0

Customers from the internet need to access a web server accessible only from VPN, the domain is internal.domain and I have no control over it. Internally, the main page to log in is caas.internal.domain:6643. To connect from the internet, the users log in to the URL login.external.domain:9943 pointing to the nginx that routes the traffic to caas.internal.domain:6643 through the VPN. The response traffic from caas.internal.domain is redirected to login.external.domain not problem. All internal.domain Urls in html, json, js are replaced with external.domain. The only issue is coming from the internal url below with query string parameters that it is not translated.

https://caas.internal.domain:6643/caas/propConfig/myApp.json?callback=jQuery1234&excludeApp=Network+Center&_=5678

should be replaced with

https://login.external.domain:9943/caas/propConfig/myApp.json?callback=jQuery1234&excludeApp=Network+Center&_=5678

with 1234 and 5678 dynamic.

this is my config:

    server {
      listen          9943 ssl;
      listen          443 ssl;
      server_name     external.domain;

      ssl_certificate      /etc/nginx/ssl/mytest-web.crt;
      ssl_certificate_key /etc/nginx/ssl/mytest-web.key;

      location / {
         resolver 8.8.8.8;
         proxy_set_header Accept-Encoding "";
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Server $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         client_max_body_size 1g;
         proxy_pass       https://caas.internal.domain:6643$request_uri;

         proxy_redirect   https://caas.internal.domain:6643 https://login.external.domain:9943;
 
         #sub_filter_types text/css text/xml text/javascript application/json;
         sub_filter_types *;
         sub_filter_once off;

         sub_filter "caas.internal.domain:6643" "login.external.domain:9943";

      }
    }

How could I get internal urls variables replace with external urls with the same variables?

Hope that makes sense

Many thanks

ytresfield
  • 1
  • 1
  • Does this answer your question? [nginx redirect to www.domain](https://serverfault.com/questions/502026/nginx-redirect-to-www-domain) – mforsetti Mar 18 '21 at 15:38

1 Answers1

0

You need to add the following to your internal.domain server block:

location /caas/propConfig/myApp.json {
    return 301 https://external.domain:9943$request_uri;
}

This will redirect all URLs containing the prefix to corresponding URL in the other domain.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • thank you so much for helping. I don't have the internal.domain block in the nginx, the internal.domain is owned by an third party. What I try to achieve is redirect all internal.domain url to external url for people connecting from the internet through nginx. Internet -> external.domain (nginx) -> vpn -> internal.domain (webserver) – ytresfield Mar 18 '21 at 21:14
  • Wouldn't it be possible to use sub_filter instead? internal.domain should always be redirected to external.domain:9943 and it works for all the urls but this one, https://internal.domain:6643/caas/propConfig/myApp.json?callback=jQuery1234&excludeApp=Network+Center&_=5678 – ytresfield Mar 18 '21 at 22:43
  • Please update your question to give complete details what you are trying to achieve. The original question and description above are quite contradictory. – Tero Kilkanen Mar 19 '21 at 06:55
  • Customers from the internet need to access a web server accessible only from VPN the domain is internal.domain. Internally, the main page to log in is caas.internal.domain:6643 To connect from internet users log in to login.external.domain:9943 to the nginx that routes the traffic to caas.internal.domain:6643 through the VPN. The response traffic from caas.internal.domain is redirected to login.external.domain. All internal.domain Urls in html, json, js are replaced with external.domain. The only issue is coming from the url with query string parameters it is not translated. – ytresfield Mar 21 '21 at 20:36
  • Could you please edit the question and add information there? – Tero Kilkanen Mar 21 '21 at 21:22