[TriLUG] Help with proxy setup

Ron Kelley rkelleyrtp at gmail.com
Tue Dec 3 18:25:05 EST 2013 

Thanks Igor!  That worked!  

Just for my own reference (so I can google this in the future), here is what I am running on the proxy server (please let me know if you see something wrong):

————————————————————————————
user              nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events { worker_connections  1024; }

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' 
                      '$status $body_bytes_sent "$http_referer" ' 
                      '"$http_user_agent" "$http_x_forwarded_for"';

   access_log  /var/log/nginx/access.log  main;
   sendfile       on;
   tcp_nopush     on;
   keepalive_timeout  0;

    server {
            listen 80;
            server_name _;
            location / {
               resolver 172.16.0.21;
               proxy_redirect             off;
               proxy_pass http://$host$request_uri;
               proxy_set_header Host $host ;
               proxy_set_header        Referer         $http_referer;
               proxy_set_header        X-Real-IP       $remote_addr;
               proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header        X-Forwarded-Protocol  $scheme;
            }
   }
}
————————————————————————————

Thanks again for the great assist!


-Ron







On Dec 3, 2013, at 4:50 PM, Igor Partola <igor at igorpartola.com> wrote:

Ah, that makes sense. Look at http://wiki.nginx.org/HttpCoreModule#.24uri.
The $uri variable does not include the query part, so it would strip off
the ?page_id=317. Take a look at $request_uri instead (
http://wiki.nginx.org/HttpCoreModule#.24request_uri). Alternatively, just
set it like so:

   proxy_pass http://$host;

Note that this is somewhat of a security vulnerability as I could make
requests to port 80 on any machine on your network, not just your WordPress
servers. After all, the $host variable is specified in the request by the
user, so it can be forged. It might be a good idea to restrict your
"server_name" variable and create a second vhost as a catch-all for any
domains you did not intend to support.

Igor
-- 
This message was sent to: Ron Kelley <rkelleyrtp at gmail.com>
To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web	: http://www.trilug.org/mailman/options/trilug/rkelleyrtp%40gmail.com
Welcome to TriLUG: http://trilug.org/welcome

More information about the TriLUG mailing list