5

I have OpenNMS running on host B-beta with the following URL:

http://b-beta:8980/opennms

I would like to use NginX to hide this path accessible from host a-alpha like this:

https://a-alpha/omber/nms

So I guess what I need is to rewrite requests send to the backend to change the path from /omber/nms to /opennms - but without it being visible to the user - is that something that can be done?

The HTTPS works fine already.

Lukasz
  • 462
  • 2
  • 10
  • 18
  • 1
    Use a `location` block to match `/ombre/nms` on your a-alpha server block. use `proxy_pass http://b-beta:8980/opennms` to send the request to other server. Nginx will act as a proxy between the user and OpenNMS. (You probably also want to prevent access to b-beta from IPs that don't match that of a-alpha). – cyberx86 Apr 20 '12 at 20:08
  • That worked partially - the interface loads but if I try to log in it takes me to the URL as it would be from host A (b-beta:8980/opennms/login.jsp). B is already not accessible remotely hence the proxy. – Lukasz Apr 21 '12 at 02:38
  • That isn't entirely unexpected, depending on how paths are coded in OpenNMS. You are proxying requests, not changing the path of the requests - the browser is unaware of they proxy. Look at the OpenNMS login page (I just looked at the demo). The login form POSTs to `opennms/j_spring_security_check`. A successful login results in a 302 redirect to `opennms`, followed by a 302 redirect to `opennms/frontPage.htm` followed by a 302 redirect to `opennms/index.jsp`. Many redirects may use the full path - if so, that is the cause of the behaviour you describe. – cyberx86 Apr 21 '12 at 03:05
  • Use something like Firebug to watch the requests that are sent, and note where they are sent. If any requests are made to the b-beta domain from the a-alpha domain, you know that the OpenNMS config is your problem. You may even consider setting up OpenNMS as if it was running on a-alpha. (I have never worked with OpenNMS, so can't help with the specifics here). – cyberx86 Apr 21 '12 at 03:07
  • Please take a look at this answer: http://serverfault.com/questions/379675/nginx-reverse-proxy-url-rewrite#379679 – Jens Bradler Apr 21 '12 at 09:54

1 Answers1

4

The first step is to proxy requests from Nginx to your other server. On a-alpha:

location /ombre/nms {
    proxy_pass http://b-beta:8980/opennms
}

From here, the remaining configurations are very dependant on the functioning of OpenNMS (which I am not familiar with).

The next part is dealing with redirects. If the requests are coming from the client side (e.g. your forms POST to a URL on b-beta or you have links pointing to b-beta), then you need to resolve those separately from Nginx. Keep in mind that the browser is unaware of the proxy - so it will send requests without modification to the server.

If you look look at the OpenNMS login page (for instance, the live demo). The login form POSTs to opennms/j_spring_security_check. A successful login results in:

  • a 302 redirect to opennms, followed by
  • a 302 redirect to opennms/frontPage.htm followed by
  • a 302 redirect to opennms/index.jsp.

Using Nginx, you cannot (easily) change the path the form POSTs to (that is probably an OpenNMS configuration option though), but you can change the redirects that are returned back the browser. There are some directives to consider:

proxy_redirect: If you need to modify the redirect (i.e. location header) being returned to the browser

proxy_redirect http://b-beta:8980/opennms/ http://a-alpha/ombre/nms/; 

This should be equivalent to proxy_redirect default if contained in the location block above.

rewrite ... break: If you need to modify the path that is being sent to opennms (break means that only the current location block will be processed).

rewrite /ombre/nms/a/(.*) /opennms/b/$1 break;

proxy_set_header: if you need to modify some of the headers being sent to the backend.

By default, Nginx will set the Host header to $proxy_host. If you setup OpenNMS on b-beta to act as if it was running on a-alpha (e.g. tell it that the domain is that of a-alpha, setup server blocks matching a-alpha, etc) then you will need to pass the Host header as it is received by a-alpha instead of letting Nginx modify it:

proxy_set_header Host $host;
cyberx86
  • 20,620
  • 1
  • 60
  • 80