Use Nginx as Reverse Proxy for multiple servers

Question

I am trying to configure nginx as a reverse proxy for multiple servers on my LAN. They should go out on my WAN with different subdomains. My configuration looks like this:

@ReverseProxy:/etc/nginx/sites-enabled$ cat reverseproxy 
server { 
  server_name DOMAIN.eu;

  # app1 reverse proxy follow
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass http://10.0.2.5:80;

}

server { 
  server_name Subdomain.domain.eu;

  # app2 reverse proxy settings follow
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass http://10.0.2.33:80;
}

But I am getting this error and can't get any further....

@ReverseProxy:/etc/nginx/sites-enabled$ nginx -t
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2009/01/04 12:22:13 [warn] 1302#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
2009/01/04 12:22:13 [emerg] 1302#0: "proxy_pass" directive is not allowed here in /etc/nginx/sites-enabled/reverseproxy:8

nginx: configuration file /etc/nginx/nginx.conf test failed

Answer 1

Your problem is that you are using proxy_pass inside server block, which is not allowed. Try using:

server {
    server_name Subdomain.domain.eu;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.0.2.33:80;
    }
}

inside your server block. Proxy options cannot be set on server level, as nginx documentation tells.

The other problems in your log happen because you have somehow your nginx starting up as a regular user, although it is supposed to start up as root.

Answer 2

This thread solved my problem, but I thought it would be useful for others to have a completed configuration to see. The following configuration will reverse proxy for hostnames app1.local and app2.local, where app1 gets forwarded to another application listening on port 3300 and app2 is forwarded to a different application listening on port 3000. It is in a file here /etc/nginx/sites-available/two-applications.conf

server {
  server_name app1.local;

  location ~ {
    proxy_pass_header Authorization;
    proxy_pass http://localhost:3300;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_buffering off;
    client_max_body_size 0;
    proxy_read_timeout 36000s;
    proxy_redirect off;
  }
}

server {
  server_name app2.local;

  location ~ {
    proxy_pass_header Authorization;
    proxy_pass http://localhost:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_buffering off; 
    client_max_body_size 0;
    proxy_read_timeout 36000s;
    proxy_redirect off;
  }
}

Also, those hostnames are made up and need to be in /etc/hosts as follows to have them work:

127.0.0.1       app1.local
127.0.0.1       app2.local

For the sake of completeness (as setup on Ubuntu Linux), this file lives in /etc/nginx/sites-available/two-applications.conf and is symlinked into /etc/nginx/sites-enabled/two-applications.conf The filename and symlink name can be anything of course. After updating that running sudo service nginx reload will pick up the change.