nginx proxypass rewrite base url

nginx reverse-proxy rewrite

I'm trying to setup Nginx to forward requests to several backend services using proxy_pass.

A few of them don't support being accessed under a sub-folder, so I have to add a rewrite to strip the sub-folder which is appended to allow access to them all from the same port.

Any tips on improving the rewrite?

Curl output;

:~$ curl -I -k https://example.net/internal
HTTP/1.1 404 Not Found
Server: nginx/1.0.5
Date: Thu, 19 Jan 2012 22:30:46 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Content-Length: 145

:~$ curl -I -k https://example.net/internal/
HTTP/1.1 200 OK
Server: nginx/1.0.5
Date: Thu, 19 Jan 2012 22:31:12 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 1285
Accept-Ranges: bytes
Last-Modified: Wed, 18 Jan 2012 01:35:21 GMT

Config files;

proxy.conf

location /internal {
    rewrite           ^/internal/(.*) /$1 break;
    proxy_pass        http://localhost:8081/internal;
    include proxy.inc;
}
.... more entries ....

sites-enabled/main

server {
    listen 443;

    server_name example.com;
    server_name_in_redirect off;

    include proxy.conf;

    ssl on;
}

proxy.inc

proxy_connect_timeout   59s;
proxy_send_timeout      600;
proxy_read_timeout      600;
proxy_buffer_size       64k;
proxy_buffers           16 32k;
proxy_pass_header       Set-Cookie;
proxy_redirect          off;
proxy_hide_header       Vary;

proxy_busy_buffers_size         64k;
proxy_temp_file_write_size      64k;

proxy_set_header        Accept-Encoding         '';
proxy_ignore_headers    Cache-Control           Expires;
proxy_set_header        Referer                 $http_referer;
proxy_set_header        Host                    $host;
proxy_set_header        Cookie                  $http_cookie;
proxy_set_header        X-Real-IP               $remote_addr;
proxy_set_header        X-Forwarded-Host        $host;
proxy_set_header        X-Forwarded-Server      $host;
proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
proxy_set_header        X-Forwarded-Ssl         on;
proxy_set_header        X-Forwarded-Proto       https;

We could turn your rewrite a lot uglier to account for that string (/internal) without allowing unintended matches.. (if you're inclined, you'll want ((?:/.*|)) where your slash is or a similar beast) but ugly is less maintainable.

I'm inclined to say just do this:

location /internal {
    rewrite           ^/internal$ https://example.net/internal/ permanent;
    rewrite           ^/internal/(.*) /$1 break;
    proxy_pass        http://localhost:8081/internal;
    include proxy.inc;
}

Related

How do I reissue machine certificates for my Active Directory members now that I have a private CA?
ZFS RaidZ Import Failure when migrating
Setting properties in chef-client.rb
Rejecting unlisted senders in Postfix
Wireshark - Filter for Inbound HTTP Requests on Port 80 Only
Grep and xargs: File name too long
Why has my auth.log file emptied - is this normal?
Robocopy falsely marks files as newer
openssl req sets wrong "not after" date (overflow bug?)
389 Directory Server Administrative Limit Exceeded error?
Internet explorer - SID S-1-5-5-0-348885
Nagios custom variables for object inheritance