Perl programmer for hire: download my resume (PDF).
John Bokma's Hacking & Hiking

Proxying multiple locations with NGINX

March 4, 2019

Yesterday a customer from Japan contacted me if he could test the Perl application I had written on a test server on the Internet first. Since I had already the application running in a virtual machine on my 2014 Mac mini I decided to create a reverse tunnel and proxy to it from an existing site instead of setting up a whole new site on a VPS.

The application used the board and uploads paths which don't conflict with the online site. And the few files that I needed to have in the document root for this application to work don't conflict either.

I used scp to upload the .htaccess, CSS stylesheet, and a JavaScript file to the document root of the site. Next I used vi to open virtual.conf located in /etc/nginx/conf.d and added the location section given below:

server {


    location ~ /(board|uploads)/ {
        proxy_pass          http://localhost:8080;
        proxy_set_header    Host             $host;
        proxy_set_header    X-Real-IP        $remote_addr;
        proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header    X-Client-Verify  SUCCESS;
        proxy_set_header    X-Client-DN      $ssl_client_s_dn;
        proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
        proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
        proxy_read_timeout 30;
        proxy_connect_timeout 30;

Since I want to proxy multiple locations I used a regular expression which matches both /board/ and /uploads/.

On the VPS I restarted the NGINX webserver. Now, requests to both /board/ and /uploads/ are proxied to port 8080 on the VPS itself. Of course there was yet no process listening on localhost:8080 so opening in a browser resulted in a "502 Bad Gateway" error message being displayed.

In order to glue the pieces together a reverse tunnel had to be created on the virtual machine running the developed Perl application to the website on the VPS:

ssh -f -N -R 8080:localhost:8080

Being a reverse tunnel this makes that requests to on the Internet are proxied to http://localhost:8080/board/ on the virtual machine.


Tunneling an API callback to development