'Nginx returns web requests with internal IP address

I am deploying InvenioRDM as local. Here is a gist of the limitations.

  • InvenioRDM as local instance for prototyping
  • Application is strictly IP address and port bound
  • Aim is to link IP to URL in a seamless manner

The work so far:

  • InvenioRDM local instance exposes application frontend only

  • Approaches:

  • i) Mimic production: The Nginx configuration was initially setup that mirrored the production. The production environment is purely containers. Very complex so i decided to try a simpler approach.

  • ii) Transparent Proxy: Use Nginx to pass on everything and replace the URLs at ingress (proxy_pass) and egress (proxy_redirect). The benefit is to simplify the web server configuration as the application does handle http requests.

My default.conf is as follows.

# HTTP server
server {
  # Redirects all requests to https. - this is in addition to HAProxy which
  # already redirects http to https. This redirect is needed in case you access
  # the server directly (e.g. useful for debugging).
  listen 80; # IPv4
  server_name server.name;
  return 301 https://$host$request_uri;
}

#HTTPS Server
server {

    listen 443 ssl;
    server_name server.name;
    charset utf-8;
    keepalive_timeout 5;

    ssl_certificate           /etc/ssl/test.crt;
    ssl_certificate_key       /etc/ssl/test.key;

    ssl_session_cache  builtin:1000  shared:SSL:50m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AE$
    #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/access.log;

    proxy_request_buffering off;
    proxy_http_version 1.1;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          https://127.0.0.1:5000;
      proxy_read_timeout  90;

      proxy_redirect      https://127.0.0.1:5000 https://server.name; 
    }
  }

My issue is that when accessing publicly on the IP address server.name (hidden for obvious reasons), it returns with the internal Class A IP address (10.X.X.X) of the machine which is offcourse not accessible publicaly. What am I missing here.

I am new to this, and I am at my wits end.

nginxnginx-reverse-proxynginx-config


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Nginx getting the event "ngx_master_****" was not signaled for 5s

Valid characters in nginx upstream name

Nginx proxy_pass with $remote_addr

Nginx the event was not signaled for 5s

how to serve static files through nginx and django in windows

The Streamlit app stops with "Please wait... " and then stops

The Streamlit app stops with "Please wait... " and then stops

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Locate the nginx.conf file my nginx is actually using

Angular SPA with Custom --base-href and Nginx Routing

What does "trust proxy" actually do in express.js, and do I need to use it?

Nginx ingress controller not giving metrics for prometheus

(13: Permission denied) while connecting to upstream:[nginx]

Ubuntu Nginx/Laravel 500 Internal Server Error