4

I'm trying to set up a reverse proxy with HTTP auth that proxies MongoDB's REST interface. So far, I've got this:

server {
        listen 80;
        server_name tld.example.com;
        charset utf-8;
        access_log /home/jill/logs/nginx.access.log main;

        # Redirect all HTTP traffic to HTTPS URL
        rewrite ^(.*) https://tld.example.com$1 permanent;
}

server {
        listen 443;
        server_name tld.example.com;

        ssl on;
        ssl_prefer_server_ciphers on;
        ssl_protocols           TLSv1 SSLv3;
        ssl_ciphers             HIGH:!ADH:!MD5:@STRENGTH;
        ssl_session_cache       shared:TLSSL:16m;
        ssl_session_timeout     10m;
        ssl_certificate /path/to/cert/tld.example.com.bundle.crt;
        ssl_certificate_key /path/to/cert/tld.example.com.key;

        gzip on;
        gzip_vary on;
        gzip_comp_level 6;

        keepalive_timeout 300;
        keepalive_requests 500;

        location / {
                proxy_pass https://127.0.0.1:28017;

                proxy_redirect     off;

                proxy_max_temp_file_size 0;

                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;

                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;

                add_header Cache-Control no-cache;

        }

        auth_basic "Restricted area";
        auth_basic_user_file /path/to/password/file;
}

This doesn't work (obviously), and results in a gateway timeout. I can otherwise access the REST interface locally from within the server with curl localhost:28017 and similar.

What am I doing wrong?

  • Can you give me more info about how to connect? if the location would be "/mydb" instead of "/" do you connect to: "http://yourip/mydb:28017" or "http://yourip/mydb/:28017" or what else? for me it is not working it says no host found... – Totty.js Oct 10 '12 at 15:08
  • If you are getting "no host found" error, it doesn't matter whether there is a slash before port number or not. It means the IP address you are trying to use is not responding, I believe. –  Oct 12 '12 at 11:27
  • but if I put it in a browser I can see what mongodb says: "You are trying to access MongoDB on the native driver port. For http diagnostic access, add 1000 to the port number" So there must be another problem – Totty.js Oct 15 '12 at 09:12
  • Hm. I'm not sure what is wrong, but you should put the port number directly after the IP address or hostname anyway. Are mongo and nginx located on the same machine? What IP are you using? External or 127.0.0.1? –  Oct 15 '12 at 17:04
  • It's like this: mongo is running on the same nginx machine; the mongo internal ip is http://127.0.0.1:9000/ so in nginx config: proxy_pass http://127.0.0.1:9000/; but the location is: location /production/assembly.mongo/; So when I go with my browser to url http://192.168.1.16/production/assembly.mongo/ it shows the text I've told above. When I setup the mongovue with server: 192.168.1.16/production/assembly.mongo with port: 9000 it doesn't work because: nable to connect to server 192.168.1.16/production/assembly.mongo/:9000: No such host is known. Any idea? – Totty.js Oct 16 '12 at 09:42
  • Try port 10000. EDIT: And URL should be 192.168.1.16:10000/production/assembly.mongo/ –  Oct 16 '12 at 10:40
  • Thanks, I will try it tomorrow ;) and say something here – Totty.js Oct 16 '12 at 22:43
  • But my mongo starts like this: mongod --bind_ip 127.0.0.1 --port 9000 --dbpath="./db". But even if I put "92.168.1.16:9000/production/assembly.mongo/" I get this error: "Input string was not in a correct format." It's there anything special about port 10000? (I ask because I have to change it in multiple places) – Totty.js Oct 17 '12 at 08:12
  • When you start mongo at port 9k, it automatically also receives traffic at port 10k. The 10k port is used for admin interface. Remember the message "You are trying to access MongoDB on the native driver port. For http diagnostic access, add 1000 to the port number"? That means the diagnostic port is mongo's default port (9000 in your case) + 1000, which is 10000 in your case. –  Oct 17 '12 at 11:33
  • Well! I thought add 1000 to mean port=1000! lol. But is not working anyway. On the local mongodb database it is on port=9000 and the mongovue is connecting to the port=9000 anyway.. When I try port=10000 shows me some db info, but mongovue still says me doesnt find the host.. – Totty.js Oct 17 '12 at 15:45
  • Maybe mongovue has network connection issues like firewalls and such. You should ask a question about that separately though. This is not a very good place for this type of discussion. –  Oct 17 '12 at 23:46

2 Answers2

6

Given the fact that curl localhost:28017 works, I assume the REST interface speaks HTTP and not HTTPS.

Change the following line

proxy_pass https://127.0.0.1:28017;

With this one

proxy_pass http://127.0.0.1:28017;
pkhamre
  • 5,900
  • 3
  • 15
  • 27
1

To offer an alternative solution from the MongoDB side of things (if you wanted to use HTTPS end to end), you can enable SSL in MongoDB:

http://docs.mongodb.org/manual/administration/ssl/

You can also see my previous answer here regarding using SSL with MongoDB for some more details:

https://serverfault.com/a/376598/108132

Enabling SSL also enables it on the REST interface. Just to be sure I tested it using an SSL enabled build on the default ports:

curl -I -k https://127.0.0.1:28017
HTTP/1.0 200 OK
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 21343

The -k is necessary because I am using a self-signed cert for my testing.

Community
  • 1
Adam C
  • 5,132
  • 2
  • 28
  • 49
  • Thanks. I don't (think) I need SSL since it's strictly talking to nginx and apps on the same machine. But I'll keep this in mind for when I move it out to another box. –  Aug 16 '12 at 17:18