NGINX Reverse Proxy - mosinn/DOCS-n-Snippets-n-Steps GitHub Wiki
Use NGINX reverse proxy, even locally to bypass installing CERTS for local Spring Boot Repos, which HIT some E2E hosted https endpoints
-
Install NGINX directly on Mac or Windows
-
Create a custom conf file to SKIP HTTPS validation, like POSTMAN does for same HTTPS endpoints
-
Copy the conf file to some ~/u/nginx user folder folder
-
Also copy the mime.types to same folder else the nginx command gives file not found error, to the same folder where you want custom conf file to be read from using -c flag
-
Keep daemon off either in conf file , or via command line, to allow easy kill of nginx when started
-
Avoid starting as service, rather no-daemon and foreground seems is better
-
Some relevant MAC > Brew install locations to locate and edit original conf files are :
-
/usr/local/etc/nginx/nginx.conf
-
/usr/local/etc/nginx
-
/usr/local/opt/nginx
-
/usr/local/Cellar/nginx/
-
Foreground mode, with custom conf file location, provided the
mime.typesfile is also kept parallel to custom conf file: -
nginx -g 'daemon off;' -c /Users/<<username>>/u/nginx/nginx.conf -
If original request passes via an API gateway which injects or renames some header, we can use the
proxy_set_headere.g.
location /
{ ...
proxy_set_header x-ibm-client-id xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx;
...
}
- Sample NGINX conf file with
multiple monitored localhost PORTSwhich Spring app uses andproxy LOCATION to which NGINX delegates:
worker_processes 1;
## MIH
#daemon off;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
## MIH
access_log /Users/<<USER ID>>/u/nginx/logs/host.access.log;
error_log /Users/<<USER ID>>/u/nginx/logs/error.log debug;
server {
## MIH
listen 6081;
ignore_invalid_headers on;
location / {
## MIH
proxy_pass https://<<HOST1>>;
# Below causes weird 404;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
# MIH proxy_set_header HEADER_NAME_XXX HEADER_VALUE_XXX;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x-ibm-client-id <<CLIENT ID>>;
#proxy_ssl_verify off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
## MIH
listen 3091;
ignore_invalid_headers on;
location / {
## MIH
proxy_pass https://<<HOST2 WITH FULL URL REWRITE To BLANK OUT BROWSER VISIBLE PATH AND RE-INSERT DIFFERENT HERE /pref...>>/preferences/...channel-preferences;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x-ibm-client-id <<CLIENT ID>>;
proxy_set_header SM_USERDN CN=<<USER ID>>;
proxy_set_header CAAS_AUTHLEVEL 40;
proxy_set_header SM_SERVERSESSIONID <<SESSION ID>>;
#proxy_ssl_verify off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
## MIH
listen 3092;
ignore_invalid_headers on;
location / {
## MIH
proxy_pass https://<<HOST3>>;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x-ibm-client-id <<CLIENT ID>>;
proxy_set_header SM_USERDN CN=<<USER ID>>;
proxy_set_header CAAS_AUTHLEVEL 40;
proxy_set_header SM_SERVERSESSIONID <<SESSION ID>>;
#proxy_ssl_verify off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include servers/*;
}
- Sample React
config-overrides.js(like ZUUL) doing URL pattern matching and redirecting to different PORTS
devServer: function (configFunction) {
return function (proxy, allowedHost) {
const config = configFunction(proxy, allowedHost);
config.proxy = {
...config.proxy,
// Preference service
'/_REPO_1_/preferences/_REPO_2_/_REPO_2_-ui': {
target: 'http://localhost:3081', // Local Eclipse >> Local NGINX
secure: false,
logLevel: 'debug',
changeOrigin: true,
// FULL pathRewrite and REMOVE, so ADD correct one in NGINX
pathRewrite: { '^/_REPO_1_/preferences/_REPO_2_/_REPO_2_-ui': '' }
},
// Token service
// For full control VIA NGINX, of UI fired URL, copy below from UI browser Network from ...host>> [THIS] <<? url params
// E.g. http://localhost:3000/_REPO_1_/oauth2/tokens?grant_type=authorization_code&client_id=_REPO_2_&redirect_uri=http://_REPO_2_/callback&state=_REPO_2_
'/_REPO_1_/oauth2/tokens': {
target: 'http://localhost:3082', // Local Eclipse >> Local NGINX
// target: 'https://_REPO_1_zuul-_REPO_3_-e2e4.apps.cpaas.service.test', // E2E4
secure: false,
logLevel: 'debug',
changeOrigin: true,
// Same as MATCHER above, but with ^
// PARTIAL pathRewrite and REMOVE
pathRewrite: { '^/_REPO_1_': '' }
},
// BFF
'/_REPO_2_-api/_REPO_2_-bff': {
target: 'http://localhost:8280/', // Local Spring
secure: false,
logLevel: 'debug',
changeOrigin: true,
logLevel: 'debug',
pathRewrite: { '^/_REPO_2_-api/_REPO_2_-bff': '' }
},
// WFLOW
'/_REPO_2_-api/_REPO_2_-workflow': {
target: 'http://localhost:8281/', // Local Spring
secure: false,
logLevel: 'debug',
changeOrigin: true,
logLevel: 'debug',
pathRewrite: { '^/_REPO_2_-api/_REPO_2_-workflow': '' }
},
// CRUD
'/_REPO_2_-api/_REPO_2B_-crud': {
target: 'http://localhost:8282/', // Local Spring
secure: false,
logLevel: 'debug',
changeOrigin: true,
pathRewrite: { '^/_REPO_2_-api/_REPO_2B_-crud': '' }
},
// BENE
'/_REPO_2_-api/_REPO_4_/': {
target: 'http://localhost:8283/', // Local Spring
secure: false,
logLevel: 'debug',
changeOrigin: true,
pathRewrite: { '^/_REPO_2_-api/_REPO_4_/': '' }
},
// TMPL
'/_REPO_2_-api/_REPO_5_/': {
target: 'http://localhost:8284/', // Local Spring
secure: false,
logLevel: 'debug',
changeOrigin: true,
pathRewrite: { '^/_REPO_2_-api/_REPO_5_': '' }
},
// SCHED
'/_REPO_2_-api/_REPO_2_-_REPO_6_': {
target: 'http://localhost:8285/', // Local Spring
secure: false,
logLevel: 'debug',
changeOrigin: true,
pathRewrite: { '^/_REPO_2_-api/_REPO_2_-_REPO_6_': '' }
}
};
return config;
};
},