Reputation: 5205
Nginx (HTTP Only) Reverse Proxy Settings in Production
I am playing around with Nginx and I successfully set up a simple (for now HTTP only) reverse proxy. As a newbie, I am wondering what would I need to modify to make this production ready. Which leads me to the following questions:
- Is there a way to unify the
proxy_set_headerdirective so that I don't need to repeat myself for every virtual host? - Am I missing any other important host header modifications than
X-Forwarded-Proto,X-Url-Scheme,X-Forwarded-ForandHost?
nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
gzip on;
# skip log_format/access_log
server {
listen 80;
server_name server1.company.com;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://server1; # IP or FQDN would be better here
}
}
server {
listen 80;
server_name server2.company.com;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://server2; # IP or FQDN would be better here
}
}
}
Any feedback/point to a direction would be appreciated.
Upvotes: 1
Views: 1376
Answers (1)
Reputation: 49692
If you place all of your proxy_set_header statements in the http block, they will be inherited into the server blocks and then into the location blocks. The inheritance only happens into blocks without another proxy_set_header statement. See this document for details.
Alternatively, place common statements into a separate file and pull them into any part of your configuration by using an include directive. See this document for details.
Which headers you should set is dependent on your application. But this article discusses preventing certain headers from being passed to the proxied server, e.g.
proxy_set_header Accept-Encoding "";
And this article mitigates the HTTPoxy vulnerability with:
proxy_set_header Proxy "";
Upvotes: 2
Related Questions
- Nginx Reverse proxy config
- I wonder reverse proxy server configuration with frontend server, api server, nginx server
- NGINX Reverse Proxy Configuration Structure
- How should I set up a reverse proxy with nginx?
- Nginx reverse proxy to frontend and backend
- Nginx configuration behind nginx reverse proxy
- Nginx reverse proxy redirect
- Nginx Multi-Workload Config - Website & Reverse Proxy
- Nginx reverse proxy setting
- Nginx reverse proxy configuration