Redirect traffic based on url to different ip address maintaining port and url information

Question

We have a QA version, a UAT version, and a DEV version of webapp. Users need to access these via http://uat.company.com:41002/webapp, http://qa.company.com:41002/webapp, and http://dev.company.com:41002/webapp. There is also a different webapp on port 41001 and also on port 8080 they will need to access.

These url's are required to be available externally to the company, and we only have one public ip address they can be accessed on. As such DNS records need all 3 address to point to one IP. On that single IP address, a server resides running nginx. in the background I need for each url to point to a different server

http://uat.company.com --> 123.123.123.1
http://qa.company.com  --> 123.123.123.2
http://dev.company.com --> 123.123.123.3

I'm afraid I don't know the correct terminology, however the remainder of the URI and the port must also be carried over to the ip address. I.e. if someone visits

http://uat.company.com:41002/webapp/somepage`

it will appear as though that is the page they have visited, but really they will be looking at

http://123.123.123.1:41002/webapp/somepage

or if they visited

http://qa.company.com:8080/static/home.html

they would really be looking at

http://123.123.123.2:8080/static/home.html

but their browser would still say http://qa.company.com:8080/static/home.html

I have tried

server {

    server_name uat.company.com;

    listen 41001;
    listen 41002;
    listen 8080;

    location / {
            proxy_pass http://123.123.123.1:$server_port$uri;
            proxy_set_header Host $host;
    }

}

however this gives me a bad gateway 502 page with log: 2015/01/28 16:04:49 [crit] 30571#0: *1 connect() to 123.123.123.1:41002 failed (13: Permission denied) while connecting to upstream, client: 172.23.128.245, server: uat.company.com, request: "GET /webapp/ HTTP/1.1", upstream: "http://123.123.123.1:41002/webapp/", host: "uat.company.com:41002"

I hope this is more clear.

Update From Xaviers suggestion that SELinux might have been hampering, I have disabled it and I do get further. Using the nginx config above now seems to be connecting to the second server: The port however is still not carried through. I am calling

uat.company.com:41002/webapp/

This would, if calling the service directly, redirect to

uat.company.com:41002/webapp/spring/config/main

However what is happening through the proxy is that it is returning or ending up at

uat.company.com/webapp/spring/config/main

and thus failing to load a page...

@Alexey We already use nginx to do something similar, however it is more specific, so if we can keep all the config in the same place I'd rather that. — Mitch Kent, Jan 28 '15 at 15:57
@AD7six - I have re-written the question entirely. Hopefully this now makes sense, and you will reconsider your downvote if it was you. — Mitch Kent, Jan 28 '15 at 16:28
@AlexeyTen There are other layers that are involved, these are just the ones we pick to prevent collisions — Mitch Kent, Jan 29 '15 at 09:42
@MichaelHampton thank you, but that was only and additional hiccup, and not the solution to the problem, please see my answer and remove the duplicate flag — Mitch Kent, Jan 30 '15 at 12:15
We prefer that each question contain only one issue, whenever possible. Your question now contains _two_ distinct and unrelated issues. If you are still having trouble, make the second issue its own question. — Michael Hampton, Jan 31 '15 at 15:03
@MichaelHampton There is one issue that I was concerned about, and that was the one being asked about and an answer sought. The additional issue was merely a hiccup and is not discussed at any length, and it is this that you are marking as duplicate, not the crux of my question. I can remove all reference to it in my question, but it would make comments and responses no longer make sense. If you prefer I do that anyway then that's what I'll do. — Mitch Kent, Feb 02 '15 at 08:45

score 8 · Accepted Answer · answered Jan 29 '15 at 11:16

8

I have established what the problems were with my setup.

1) SELinux was preventing me from connecting upstream. I have now disabled this and will consider setting it up properly later

2) proxy_pass was doing its job as expected, however the args I needed were http://123.123.123.1:$server_port/$uri$is_args$args;

3) proxy_set_header Host $host correctly set the hostname back to what I wanted, however it ate the port number. The correct format for my needs is proxy_set_header Host $host:$server_port

There may be neater solutions to this, and I haven't got a full working solution yet as I have cut it down to get it working, however a working section of my config is:

server {
    listen 41002;
    server_name uat.comapny.com;

    location /webapp {
        proxy_pass http://123.123.123.1:41002/$uri$is_args$args;
        proxy_set_header Host $host:$server_port;
    }
}

I will post a more generic version once I have fleshed it out. Many thanks to all who helped.

answered Jan 29 '15 at 11:16

Mitch Kent

251
1
2
11

Did you already have a more generic version? – Marco Sep 25 '15 at 15:10
@MarcoFranssen No, in the end we needed to create a conf file like this for each environment. We auto-generate it in the build however, so it isn't very painful. – Mitch Kent Sep 29 '15 at 09:09
@MitchKent what did you mean by "more generic"? – perepm Oct 15 '21 at 11:12
@ppicom unfortunately this is about 6 years old, and I don't recall :) – Mitch Kent Oct 18 '21 at 08:11
Oh! Didn't notice the post's age :D thanks for the reply though! :) – perepm Oct 18 '21 at 10:03

score 5 · Answer 2 · answered Jan 28 '15 at 16:04

5

You want to maintain the port, then you should put it in proxy_pass.

server {

    server_name bob.something.com;

    listen 41001;
    listen 41002;
    listen 8080;

    location / {
            proxy_pass http://123.123.123.1:$server_port$uri;
            proxy_set_header Host $host;
    }
}

You have to realize that this will proxy request through nginx.

answered Jan 28 '15 at 16:04

Alexey Ten

7,922
31
35

Thank you @Alexey, I have tried this and I get `502 Bad Gateway` page displayed. The nginx log shows `2015/01/28 16:04:49 [crit] 30571#0: *1 connect() to 123.123.123.1:41002 failed (13: Permission denied) while connecting to upstream, client: 172.23.128.245, server: bob.something.com, request: "GET /webapp/ HTTP/1.1", upstream: "http://123.123.123.1:41002/webapp/", host: "bob.something.com:41002"` - I can wget the url from the nginx box though so not sure what the permission denied is from. – Mitch Kent Jan 28 '15 at 16:10
@MitchKent Check your SELinux policies. – Xavier Lucas Jan 28 '15 at 16:30
@XavierLucas Thank you, this has got me further. I will update my question... – Mitch Kent Jan 29 '15 at 10:08

Redirect traffic based on url to different ip address maintaining port and url information

2 Answers2