Reverse proxying towards various hardware devices

Hi all,

I need some help with NGINX reverse proxying setup.

The problem: make several devices accessible through a single IP
address.
my current configuration works:

  1. For some devices: fine
  2. For other devices: for a large part
  3. For still other devices: hardly

I analyzed the reason for 2) and 3) above and it comes down to: as soon
as such a device returns a page with links that starts with a / clicking
the link fails. The reason for this is that the reverse proxy no longer
recognizes the request as destined for the particular device.

The relevant part from my nginx.conf file:

server {
listen xxxxx.yyyyyy.zzzz.com:80;

location / {
  root   /var/mine/data;
  index  index.html;
  }

location /spa3000-1/ { # forward to device
  proxy_pass http://spa3000-1.xxxxx.yyyyyy.zzzz.com/;
  }


similar configs for other devices

}

I am aware that I could destine all these devices to their own port but
I don’t want to do that because securing them will become very
difficult. Therefore I don’t want to take that path.

I know of the existence of referrers but I do not understand how to
approach using that. Anybody can help me?

kind regards
Paul S.

Hello!

On Sat, Jan 23, 2010 at 04:45:07PM +0100, Paul S. wrote:

location / {
}

I am aware that I could destine all these devices to their own port but
I don’t want to do that because securing them will become very
difficult. Therefore I don’t want to take that path.

I know of the existence of referrers but I do not understand how to
approach using that. Anybody can help me?

It’s up to the device in question to form correct links on pages
it returns. If it doesn’t do so - some limited changes may be
done by sub filter module. But it’s not really a solution as it’s
not able to parse and interpret all of the returned code (even if
teach it to parse html - what to do with broken html, javascript,
css, xml+xslt and so on?).

So the only generic solution is to use separate hosts (or ports).
You may still proxy them via nginx, i.e. write something like
this:

server {
    server_name device.example.com;

    location / {
        proxy_pass http://real-device.example.com;
        proxy_set_header Host $host;
    }
}

and make sure device thinks it’s called “device.example.com” while
this name in fact points to nginx server.

Maxim D.

Hello!

On Sun, Jan 24, 2010 at 01:54:10PM +0100, Paul S. wrote:

[…]

Regarding your proposal: It forwards / to the real-device.
Does that imply any request is forwarded to real-device?
If so how to forward to my other devices?

Just create server {} for each device (and use distinct server
names).

Maxim D.

Maxim D. wrote:

Hello!

On Sat, Jan 23, 2010 at 04:45:07PM +0100, Paul S. wrote:

location / {
}

I am aware that I could destine all these devices to their own port but
I don’t want to do that because securing them will become very
difficult. Therefore I don’t want to take that path.

I know of the existence of referrers but I do not understand how to
approach using that. Anybody can help me?

It’s up to the device in question to form correct links on pages
it returns. If it doesn’t do so - some limited changes may be
done by sub filter module. But it’s not really a solution as it’s
not able to parse and interpret all of the returned code (even if
teach it to parse html - what to do with broken html, javascript,
css, xml+xslt and so on?).

So the only generic solution is to use separate hosts (or ports).
You may still proxy them via nginx, i.e. write something like
this:

server {
    server_name device.example.com;

    location / {
        proxy_pass http://real-device.example.com;
        proxy_set_header Host $host;
    }
}

and make sure device thinks it’s called “device.example.com” while
this name in fact points to nginx server.

Maxim D.

Thanks for the reply Maxim,

Most devices return a mix of correct (i.e. relative) and incorrect (i.e.
links that start with a /) links. They were never designed to return
relative links only.

I already had suspicions in the direction ‘the only generic solution is
to use separate hosts (or ports)’.

I had hoped it would be possible for NGINX to add something to the page
from the ‘real-device’ before forwarding it to the client browser and
than on the browsers next request catching it when receiving a new
request from the browser and use that information to forward it to the
proper device again in.

Regarding your proposal: It forwards / to the real-device.
Does that imply any request is forwarded to real-device?
If so how to forward to my other devices?

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs