Hide path to backend with Nginx

nginx rewrite

I have OpenNMS running on host B-beta with the following URL:

http://b-beta:8980/opennms

I would like to use NginX to hide this path accessible from host a-alpha like this:

https://a-alpha/omber/nms

So I guess what I need is to rewrite requests send to the backend to change the path from /omber/nms to /opennms - but without it being visible to the user - is that something that can be done?

The HTTPS works fine already.


Solution 1:

The first step is to proxy requests from Nginx to your other server. On a-alpha:

location /ombre/nms {
    proxy_pass http://b-beta:8980/opennms
}

From here, the remaining configurations are very dependant on the functioning of OpenNMS (which I am not familiar with).

The next part is dealing with redirects. If the requests are coming from the client side (e.g. your forms POST to a URL on b-beta or you have links pointing to b-beta), then you need to resolve those separately from Nginx. Keep in mind that the browser is unaware of the proxy - so it will send requests without modification to the server.

If you look look at the OpenNMS login page (for instance, the live demo). The login form POSTs to opennms/j_spring_security_check. A successful login results in:

  • a 302 redirect to opennms, followed by
  • a 302 redirect to opennms/frontPage.htm followed by
  • a 302 redirect to opennms/index.jsp.

Using Nginx, you cannot (easily) change the path the form POSTs to (that is probably an OpenNMS configuration option though), but you can change the redirects that are returned back the browser. There are some directives to consider:

proxy_redirect: If you need to modify the redirect (i.e. location header) being returned to the browser

proxy_redirect http://b-beta:8980/opennms/ http://a-alpha/ombre/nms/;

This should be equivalent to proxy_redirect default if contained in the location block above.

rewrite ... break: If you need to modify the path that is being sent to opennms (break means that only the current location block will be processed).

rewrite /ombre/nms/a/(.*) /opennms/b/$1 break;

proxy_set_header: if you need to modify some of the headers being sent to the backend.

By default, Nginx will set the Host header to $proxy_host. If you setup OpenNMS on b-beta to act as if it was running on a-alpha (e.g. tell it that the domain is that of a-alpha, setup server blocks matching a-alpha, etc) then you will need to pass the Host header as it is received by a-alpha instead of letting Nginx modify it:

proxy_set_header Host $host;

Related

Creating a private network for two VMs
text compression in postfix
sftp vs ftps, securing SSH and virtual users vsftpd
Setting passenger with Apache virtual hosts?
Disabling Specific Options in Outlook 2010 through Group Policy?
Can nginx be an mail proxy for a backend server that does not accept cleartext logins?
Sending content of a file in Expect
Nagios performance graphs
Hardware/topology recommendations for low latency UDP network
Postfix cleanup daemon access control
com.google.android.gms.common.internal.safe parcel.safe parcelable not found
What is the difference between a fluent interface and the Builder pattern?