So I have a webserver running nginx, and I want to use it as a reverse proxy to access web applications running elsewhere. I know this is a pretty standard use case, and that the traditional approach is to use virtual hosts to proxy the different apps.
Like, normally you would do something like:
- https://app1.webserver.something => app1.host:3000
- https://app2.webserver.something => app2.host:1234
- https://app3.webserver.something => app3.host:8080
I am familiar with this approach, and know how to set it up.
In this case, there is a catch though. For reasons that I can’t get into here, I can’t use virtual hosts, and everything should be hosted in the same webserver.something domain. So I thought I would use a subpath to host each app.
What I want to do is this basically:
- https://webserver.something/app1 => app1.host:3000
- https://webserver.something/app2 => app2.host:1234
- https://webserver.something/app3 => app3.host:8080
In my nginx config file I have something like this:
upstream app1 {
server app1.host:3000;
}
server {
...
location /app1 {
proxy_pass http://app1/;
}
...
}
This works to the extent that all requests going to /app1/* get forwarded to the correct application host. The issue though is that the application itself uses absolute paths to reference some resources. For example, app1 will try to reference a resource like /_app/something/something.js, which of course produces a 404 error.
I suppose that for this particular error I could map /_app/ to the app1 application host with another location statement, but that seems dirty to me and I don’t like it. First off it could quickly become a game of whack-a-mole, trying to get all the absolute paths remapped, and secondly it could easily lead to conflicts if other applications use that absolute path too.
So I guess my question is: is there a way to do this cleanly, and dynamically rewrite those absolute paths per app?
You must log in or register to comment.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL nginx Popular HTTP server
5 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #61 for this sub, first seen 18th Aug 2023, 14:05] [FAQ] [Full list] [Contact] [Source code]
You’ll need to check the documentation of every app, they usually have an option to set a base path so the app will add that base path to every link and resource.
If some of the apps don’t have support for that, the next option would be to build from source and patch all the links yourself.
Apps control the URLs. They either provide configuration for that and then you have to set them up manually, or they don’t and you’re screwed. Use sub-domains. You can use the wildcard domain (
*) to point everything to the same IP address and then let nginx deal with it.You can use the wildcard domain
Yeah the problem was more that this machine is running on a network where I don’t really control the DNS. That is to say, there’s a shitty ISP router with DHCP and automatic dynamic DNS baked in, but no way to add additional manual entries for vhosts.
I thought about screwing with the
/etc/hostsfile to get around it but what I ended up doing instead is installing a pihole docker for DNS (something I had been contemplating anyway), pointing it to the router’s DNS, so every local DNS name still resolves, and then added manual entries for the vhosts.Another issue I didn’t really want to deal with was regenerating the TLS certificate for the nginx server to make it valid for every vhost, but I just bit through that bullet.
If you’re serious about self hosting, you shouldn’t use an ISP router. Buy a proper router which will allow you to dynamically manage DNS records. My recommendation would be top end ASUS routers.
For SSL certificate management, use https://nginxproxymanager.com/ You just add a new domain there and it will fetch and manage a certificate for the domain.
