Proxy server needs to point to two servers

Hi all.

Our machines are behind a private firewall. I have a master machine as
proxy server so two machines (production and development) can be
accessed publicly.

So I can access production as http://public_url/app1,
http://public_url/app2, http://pbulic_url/app3
and development as
http://public_url/dev/app1, etc (actually, dev.public_url) would be a
better option.

However, with the config below, I cannot access the development machine
at all.

This is the site-enabled/default configuration we have on the proxy
server

server {
listen 80;
client_max_body_size 200M;
server_name localhost 127.0.0.1;
server_name_in_redirect off;

    location / {
            proxy_pass http://10.10.0.59;
            proxy_redirect default;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For

$proxy_add_x_forwarded_for;
}
}

and I want to add a second server block because I need to support
development server as well.

My attempt with the second server block…

server {
listen 80;
client_max_body_size 200M;
server_name localhost 127.0.0.1;
server_name_in_redirect off;

    location ^~ /dev/ {
            proxy_pass http://10.10.0.56;
            proxy_redirect default;
            rewrite /dev/(.*) /$1 break;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For

$proxy_add_x_forwarded_for;
}
}

How can I fix my error? I know I am terrible with nginx configuration…
thanks!

Posted at Nginx Forum:

On Fri, Jun 29, 2012 at 02:42:16PM -0400, x7311 wrote:

Hi there,

So I can access production as http://public_url/app1,
http://public_url/app2, http://pbulic_url/app3
and development as
http://public_url/dev/app1, etc (actually, dev.public_url) would be a
better option.

dev.public_url is probably easier to use, with your configuration below.

The server_name directive is used to choose which one server will handle
this request. Because you have two server blocks with the same
server_name
values, the second one will never be used.

server {
listen 80;
client_max_body_size 200M;
server_name localhost 127.0.0.1;

Probably include public_url there, if that is the name that you are
using to access the server.

My attempt with the second server block…

server {
listen 80;
client_max_body_size 200M;
server_name localhost 127.0.0.1;

and include dev.public_url there, so that this server block has a chance
of being used.

Once you are using this server block, then you can see if there are any
problems with the configuration inside it. It might all work perfectly
as-is.

f

Francis D. [email protected]

Francis,
Thanks for the great help.

Here is the update nginx configuration.

The public domain is actually an ip-address of the server. Let’s called
it 999.99.99.99

Since they are behind private firewall, for me to access this (at this
stage), I have to SSH tunnel into the master server 999.99.99.99. In any
case, I ping dev.999.99.99.99 on the master server and it said unknown
services.

So I edited my

I can now ping dev.999.99.99.99 but I think this is so laughable… it
seems like I don’t really know what I am doing :frowning:

me@my_PC:~$ ssh [email protected] -L 1234:dev.999.99.99:80
-N
[email protected]’s password:
channel 2: open failed: administratively prohibited: open failed
channel 2: open failed: administratively prohibited: open failed
channel 2: open failed: administratively prohibited: open failed
channel 2: open failed: administratively prohibited: open failed
channel 2: open failed: administratively prohibited: open failed

It seems like I didn’t have it right…
Thanks for all the help so far.

Posted at Nginx Forum:

On Fri, Jun 29, 2012 at 05:20:02PM -0400, x7311 wrote:

Hi there,

The public domain is actually an ip-address of the server. Let’s called
it 999.99.99.99

If you want two different server{} blocks, then with your setup you must
use two different hostnames to access them.

The default server could use the ip address; the dev server must use
something else. The easiest way is probably to add an address/name
pair to the hosts file on your client (web browser) machine, so that
your 999.99.99.99 resolves to “dev.example.com” for you.

I see below that you have done something like this.

Then put “server_name dev.example.com” in the server block that refers
to the dev system.

(An alternative is to continue using just the address to access the
server;
but then you probably want both configurations in the same server{}
block, and you will have to change something to make sure that the right
request goes to the right proxy_pass upstream server.

Depending on what your upstream does, that may or may not be easy.)

I can now ping dev.999.99.99.99 but I think this is so laughable… it
seems like I don’t really know what I am doing :frowning:

This is “networking”, not “nginx”. Do whatever ssh’ing that you already
do, using only the ip addresses like you already do. (If you need
an ssh tunnel to get to the ip:port of nginx, then you only need one
tunnel to get to both the live and dev servers, because they are on the
same ip:port.)

The only extra change to make it that in your web browser, use the
dev.whatever name. If you want to test from a different machine, you
must also add the temporary entry into the hosts file there.

And you must make sure that you use the same dev.whatever name in (a)
your web browser; (b) your hosts file; and (c) your nginx conf file.

Your examples seem to use different numbers of 9s.

Good luck with it,

f

Francis D. [email protected]