Nginx: proxy remote content

nginxPROXY

I'm trying to create a proxy that would load images from remote sites. The reason for this is to enable secure content to be loaded on our end even though the URLs are unsecured (which breaks our SSL badge).

Basically, if I request https://proxy.app.com/?url=http://www.google.lt/images/nav_logo242_hr.png

It would send the image via secure connection back to our users.

So far I've come up with:

server {
    listen 80;
    listen 443 ssl;
    server_name proxy.app.com;
    charset utf-8;

    location /?url=(.*) {
        proxy_pass $1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
...
}

But it returns the default Nginx page. What am I doing wrong?
Is this at all possible? I don't want to use a server side language for this.

Best Answer

Ok, I figured it out.

I ended up with:

server {
    listen 80;
    listen 443 ssl;
    server_name proxy.example.com;

    charset utf-8;

    location @error {
        return 404;
    }

    location / {
        # only allow GET requests
        if ($request_method != GET) {
            return 404;
        }

        # do not allow empty urls
        if ($arg_uri = "") {
            return 404;
        }

        # do not allow non-app request origin
        valid_referers none blocked *.example.com;
        if ($invalid_referer) {
            return 403;
        }

        resolver 8.8.8.8;
        proxy_intercept_errors on;
        proxy_pass $arg_uri;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        error_page 500 = @error;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.com-error.log error;

    sendfile off;

    client_max_body_size 100m;

    ssl_certificate     /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
}

Related Solutions

Nginx redirect issue with upstream configuration

This is because your upstream defined as 'http://findjob' and default for proxy_redirect is

proxy_redirect   http://findjob /;

And this means that nginx will strip string equal to first arg to proxy_redirect (http://findjob) from proxied Location:.

Use proxy_redirect off; instead to fix this issue. Check documentation for details.

Nginx – svn using nginx Commit failed: path not found

The request is being caught by your \.php$ location block, and being passed to PHP via FastCGI. You need to make sure that SVN requests are always proxied to Apache. If you don't need PHP on this virtual host, just remove that location directive. If you need PHP under specific paths, make the location block more specific, such as ^/phpstuff/.*\.php$. If that isn't possible, add an empty location block before the PHP one to catch .php files under the SVN repo paths, such as:

location ~ ^/elpis-repo/.*\.php$ {}

Best Answer

Related Solutions

Nginx redirect issue with upstream configuration

Nginx – svn using nginx Commit failed: path not found

Related Topic