0

I am setting up nginx as a reverse proxy. I have only used Apache before, and without virtual hosts.

I want my users to be able to access various intranet web services by simply typing the name of the service into the address bar. E.g. to type "timesheets" rather than "timesheets.intranet.local".

On a client machine if I use "wget" or a browser to access the FQDN for the site (timesheets.intranet.local) then everything is fine.

On a client machine if I use "wget" or a browser to access the plain hostname for the site (timesheets) then it fails.

If I use "wget" locally on the nginx server machine then both work fine.

My site config looks like:

server {
  server_name timesheets timesheets.intranet.local;

  location / {
    proxy_pass http://127.0.0.1:8080;
  }

  listen [::]:443 ssl ipv6only=on;
  listen 443 ssl;
  ssl_certificate /root/timesheet.crt;
  ssl_certificate_key /root/timesheet.key;
}

Name resolution is not the problem. "wget" on the client machine correctly resolves the IP address but still fails to retrieve the page.

  • Are you saying that ping, nslookup and wget work correctly on the user's machine? – Richard Smith Jan 14 at 15:31
  • Do you want it to be timesheet or "timesheets"? You've specified one in the nginx configuration and the other in your narrative. Maybe you should set up both. – Michael Hampton Jan 14 at 22:50
  • @RSmith On the user's machine, ping, nslookup, and wget all report the correct IP address for the host. wget does not work on the users machine but does work on the server itself. – AlastairG Jan 15 at 11:24
  • @MHampton, It's a typo. – AlastairG Jan 15 at 11:24
  • Maybe a ping and so on work because of some different resolution method, not DNS (i.e. NetBIOS or something other like that)? Then web browser might not support this resolution method and will not work. Try adding said unqualified names to hosts file explicitely. – Nikita Kipriyanov Jan 15 at 11:29
1

When configuring reverse proxying you must pay attention not only to a proxy configuration, but also consider a configuration of a service behind it.

Not only the proxy must accept a name in its virtualhost, but it must also issue a Host header which is expected to the backend. In this case easiest way is to configure both proxy and a backend to accept a short unqualified host name.

Alternate way might be to override which Host header proxy is sending to a backend. Then you only need your backend to server only that hostname. See this answer https://stackoverflow.com/questions/14352690/change-host-header-in-nginx-reverse-proxy

Not the answer you're looking for? Browse other questions tagged or ask your own question.