Nginx proxy_set_header base on verb

nginx

I have a buggy client which sends a bad Content-Type header when POSTing to a specific url. The API in question already sits behind an nginx 1.15 reverse proxy, so as a workaround until those clients can be patched, I'd like to just rewrite the Content-Type header for those requests. I naively tried to set it up like this:

location /api/file {
    if ($request_method = POST ) {
      proxy_set_header Content-Type "application/octet-stream";
    }
    proxy_pass http://<api server>/api/file;
}

But I get this error:

"proxy_set_header" directive is not allowed here

The same /api/file endpoint also supports GET and HEAD methods, which I'd prefer to leave alone. How can I configure this to only apply the proxy_set_header to POST requests?

Update

For now I've just removed the if block entirely and blanket applied the header. Sending Content-Type on a GET or HEAD makes no sense, but my API server ignores it in those cases, and this is already a hack anyway.

Best Answer

I would use map directive.

map $request_method $content_type_header {
  default $http_content_type;
  "POST"  "application/octet_stream";
}

server {
  ...
  location /api/file {
    proxy_pass http://server/api/file;
    proxy_set_header Content-Type $content_type_header;
  }
}

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

NGINX config proxy_set_header

I include a global proxy configuration (e.g. /etc/nginx/conf.d/02_proxy.conf) at the end of Nginx's main configuration file (/etc/nginx/nginx.conf):

...

events {
  worker_connections 1024;
  use epoll;
}

http {
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ...

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}

From the Nginx documentation:

The proxy_set_header directives are inherited from the previous level if and only if there are no proxy_set_header directives defined on the current level.

This means you can use a custom header on the server or location level to overwrite all global headers:

server {

  ...

  proxy_set_header X-RESET-CUSTOM-HEADERS true;

  ...
}

If you use additional proxy_set_header on the server or location level and want to keep the global ones, you must import this file again on that level.

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

NGINX config proxy_set_header

Related Topic