Nginx reverse proxy is not working for API/v2_soap

I’m having a problem with a reverse proxy at nginx…

Problem ->

I have the server A with nginx that receive many connections by port 80 and 443… some connection come from api/rest and api/v2_soap… for these connections i made a proxy rule to redirect to connection to server B, that will process the api request

The Rule at server A:

location /api/rest { rewrite ^/api/rest(/.*)$   $  1 break; proxy_set_header X-Real-IP $  remote_addr; proxy_set_header X-Forwarded-For $  proxy_add_x_forwarded_for; proxy_set_header Host $  host:$  server_port; proxy_set_header X-NginX-Proxy true; proxy_set_header Upgrade $  http_upgrade; proxy_set_header Connection 'upgrade'; proxy_cache_bypass $  http_upgrade; proxy_pass http://10.0.0.2; proxy_redirect off; }   location /api/v2_soap { rewrite ^/api/v2_soap(/.*)$   $  1 break; proxy_set_header X-Real-IP $  remote_addr; proxy_set_header X-Forwarded-For $  proxy_add_x_forwarded_for; proxy_set_header Host $  host:$  server_port; proxy_set_header X-NginX-Proxy true; proxy_set_header Upgrade $  http_upgrade; proxy_set_header Connection 'upgrade'; proxy_cache_bypass $  http_upgrade; proxy_pass http://10.0.0.2; proxy_redirect off; } 

Fine… When i look inside server B nginx acess.log all connections are being redirect to server B.. Great…

But when the connection is being process , the server B access log show some GET request as status 200 and some POST requests as status 500

mydomain.com.br 10.0.0.2 – – [17/Jun/2019:15:35:21 -0300] “GET /api/v2_soap?wsdl=1 HTTP/1.0” 200 244478 “-” “-” “xxxx.xxxx.xxxx.xxxx”

mydomain.com.br 10.0.0.2 – – [17/Jun/2019:15:35:25 -0300] “GET /api/v2_soap?wsdl=1 HTTP/1.0” 200 244478 “-” “-” “xxxx.xxxx.xxxx.xxxx”

mydomain.com.br 10.0.0.2 – – [17/Jun/2019:15:35:26 -0300] “POST /api/v2_soap HTTP/1.0” 500 423 “-” “Axis/1.4” “xxxx.xxxx.xxxx.xxxx”

mydomain.com.br 10.0.0.2 – – [17/Jun/2019:15:35:28 -0300] “POST /api/v2_soap HTTP/1.0” 500 423 “-” “Axis/1.4” “xxxx.xxxx.xxxx.xxxx”

The configuration at nginx server B for api are:

# API config location /api/rest { rewrite ^/api/rest /api.php?type=rest last; }  # API config location /api/v2_soap { rewrite ^/api/v2_soap /api.php?type=v2_soap last; 

Now the question… what is wrong, what i must add, what i must do to apis rest and soap work fine at my server…

the central problem i think is soap connections… because i found some rest status POST and GET with status 200

Use Nginx to reverse proxy subdomains with SSL enabled [on hold]

I have two servers on my local network at home, and I recently purchased a domain, and I was wondering how I would use Nginx as a proxy to forward the traffic to the two servers based on their subdomains, with both using different Let’s Encrypt certificates on a per server basis. I have never use a reverse proxy or hosted a server with SSL so I am completely lost. Any help is much appreciated.

Reverse SSH – How to limit ports on server side

My system is SSH client that use the following SSH command in order to create a tunnel:

ssh -R 0:localhost:80 -TN -p 22 user@pass 

I use “0” so the port will be chosen randomly by the SSH server. Now i have the requirement that the port range need to be limited (to the range 4000 – 4100) but as the system’s software can’t be changed (A limitation i have) – I must to do this change in SSH server side. Is there anything I can do in SSH server side?

Adding elements of 2 linked list in reverse order

I solved a problem with JavaScript which has the following requirements:

  1. Two non-empty linked lists representing two non-negative integers.
  2. Digits stored in reverse order
  3. Each node contains a single digit
  4. Add the two numbers and return it as a linked list

Sample I/O:

Input: (2 -> 4 -> 3) + (5 -> 6 -> 4) Output: 7 -> 0 -> 8 Explanation: 342 + 465 = 807 

My code:

 /**  * Definition for singly-linked list.  * function ListNode(val) {  *     this.val = val;  *     this.next = null;  * }  */ /**  * @param {ListNode} l1  * @param {ListNode} l2  * @return {ListNode}  */ var addTwoNumbers = function(l1, l2) {   let l1Str = "";   let l2Str = "";   while (l1 !== null) {     l1Str += l1.val.toString();     l1 = l1.next;   }    while (l2 !== null) {     l2Str += l2.val.toString();     l2 = l2.next;   }    let sum = (BigInt(l1Str.split("").reverse().join("")) + BigInt(l2Str.split("").reverse().join(""))).toString();    let resultNodeList = new ListNode(sum[sum.length - 1]);   let resultHead = resultNodeList;   for (let i = sum.length - 2;i >= 0;i--) {     resultNodeList.next = new ListNode(sum[i]);     resultNodeList = resultNodeList.next;   }    return resultHead;  };  

Note: I had to use BigInt cause parseInt won’t work on big integers as expected.

Although it passed all test cases, what are some ways to improve this code in terms of both time and space complexity?

Why do I get “Type does not correspond to an entity on this site” when POSTing to REST api behind an Apache Reverse proxy?

I have the REST api configured to allow POSTing new users to /entity/user. On my local machine, it works just fine. Once I push up to my remote host, it stops working.

The key difference is that on my local machine, my site is running in a docker container bound to port 6050, so all rest calls go to localhost:6050.

On my remote host, I have docker configured behind an Apache 2.4 reverse proxy. So the docker container is still bound to 127.0.0.1:6050, but all requests should go to https://sub.example.tld/.

To summarize, posting a new user to http://localhost:6050/entity/user?_format=hal_json, with the appropriate X-CSRF-Token and Content-Type headers set, works. It returns 200.

Posting to https://sub.example.tld/entity/user?_format=hal_json, with the appropriate X-CSRF-Token and Content-Type headers set, does not. It returns 422 Unprocessable Entity.

{"message":"Type https:\/\/sub.example.tld\/rest\/type\/user\/user does not correspond to an entity on this site."} 

I do manually set the user’s “_links” array:

"_links": {         "type": {           "href": "https://sub.example.tld/rest/type/user/user"         }       }, 

I know that authentication isn’t the issue. My code is successfully accessing views that require authentication.

Since I think it might be something to do with these settings, I do have the following set:

  • $ settings['trusted_host_patterns'] = ["$ sub\.example\.tld$ "]
  • $ settings['reverse_proxy'] = TRUE;
  • $ settings['reverse_proxy_addresses'] = ["internal network ip","172.18.0.1","127.0.0.1"];

I’m running Drupal 8.7.3.

My docker image is based on php:7.1-apache.

Any ideas what I’m doing wrong?

Make `lighttpd` 1.4 reverse proxy serve an application from different path

I am trying to configure an application (Python Flask) to run behind a lighttpd reverse proxy. I am using lighttpd v1.4.53.

The part that fails has its root cause in the fact that the application is served from a subpath it is not aware of. So if a user accesses

https://www.example.com/myapp 

the request should be proxied to the application without the myapp path without the app knowing/handling that.

The following configuration makes the basics work (i.e. some HTML is returned, but for example without the CSS styling):

$  HTTP["url"] =~ "^/myapp/" {     proxy.server = (         "" => ( (             "host" => "backend",             "port" => 5000         ) )     )     proxy.header = (         "map-urlpath" => (             "/myapp/" => "/",             "/myapp"  => "",    # required? correct?          )      ) } 

The problem is that the app is generating (relative) links without the myapp part (of course). So for example in the HTML the link to the sylesheet is

<link rel=stylesheet type=text/css href="/static/styles.css"> 

which does not work. It should be (with the myapp part)

<link rel=stylesheet type=text/css href="/myapp/static/styles.css"> 

From the documentation of ModProxy I was hoping that proxy.header/map-urlpath would do the trick. But it apparently does not.

What would a correct lighttpd config look like? Or is this something that can (must?) be fixed in the Flask configuration? Note that I only have very limited (not to say “no”) influence on the Flask app.

I think “full blown” Web Application Firewalls (WAFs) are doing “rewrites” like this all the time, no?

But then, I found the following 4+ years old comment in another SF question: lighttpd reverse proxy rewrite which makes me fear that what I want might (still?) not be possible?

Forward GoDaddy subdomain to a different port on the same server (reverse proxy)

So here is the situation: I purchased a domain with GoDaddy (Jbc.ca) GoDaddy forwards to my no-ip domain currently as I have a dynamic IP address (however it does not change that frequently- so I could in theory have it forward directly to my IP address).

Now here is where it gets a little more complicated. I run a web server (Apache) on port 80 which is displayed when you visit (jbc.ca) I also have several other services that run on the same system: Plex- port 32400; Tautulli on port 7777; Ombi on port 5000; Lidarr on port 8686, Remotely Anywhere PC Access on 7000 and a separate Web Server (Microsoft IIS on port 9024).

Currently to access any of these services other than port 80 I have to do as follows: “http://Jbc.ca:Port#” ; so for example to access Ombi I have to type in http://jbc.ca:5000.

What I would like is to have my domain with subdomains for each port- so for example ombi.jbc.ca would in theory load port 5000 on the server, but would display ombi.plex.ca instead of redirecting and exposing the port number. Ra.jbc.ca would load port 7000 and so on…

I have read that this can be done with reverse proxy via apache or nginx (as I am running mamp pro for my main server) as well as IIS, however I have no clue how to accomplish this as to what needs to be changed/added on the server, which server would be best to accomplish this as well as what I’d have to modify on my GoDaddy domain.

Hopefully someone can help as I am totally stumped at this point.

Thanks in advance.

Apache Reverse Proxy+IIS+Client Certificate Authentication = sadface so far

After thorough research I have come to ask for assistance.

What I want is to create a configuration similar to what Apache/Tomcat have with I believe AJP only Apache to IIS.

I know due to TLS, IIS, x509, it is generally difficult as what I am wanting to do creates a MITM (Man-In-The-Middle)

Internet ==> Apache Reverse Proxy === IIS backend
Authentication Client certificate

I know the reason right now I am losing the header information on IIS is due to the TLS session ending after I hit…

Apache Reverse Proxy+IIS+Client Certificate Authentication = sadface so far

Using Simple-RT to set up reverse tethering

I’m attempting to use SimpleRT and the following binary files to set up reverse tethering from my Ubuntu 16.04 laptop which is connected to ethernet. I copied the binary into the subdirectory simple-rt-cli and ran it using sudo (sudo ./simple-rt). If I connect my phone to my laptop via USB after that, all seems to be working fine, SimpleRT notifies me on my phone that I was connected and my phone “believes” internet, but it does not work, there is absolutely zero traffic.

The script is looking for tun0, and so I set it up using OpenVPN (openvpn --mktun --dev tun0).

I now want to forward the requests from tun0 to eth0 (which I assume to be my ethernet connection). For the purpose of this, I followed the method described in the accepted answer for this question (note I left out the OpenVPN part mentioned, I only executed the iptables commands) : iptables forward traffic to vpn tunnel if open

But still, the script seems to not recognize tun0 as “valid” (see the output below).

libusb callback registered! Kernel driver is not active! Device supports AOA 2.0! Sending identification to the device  sending manufacturer: Konstantin Menyaev  sending model: SimpleRT  sending description: Simple Reverse Tethering  sending version: 1.0  sending url: https://github.com/vvviperrr/SimpleRT  sending serial number: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx Turning the device in Accessory mode Found accessory xxxx:xxxx accessory connected! libusb callback deregistered! Unknown command: linux-tun1 Unable set iface tun1 up 

What am I missing to get SimpleRT to work ? Thanks in advance.