nginx reverse proxy to mongodb rest interface

mongodb nginx reverse-proxy

I'm trying to set up a reverse proxy with HTTP auth that proxies MongoDB's REST interface. So far, I've got this:

server {
        listen 80;
        server_name tld.example.com;
        charset utf-8;
        access_log /home/jill/logs/nginx.access.log main;

        # Redirect all HTTP traffic to HTTPS URL
        rewrite ^(.*) https://tld.example.com$1 permanent;
}

server {
        listen 443;
        server_name tld.example.com;

        ssl on;
        ssl_prefer_server_ciphers on;
        ssl_protocols           TLSv1 SSLv3;
        ssl_ciphers             HIGH:!ADH:!MD5:@STRENGTH;
        ssl_session_cache       shared:TLSSL:16m;
        ssl_session_timeout     10m;
        ssl_certificate /path/to/cert/tld.example.com.bundle.crt;
        ssl_certificate_key /path/to/cert/tld.example.com.key;

        gzip on;
        gzip_vary on;
        gzip_comp_level 6;

        keepalive_timeout 300;
        keepalive_requests 500;

        location / {
                proxy_pass https://127.0.0.1:28017;

                proxy_redirect     off;

                proxy_max_temp_file_size 0;

                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;

                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;

                add_header Cache-Control no-cache;

        }

        auth_basic "Restricted area";
        auth_basic_user_file /path/to/password/file;
}

This doesn't work (obviously), and results in a gateway timeout. I can otherwise access the REST interface locally from within the server with curl localhost:28017 and similar.

What am I doing wrong?


Solution 1:

Given the fact that curl localhost:28017 works, I assume the REST interface speaks HTTP and not HTTPS.

Change the following line

proxy_pass https://127.0.0.1:28017;

With this one

proxy_pass http://127.0.0.1:28017;

Solution 2:

To offer an alternative solution from the MongoDB side of things (if you wanted to use HTTPS end to end), you can enable SSL in MongoDB:

http://docs.mongodb.org/manual/administration/ssl/

You can also see my previous answer here regarding using SSL with MongoDB for some more details:

https://serverfault.com/a/376598/108132

Enabling SSL also enables it on the REST interface. Just to be sure I tested it using an SSL enabled build on the default ports:

curl -I -k https://127.0.0.1:28017
HTTP/1.0 200 OK
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 21343

The -k is necessary because I am using a self-signed cert for my testing.

Related

What is the best way to compress backend to nginx reverse proxy data?
virtualbox view guest port 80 on host port 80
atos and dwarfdump won't symbolicate my address
UIWebView - Enabling Action Sheets on <img> tags
Using accelerometer, gyroscope and compass to calculate device's movement in 3D world
How to write my C++ function so I can call it from C#?
Apache + Tomcat: Using mod_proxy instead of AJP
Android : Semi Circle Progress Bar
JavaScript validation issue with international characters
Spring Partial Update Object Data Binding
How to use Imagick to merge and mask images?
Bootstrap-UI Typeahead display more than one property in results list?