How to make an existing caching Nginx proxy use another proxy to bypass a firewall?How to set up Nginx as a caching reverse proxy?nginx reverse proxyNginx proxy_pass reverse proxying behind corporate firewallLoad Balancer and Proxy for Meteor not passing to 127.0.0.1 - Too Many Redirects?How to match string in URL using NginxSame location with different proxy urls nginxnginx proxy caching not workingCan't get nginx caching to works over https reverse proxyWhy does Nginx not just forward the POST request instead of 302Nginx caching reverse proxy with URL rewrite
What is wrong with this proof that symmetric matrices commute?
Cycle through MeshStyle directives in ListLinePlot
Someone whose aspirations exceed abilities or means
How to signal to my players that the following part is supposed to be played on fast forward?
Why would future John risk sending back a T-800 to save his younger self?
Is using haveibeenpwned to validate password strength rational?
Fixing obscure 8080 emulator bug?
What do abbreviations in movie scripts stand for?
Overlapping String-Blocks
Is the term 'open source' a trademark?
A curious prime counting approximation or just data overfitting?
Taxi Services at Didcot
How to hide an urban landmark?
Are there any important biographies of nobodies?
How to return a security deposit to a tenant
Second (easy access) account in case my bank screws up
Is it legal for a bar bouncer to conficaste a fake ID
What's up with this leaf?
What is the highest possible permanent AC at character creation?
How to tell your grandparent to not come to fetch you with their car?
Would the US government be able to hold control if all electronics were disabled for an indefinite amount of time?
Mobile App Appraisal
System.StringException: Unexpected end of expression
Recommended tools for graphs and charts
How to make an existing caching Nginx proxy use another proxy to bypass a firewall?
How to set up Nginx as a caching reverse proxy?nginx reverse proxyNginx proxy_pass reverse proxying behind corporate firewallLoad Balancer and Proxy for Meteor not passing to 127.0.0.1 - Too Many Redirects?How to match string in URL using NginxSame location with different proxy urls nginxnginx proxy caching not workingCan't get nginx caching to works over https reverse proxyWhy does Nginx not just forward the POST request instead of 302Nginx caching reverse proxy with URL rewrite
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
My question is about using Nginx as a proxy behind another proxy. (Somewhat confusing.)
I want to set up Nginx so it acts as a caching proxy server to an npm mirror. Here is the link:
http://eng.yammer.com/a-private-npm-cache/
On my local machine, which is not restricted by a firewall, the following configuration works fine:
proxy_cache_path /var/cache/npm/data levels=1:2 keys_zone=npm:20m max_size=1000m
inactive=365d;
proxy_temp_path /var/cache/npm/tmp;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass http://registry.npmjs.org/;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
Now I want to apply it to a server that is behind an additional firewall. In the logs, I can confirm that it accesses the correct upstream IP, but the request fails because of the internal firewall.
We have one internal proxy, which I can use to bypass the firewall, for example:
$ curl http://registry.npmjs.org
curl: (7) couldn't connect to host
$ http_proxy=http://proxy.abc.lan:1234/ curl http://registry.npmjs.org
... succeeds ...
This trick does not work with Nginx, as it ignores the http_proxy environment variable. After reading the documentation, I still could not figure out how to modify the configuration, so that it can use the proxy internally.
Is it possible to combine both solutions? It is important that the caching still works, otherwise, you can just use the external mirror registry.npmjs.org directly.
Maybe, Nginx should use the internal proxy (proxy.abc.lan) as proxy_pass, but then how does the internal proxy know that the request should be sent to the external npm mirror (http://registry.npmjs.org)?
Update to Lukas answer
I tried Lukas solution:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
The logs show that the URL is rewritten but it results in a redirect (triggered by curl classen.abc.lan/test-url):
2014/03/24 11:31:16 [notice] 13827#0: *2 rewritten redirect: "http://registry.npmjs.org/test-url", client: 172.18.40.33, server: classen.abc.lan, request: "GET /test-url HTTP/1.1", host: "classen.abc.lan"
The result of the curl call is not the expected JSON string from http://registry.npmjs.org but a html page generated by Nginx:
$ curl classen.abc.lan/test-url
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.4.7</center>
</body>
</html>
nginx firewall proxy cache
asked Mar 21 '14 at 18:11
Philipp ClaßenPhilipp Claßen
226416
add a comment |
My question is about using Nginx as a proxy behind another proxy. (Somewhat confusing.)
I want to set up Nginx so it acts as a caching proxy server to an npm mirror. Here is the link:
http://eng.yammer.com/a-private-npm-cache/
On my local machine, which is not restricted by a firewall, the following configuration works fine:
proxy_cache_path /var/cache/npm/data levels=1:2 keys_zone=npm:20m max_size=1000m
inactive=365d;
proxy_temp_path /var/cache/npm/tmp;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass http://registry.npmjs.org/;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
Now I want to apply it to a server that is behind an additional firewall. In the logs, I can confirm that it accesses the correct upstream IP, but the request fails because of the internal firewall.
We have one internal proxy, which I can use to bypass the firewall, for example:
$ curl http://registry.npmjs.org
curl: (7) couldn't connect to host
$ http_proxy=http://proxy.abc.lan:1234/ curl http://registry.npmjs.org
... succeeds ...
This trick does not work with Nginx, as it ignores the http_proxy environment variable. After reading the documentation, I still could not figure out how to modify the configuration, so that it can use the proxy internally.
Is it possible to combine both solutions? It is important that the caching still works, otherwise, you can just use the external mirror registry.npmjs.org directly.
Maybe, Nginx should use the internal proxy (proxy.abc.lan) as proxy_pass, but then how does the internal proxy know that the request should be sent to the external npm mirror (http://registry.npmjs.org)?
Update to Lukas answer
I tried Lukas solution:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
The logs show that the URL is rewritten but it results in a redirect (triggered by curl classen.abc.lan/test-url):
2014/03/24 11:31:16 [notice] 13827#0: *2 rewritten redirect: "http://registry.npmjs.org/test-url", client: 172.18.40.33, server: classen.abc.lan, request: "GET /test-url HTTP/1.1", host: "classen.abc.lan"
The result of the curl call is not the expected JSON string from http://registry.npmjs.org but a html page generated by Nginx:
$ curl classen.abc.lan/test-url
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.4.7</center>
</body>
</html>
nginx firewall proxy cache
asked Mar 21 '14 at 18:11
Philipp ClaßenPhilipp Claßen
226416
add a comment |
My question is about using Nginx as a proxy behind another proxy. (Somewhat confusing.)
I want to set up Nginx so it acts as a caching proxy server to an npm mirror. Here is the link:
http://eng.yammer.com/a-private-npm-cache/
On my local machine, which is not restricted by a firewall, the following configuration works fine:
proxy_cache_path /var/cache/npm/data levels=1:2 keys_zone=npm:20m max_size=1000m
inactive=365d;
proxy_temp_path /var/cache/npm/tmp;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass http://registry.npmjs.org/;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
Now I want to apply it to a server that is behind an additional firewall. In the logs, I can confirm that it accesses the correct upstream IP, but the request fails because of the internal firewall.
We have one internal proxy, which I can use to bypass the firewall, for example:
$ curl http://registry.npmjs.org
curl: (7) couldn't connect to host
$ http_proxy=http://proxy.abc.lan:1234/ curl http://registry.npmjs.org
... succeeds ...
This trick does not work with Nginx, as it ignores the http_proxy environment variable. After reading the documentation, I still could not figure out how to modify the configuration, so that it can use the proxy internally.
Is it possible to combine both solutions? It is important that the caching still works, otherwise, you can just use the external mirror registry.npmjs.org directly.
Maybe, Nginx should use the internal proxy (proxy.abc.lan) as proxy_pass, but then how does the internal proxy know that the request should be sent to the external npm mirror (http://registry.npmjs.org)?
Update to Lukas answer
I tried Lukas solution:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
The logs show that the URL is rewritten but it results in a redirect (triggered by curl classen.abc.lan/test-url):
2014/03/24 11:31:16 [notice] 13827#0: *2 rewritten redirect: "http://registry.npmjs.org/test-url", client: 172.18.40.33, server: classen.abc.lan, request: "GET /test-url HTTP/1.1", host: "classen.abc.lan"
The result of the curl call is not the expected JSON string from http://registry.npmjs.org but a html page generated by Nginx:
$ curl classen.abc.lan/test-url
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.4.7</center>
</body>
</html>
nginx firewall proxy cache
asked Mar 21 '14 at 18:11
Philipp ClaßenPhilipp Claßen
226416
My question is about using Nginx as a proxy behind another proxy. (Somewhat confusing.)
I want to set up Nginx so it acts as a caching proxy server to an npm mirror. Here is the link:
http://eng.yammer.com/a-private-npm-cache/
On my local machine, which is not restricted by a firewall, the following configuration works fine:
proxy_cache_path /var/cache/npm/data levels=1:2 keys_zone=npm:20m max_size=1000m
inactive=365d;
proxy_temp_path /var/cache/npm/tmp;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass http://registry.npmjs.org/;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
Now I want to apply it to a server that is behind an additional firewall. In the logs, I can confirm that it accesses the correct upstream IP, but the request fails because of the internal firewall.
We have one internal proxy, which I can use to bypass the firewall, for example:
$ curl http://registry.npmjs.org
curl: (7) couldn't connect to host
$ http_proxy=http://proxy.abc.lan:1234/ curl http://registry.npmjs.org
... succeeds ...
This trick does not work with Nginx, as it ignores the http_proxy environment variable. After reading the documentation, I still could not figure out how to modify the configuration, so that it can use the proxy internally.
Is it possible to combine both solutions? It is important that the caching still works, otherwise, you can just use the external mirror registry.npmjs.org directly.
Maybe, Nginx should use the internal proxy (proxy.abc.lan) as proxy_pass, but then how does the internal proxy know that the request should be sent to the external npm mirror (http://registry.npmjs.org)?
Update to Lukas answer
I tried Lukas solution:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
The logs show that the URL is rewritten but it results in a redirect (triggered by curl classen.abc.lan/test-url):
2014/03/24 11:31:16 [notice] 13827#0: *2 rewritten redirect: "http://registry.npmjs.org/test-url", client: 172.18.40.33, server: classen.abc.lan, request: "GET /test-url HTTP/1.1", host: "classen.abc.lan"
The result of the curl call is not the expected JSON string from http://registry.npmjs.org but a html page generated by Nginx:
$ curl classen.abc.lan/test-url
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.4.7</center>
</body>
</html>
nginx firewall proxy cache
nginx firewall proxy cache
asked Mar 21 '14 at 18:11
Philipp ClaßenPhilipp Claßen
226416
asked Mar 21 '14 at 18:11
Philipp ClaßenPhilipp Claßen
226416
edited Mar 24 '14 at 10:41
Philipp Claßen
asked Mar 21 '14 at 18:11
Philipp ClaßenPhilipp Claßen
226416
asked Mar 21 '14 at 18:11
Philipp ClaßenPhilipp Claßen
226416
asked Mar 21 '14 at 18:11
Philipp ClaßenPhilipp Claßen
226416
226416
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
The issue with Lukas's solution is HttpRewriteModule , which automatically turns everything with http(s) at the front into a 302.
If you instead do the rewrite in two stages - the second one 'break' - it should work. e.g.
rewrite ^(.*)$ "://registry.npmjs.org$1";
rewrite ^(.*)$ "http$1" break;
proxy_pass http://proxy.abc.lan:1234;
I suspect there's a nicer way to do this, but it appears to work.
answered Apr 20 '15 at 4:38
james.haggertyjames.haggerty
1413
This really worked!!! I am using nginx as forward proxy behind a corporate proxy. My config:rewrite ^(.*)$ "://$http_host$uri$is_args$args" break;rewrite ^(.*)$ "http$uri$is_args$args" break;proxy_pass http://proxy.abc.lan:3128;
– Prashant Borde
Oct 1 '16 at 18:30
1
Should the first rewrite not "break"? Also, I think people would appreciate it if you can mention https proxy is not supported by Nginx.
– blurrcat
Oct 11 '17 at 5:40
@blurrcat you are right. In addition, it does not support reverse proxy to https website.
– ipcjs
Sep 28 '18 at 8:31
add a comment |
RFC 2616, Section 5.1.2 states
The absoluteURI form is REQUIRED when the request is being made to a proxy.
[...]
An example Request-Line would be:GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1
So what you are supposed to do is pass the request to the proxy with those modified directives:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
According to the nginx docs, using rewrite ... break; will force nginx to use the rewritten URI (now an absolute URI as the protocol requires) instead of trying to build it from the proxy_pass directive.
answered Mar 23 '14 at 4:12
LukasLukas
889512
Thanks for your answer. Unfortunately, I could not get it to work. Maybe I am missing something. I edited my answer to show what I have tried.
– Philipp Claßen
Mar 24 '14 at 10:43
add a comment |
I think it may be simpler than either of the examples above. They are using rewrite to rewrite the url, I think you can use proxy_pass but pass the url to the proxy setting the host header param to the location you want to go to. e.g.
http {
upstream corporate_proxy
server web-proxy.mycorp.com:8080;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass_header on;
proxy_set_header Host "registry.npmjs.org";
proxy_pass http://corporate_proxy;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
answered Oct 28 '15 at 8:45
Mark DMark D
11615
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f583743%2fhow-to-make-an-existing-caching-nginx-proxy-use-another-proxy-to-bypass-a-firewa%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
The issue with Lukas's solution is HttpRewriteModule , which automatically turns everything with http(s) at the front into a 302.
If you instead do the rewrite in two stages - the second one 'break' - it should work. e.g.
rewrite ^(.*)$ "://registry.npmjs.org$1";
rewrite ^(.*)$ "http$1" break;
proxy_pass http://proxy.abc.lan:1234;
I suspect there's a nicer way to do this, but it appears to work.
answered Apr 20 '15 at 4:38
james.haggertyjames.haggerty
1413
This really worked!!! I am using nginx as forward proxy behind a corporate proxy. My config:rewrite ^(.*)$ "://$http_host$uri$is_args$args" break;rewrite ^(.*)$ "http$uri$is_args$args" break;proxy_pass http://proxy.abc.lan:3128;
– Prashant Borde
Oct 1 '16 at 18:30
1
Should the first rewrite not "break"? Also, I think people would appreciate it if you can mention https proxy is not supported by Nginx.
– blurrcat
Oct 11 '17 at 5:40
@blurrcat you are right. In addition, it does not support reverse proxy to https website.
– ipcjs
Sep 28 '18 at 8:31
add a comment |
The issue with Lukas's solution is HttpRewriteModule , which automatically turns everything with http(s) at the front into a 302.
If you instead do the rewrite in two stages - the second one 'break' - it should work. e.g.
rewrite ^(.*)$ "://registry.npmjs.org$1";
rewrite ^(.*)$ "http$1" break;
proxy_pass http://proxy.abc.lan:1234;
I suspect there's a nicer way to do this, but it appears to work.
answered Apr 20 '15 at 4:38
james.haggertyjames.haggerty
1413
This really worked!!! I am using nginx as forward proxy behind a corporate proxy. My config:rewrite ^(.*)$ "://$http_host$uri$is_args$args" break;rewrite ^(.*)$ "http$uri$is_args$args" break;proxy_pass http://proxy.abc.lan:3128;
– Prashant Borde
Oct 1 '16 at 18:30
1
Should the first rewrite not "break"? Also, I think people would appreciate it if you can mention https proxy is not supported by Nginx.
– blurrcat
Oct 11 '17 at 5:40
@blurrcat you are right. In addition, it does not support reverse proxy to https website.
– ipcjs
Sep 28 '18 at 8:31
add a comment |
The issue with Lukas's solution is HttpRewriteModule , which automatically turns everything with http(s) at the front into a 302.
If you instead do the rewrite in two stages - the second one 'break' - it should work. e.g.
rewrite ^(.*)$ "://registry.npmjs.org$1";
rewrite ^(.*)$ "http$1" break;
proxy_pass http://proxy.abc.lan:1234;
I suspect there's a nicer way to do this, but it appears to work.
answered Apr 20 '15 at 4:38
james.haggertyjames.haggerty
1413
The issue with Lukas's solution is HttpRewriteModule , which automatically turns everything with http(s) at the front into a 302.
If you instead do the rewrite in two stages - the second one 'break' - it should work. e.g.
rewrite ^(.*)$ "://registry.npmjs.org$1";
rewrite ^(.*)$ "http$1" break;
proxy_pass http://proxy.abc.lan:1234;
I suspect there's a nicer way to do this, but it appears to work.
answered Apr 20 '15 at 4:38
james.haggertyjames.haggerty
1413
edited Sep 29 '18 at 21:15
answered Apr 20 '15 at 4:38
james.haggertyjames.haggerty
1413
answered Apr 20 '15 at 4:38
james.haggertyjames.haggerty
1413
answered Apr 20 '15 at 4:38
james.haggertyjames.haggerty
1413
1413
This really worked!!! I am using nginx as forward proxy behind a corporate proxy. My config:rewrite ^(.*)$ "://$http_host$uri$is_args$args" break;rewrite ^(.*)$ "http$uri$is_args$args" break;proxy_pass http://proxy.abc.lan:3128;
– Prashant Borde
Oct 1 '16 at 18:30
1
Should the first rewrite not "break"? Also, I think people would appreciate it if you can mention https proxy is not supported by Nginx.
– blurrcat
Oct 11 '17 at 5:40
@blurrcat you are right. In addition, it does not support reverse proxy to https website.
– ipcjs
Sep 28 '18 at 8:31
add a comment |
This really worked!!! I am using nginx as forward proxy behind a corporate proxy. My config:rewrite ^(.*)$ "://$http_host$uri$is_args$args" break;rewrite ^(.*)$ "http$uri$is_args$args" break;proxy_pass http://proxy.abc.lan:3128;
– Prashant Borde
Oct 1 '16 at 18:30
1
Should the first rewrite not "break"? Also, I think people would appreciate it if you can mention https proxy is not supported by Nginx.
– blurrcat
Oct 11 '17 at 5:40
@blurrcat you are right. In addition, it does not support reverse proxy to https website.
– ipcjs
Sep 28 '18 at 8:31
This really worked!!! I am using nginx as forward proxy behind a corporate proxy. My config:
rewrite ^(.*)$ "://$http_host$uri$is_args$args" break; rewrite ^(.*)$ "http$uri$is_args$args" break; proxy_pass http://proxy.abc.lan:3128;– Prashant Borde
Oct 1 '16 at 18:30
This really worked!!! I am using nginx as forward proxy behind a corporate proxy. My config:
rewrite ^(.*)$ "://$http_host$uri$is_args$args" break; rewrite ^(.*)$ "http$uri$is_args$args" break; proxy_pass http://proxy.abc.lan:3128;– Prashant Borde
Oct 1 '16 at 18:30
1
1
Should the first rewrite not "break"? Also, I think people would appreciate it if you can mention https proxy is not supported by Nginx.
– blurrcat
Oct 11 '17 at 5:40
Should the first rewrite not "break"? Also, I think people would appreciate it if you can mention https proxy is not supported by Nginx.
– blurrcat
Oct 11 '17 at 5:40
@blurrcat you are right. In addition, it does not support reverse proxy to https website.
– ipcjs
Sep 28 '18 at 8:31
@blurrcat you are right. In addition, it does not support reverse proxy to https website.
– ipcjs
Sep 28 '18 at 8:31
add a comment |
RFC 2616, Section 5.1.2 states
The absoluteURI form is REQUIRED when the request is being made to a proxy.
[...]
An example Request-Line would be:GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1
So what you are supposed to do is pass the request to the proxy with those modified directives:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
According to the nginx docs, using rewrite ... break; will force nginx to use the rewritten URI (now an absolute URI as the protocol requires) instead of trying to build it from the proxy_pass directive.
answered Mar 23 '14 at 4:12
LukasLukas
889512
Thanks for your answer. Unfortunately, I could not get it to work. Maybe I am missing something. I edited my answer to show what I have tried.
– Philipp Claßen
Mar 24 '14 at 10:43
add a comment |
RFC 2616, Section 5.1.2 states
The absoluteURI form is REQUIRED when the request is being made to a proxy.
[...]
An example Request-Line would be:GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1
So what you are supposed to do is pass the request to the proxy with those modified directives:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
According to the nginx docs, using rewrite ... break; will force nginx to use the rewritten URI (now an absolute URI as the protocol requires) instead of trying to build it from the proxy_pass directive.
answered Mar 23 '14 at 4:12
LukasLukas
889512
Thanks for your answer. Unfortunately, I could not get it to work. Maybe I am missing something. I edited my answer to show what I have tried.
– Philipp Claßen
Mar 24 '14 at 10:43
add a comment |
RFC 2616, Section 5.1.2 states
The absoluteURI form is REQUIRED when the request is being made to a proxy.
[...]
An example Request-Line would be:GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1
So what you are supposed to do is pass the request to the proxy with those modified directives:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
According to the nginx docs, using rewrite ... break; will force nginx to use the rewritten URI (now an absolute URI as the protocol requires) instead of trying to build it from the proxy_pass directive.
answered Mar 23 '14 at 4:12
LukasLukas
889512
RFC 2616, Section 5.1.2 states
The absoluteURI form is REQUIRED when the request is being made to a proxy.
[...]
An example Request-Line would be:GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1
So what you are supposed to do is pass the request to the proxy with those modified directives:
rewrite ^(.*)$ "http://registry.npmjs.org$1" break;
proxy_pass http://proxy.abc.lan:1234;
According to the nginx docs, using rewrite ... break; will force nginx to use the rewritten URI (now an absolute URI as the protocol requires) instead of trying to build it from the proxy_pass directive.
answered Mar 23 '14 at 4:12
LukasLukas
889512
edited Mar 23 '14 at 4:18
answered Mar 23 '14 at 4:12
LukasLukas
889512
answered Mar 23 '14 at 4:12
LukasLukas
889512
answered Mar 23 '14 at 4:12
LukasLukas
889512
889512
Thanks for your answer. Unfortunately, I could not get it to work. Maybe I am missing something. I edited my answer to show what I have tried.
– Philipp Claßen
Mar 24 '14 at 10:43
add a comment |
Thanks for your answer. Unfortunately, I could not get it to work. Maybe I am missing something. I edited my answer to show what I have tried.
– Philipp Claßen
Mar 24 '14 at 10:43
Thanks for your answer. Unfortunately, I could not get it to work. Maybe I am missing something. I edited my answer to show what I have tried.
– Philipp Claßen
Mar 24 '14 at 10:43
Thanks for your answer. Unfortunately, I could not get it to work. Maybe I am missing something. I edited my answer to show what I have tried.
– Philipp Claßen
Mar 24 '14 at 10:43
add a comment |
I think it may be simpler than either of the examples above. They are using rewrite to rewrite the url, I think you can use proxy_pass but pass the url to the proxy setting the host header param to the location you want to go to. e.g.
http {
upstream corporate_proxy
server web-proxy.mycorp.com:8080;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass_header on;
proxy_set_header Host "registry.npmjs.org";
proxy_pass http://corporate_proxy;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
answered Oct 28 '15 at 8:45
Mark DMark D
11615
add a comment |
I think it may be simpler than either of the examples above. They are using rewrite to rewrite the url, I think you can use proxy_pass but pass the url to the proxy setting the host header param to the location you want to go to. e.g.
http {
upstream corporate_proxy
server web-proxy.mycorp.com:8080;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass_header on;
proxy_set_header Host "registry.npmjs.org";
proxy_pass http://corporate_proxy;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
answered Oct 28 '15 at 8:45
Mark DMark D
11615
add a comment |
I think it may be simpler than either of the examples above. They are using rewrite to rewrite the url, I think you can use proxy_pass but pass the url to the proxy setting the host header param to the location you want to go to. e.g.
http {
upstream corporate_proxy
server web-proxy.mycorp.com:8080;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass_header on;
proxy_set_header Host "registry.npmjs.org";
proxy_pass http://corporate_proxy;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
answered Oct 28 '15 at 8:45
Mark DMark D
11615
I think it may be simpler than either of the examples above. They are using rewrite to rewrite the url, I think you can use proxy_pass but pass the url to the proxy setting the host header param to the location you want to go to. e.g.
http {
upstream corporate_proxy
server web-proxy.mycorp.com:8080;
server
listen 80;
server_name classen.abc.lan;
location /
proxy_pass_header on;
proxy_set_header Host "registry.npmjs.org";
proxy_pass http://corporate_proxy;
proxy_cache npm;
proxy_cache_valid 200 302 365d;
proxy_cache_valid 404 1m;
sub_filter 'registry.npmjs.org' 'classen.abc.lan';
sub_filter_once off;
sub_filter_types application/json;
answered Oct 28 '15 at 8:45
Mark DMark D
11615
answered Oct 28 '15 at 8:45
Mark DMark D
11615
answered Oct 28 '15 at 8:45
Mark DMark D
11615
answered Oct 28 '15 at 8:45
Mark DMark D
11615
11615
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f583743%2fhow-to-make-an-existing-caching-nginx-proxy-use-another-proxy-to-bypass-a-firewa%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
