *response *to the load balancer from
> the nginx ( not the request, it should be corrected as the *response *in my
> previous email).
> Such as my external load balancer is always doing a health check for my
> nginx port (80) , below is the *response *message in the
> /var/log/nginx/access.log against the health check request coming from
> the external-loadbalancer.

As I understand it, the load balancer is making the request "OPTIONS /"
to nginx, and nginx is responding with a http 405, and you don't want
nginx to do that.

What response do you want nginx to give to the request?

Your config make it look like nginx is told to proxy_pass the OPTIONS
request to your port 9091 server, so I presume that your port 9091 server
is responding 405 to the OPTIONS request and nginx is passing the response
from the 9091-upstream to the load-balancer client.

Your port 9091 logs or traffic analysis should show that that is the case.

If is the case, you *could* fix it by telling your 9091-upstream to respond
how you want it to to the "OPTIONS /" request (using its config); or
you could configure nginx to intercept the request and handle it itself,
without proxy_pass'ing it


The first case would mean that the "health check" is actually testing
the full nginx-to-upstream chain; the second would have it only testing
that nginx is responding.

If you decide that you want nginx to handle this request itself, and to
respond with a http 204, you could add something like

if ($request_method = "OPTIONS") { return 204; }

inside the "location /" block.

(Strictly: that would tell nginx to handle all "OPTIONS /anything"
requests, not just "OPTIONS /".)

You would not need the error_page directives that you show.


You could instead add a new "location = /" block, and do the OPTIONS
check there; but you would probably also have to duplicate the three
other lines from the "location /" block -- sometimes people prefer
"tidy-looking" configuration over "correctness and probable machine
efficiency". Pick which you like; if you do not measure a difference,
there is not a difference that you care about.

That is, you want either one location:

> server {
> listen 80;
> server_name 172.25.234.105;

> location / {

if ($request_method = "OPTIONS") { return 204; }

> proxy_pass http://127.0.0.1:9091;
> auth_basic "PROMETHEUS PUSHGATEWAY Login Area";
> auth_basic_user_file /etc/nginx/.htpasswd;
> }
> }

or two locations:

location = / {
if ($request_method = "OPTIONS") { return 204; }
proxy_pass http://127.0.0.1:9091;
auth_basic "PROMETHEUS PUSHGATEWAY Login Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}

location / {
proxy_pass http://127.0.0.1:9091;
auth_basic "PROMETHEUS PUSHGATEWAY Login Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}

(and, if you use the two, you could potentially move the "auth_basic"
and "auth_basic_user_file" outside the "location", to be directly within
"server"; that does depend on what else is in your config file.)

If you want something else in the response to the OPTIONS request,
you can change the "return" response code, or "add_header" and the like.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Re: nginx Digest, Vol 139, Issue 21 Attachments

amiladevops May 25, 2021 12:18PM

Re: Help: Using Nginx Reverse Proxy bypass traffic in to a application running in a container

Francis Daly May 28, 2021 04:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 88
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready