Forum: NGINX reverse proxy and nested locations

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
F4583a11046956b09643bb8e219527e3?d=identicon&s=25 Wolfgang Hennerbichler (Guest)
on 2013-10-07 22:32
(Received via mailing list)
Hi list,

I'd like to have an elegant reverse proxy configuration, where I allow
specific sub-URIs behind the reverse-proxy-URL for specific IP Adresses.
My intended configuration looks like this:

  # TRAC
  location /trac {
    proxy_pass https://my.web.server:443/trac/;
    location /trac/project {
      allow 10.32.1.146;
      allow 10.64.0.6;
      deny all;
    }
  }

However, the location /trac/project does not inherit the proxy-pass
directive. It works if I add 'proxy_pass
https://my.web.server:443/trac/;' in the location /trac/project. This is
redundant and I don't like that.

I can't put the proxy_pass into the server directive, as this is a
proxy-server that does different proxy passes according to different
locations.
Any help for solving this in an elegant way?

Wolfgang

--
http://www.wogri.at
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2013-10-08 01:02
(Received via mailing list)
Hello!

On Mon, Oct 07, 2013 at 10:31:15PM +0200, Wolfgang Hennerbichler wrote:

>       allow 10.32.1.146;
>       allow 10.64.0.6;
>       deny all;
>     }
>   }
>
> However, the location /trac/project does not inherit the
> proxy-pass directive. It works if I add 'proxy_pass
> https://my.web.server:443/trac/;' in the location /trac/project.
> This is redundant and I don't like that.

The idea is that a request handler (proxy_pass in your case) is
always explicitly set for a location.  Hence handlers are not
inherited.

If you want to drop something redundant, than I would recommend to
drop an URI part in proxy_pass intead.  Something like this should
do what you need:

    location /trac/ {
        proxy_pass https://my.web.server;
    }

    location /trac/project/ {
        proxy_pass https://my.web.server;
        allow ...
        deny all;
    }

--
Maxim Dounin
http://nginx.org/en/donation.html
F4583a11046956b09643bb8e219527e3?d=identicon&s=25 Wolfgang Hennerbichler (Guest)
on 2013-10-08 06:17
(Received via mailing list)
On Oct 8, 2013, at 01:02 , Maxim Dounin <mdounin@mdounin.ru> wrote:

> Hello!

Hi and thanks for your quick response,

>>    proxy_pass https://my.web.server:443/trac/;
>> This is redundant and I don't like that.
>
> The idea is that a request handler (proxy_pass in your case) is
> always explicitly set for a location.  Hence handlers are not
> inherited.

I already feared so.

>        allow ...
>        deny all;
>    }

thanks. Will have to cope with it.

Wolfgang
This topic is locked and can not be replied to.