In nginx why I'm unable to use a web address as a proxy pass which is already used as a proxy pass

Question

I've following server blocks in my nginx configuration:

server {
        listen 80; #default_server;
        listen [::]:80; #default_server;

        client_max_body_size  20M;
        client_header_timeout 600;
        client_body_timeout   600;
        keepalive_timeout     600;
        server_name example1-proxy.in;

    location / {
                proxy_pass http://example1.in;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Forwarded $proxy_add_forwarded;
                proxy_set_header X-Forwarded-For "";
                proxy_connect_timeout       600;
                proxy_send_timeout          600;
                proxy_read_timeout          600;
                send_timeout                600;
        }

}
server {
        listen 80; #default_server;
        listen [::]:80; #default_server;

        client_max_body_size  20M;
        client_header_timeout 600;
        client_body_timeout   600;
        keepalive_timeout     600;
        server_name example2-proxy.in;

    location / {
                proxy_pass http://example2.in;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Forwarded $proxy_add_forwarded;
                proxy_set_header X-Forwarded-For "";
                proxy_connect_timeout       600;
                proxy_send_timeout          600;
                proxy_read_timeout          600;
                send_timeout                600;
        }

}

I want to configure the example1-proxy and example2-proxy as a proxy pass in another nginx configuration, so I did the following:

server {
            listen 80; #default_server;
            listen [::]:80; #default_server;
    
            client_max_body_size  20M;
            client_header_timeout 600;
            client_body_timeout   600;
            keepalive_timeout     600;
            server_name example5.in;
    
        location /temp1/ {
                    proxy_pass http://example1-proxy.in;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header Forwarded $proxy_add_forwarded;
                    proxy_set_header X-Forwarded-For "";
                    proxy_connect_timeout       600;
                    proxy_send_timeout          600;
                    proxy_read_timeout          600;
                    send_timeout                600;
            }
            location /temp2/ {
                    proxy_pass http://example2-proxy.in;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header Forwarded $proxy_add_forwarded;
                    proxy_set_header X-Forwarded-For "";
                    proxy_connect_timeout       600;
                    proxy_send_timeout          600;
                    proxy_read_timeout          600;
                    send_timeout                600;
            }
    
    }

when I hit the url http://example5.in/temp2, the http://example2-proxy.in should be called but I get following error:

{
    "timestamp": 1643470058798,
    "status": 403,
    "error": "Forbidden",
    "message": "Access Denied",
    "path": "/temp2/some path to api "
}

I don't get why above configuration doesn't work,please suggest any solution.

Looks like your backend doesn't understand those `/temp1` or `/temp2` URI prefixes. Change your `proxy_pass` directives to `proxy_pass http://example1-proxy.in/;` and `proxy_pass http://example2-proxy.in/;`. Read [this](https://stackoverflow.com/questions/53649885/a-little-confused-about-trailing-slash-behavior-in-nginx) question/answer for more information. — Ivan Shatsky, Jan 29 '22 at 18:50
Actually the issue is, when I trigger http://example1-proxy/temp1 via postman, then it works, I think first server block is working because when I reverse the order of the server blocks then http://example2-proxy/temp2 is working. I don't know by default why it takes only first server block it not going to the second server block. — hritz220, Jan 30 '22 at 16:33

score 0 · Answer 1 · answered Jan 29 '22 at 20:25

When you use a proxy pass, then NGINX looks at the destination url, if it sees that the destination url does not include a URI (The part after the domain name e.g. /temp) which is your case since you are forwarding to "http://example2-proxy.in" then NGINX will add whatever URI it received initially to the next server. In your case that will result with a request to http://example2-proxy.in/temp2/

If you want to send a request to http://example2-proxy.in/ you need to specify the URI for the destination server such as http://example2-proxy.in/

This is a snapshot from the NGINX websitehere:

The bottom paragraph in the NGINX documentation is the important one — shmuel wachtfogel, Jan 29 '22 at 20:26

hritz220 · Accepted Answer · 2022-02-01T14:49:00.193

solved it,actually in the second nginx configuration:

location /temp1/ {
                    proxy_pass http://example1-proxy.in;
                    proxy_set_header Host $host;

the $host should be replaced by the example1-proxy.in, only then this server block will be active. so correct config will be :

location /temp1/ {
                    proxy_pass http://example1-proxy.in;
                    proxy_set_header Host example1-proxy.in;

In nginx why I'm unable to use a web address as a proxy pass which is already used as a proxy pass

2 Answers2