Search code examples
apachenginxnginx-reverse-proxy

How enable css and pictures via nginx proxy from apache + python service

I have a local service with name service1.mydomain.local (apache + php) Everything works as designed in internal network. I need to have same service from outside via name service1.mydomain.com

I also have nginx proxy as main http server in the network. A lot of resources works fine via it.

The best configuraton I have for this particular case doesn't show css and pictures. Please help to fix css and pictures.

Nginx

`server {
listen 80;
server_name service1.mydomain.com;
include snippets/letsencrypt.conf;

location / {
    return 301 https://$server_name$request_uri;
}
}

server {
listen 443 ssl http2;
server_name service1.mydomain.com;
include snippets/letsencrypt.conf;

ssl_certificate /etc/letsencrypt/live/service1.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/service1.mydomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/service1.mydomain.com/chain.pem;

access_log /var/log/nginx/service1.access.log;
error_log /var/log/nginx/service1.error.log info;

location / {
    try_files $uri $uri/ /index.php?/$request_uri; #/index.php$args;
}

location ~ \.php$ {
proxy_pass http://service1.mydomain.local:80;
proxy_set_header Host service1.mydomain.local;  #$host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

location ~ /\. {
             deny all;
    }

}`

Apache

`<VirtualHost *:80>
    ServerName service1.mydomain.local

    DocumentRoot /usr/share/self-service-password/htdocs
    DirectoryIndex index.php

    AddDefaultCharset UTF-8

    <Directory /usr/share/self-service-password/htdocs>
        AllowOverride None
        <IfVersion >= 2.3>
            Require all granted
        </IfVersion>
        <IfVersion < 2.3>
            Order Deny,Allow
            Allow from all
        </IfVersion>
    </Directory>

    Alias /rest /usr/share/self-service-password/rest

    <Directory /usr/share/self-service-password/rest>
        AllowOverride None
        <IfVersion >= 2.3>
            Require all denied
        </IfVersion>
        <IfVersion < 2.3>
            Order Deny,Allow
            Deny from all
        </IfVersion>
    </Directory>

    LogLevel warn
    ErrorLog /var/log/apache2/ssp_error.log
    CustomLog /var/log/apache2/ssp_access.log combined
</VirtualHost>`

internal network answer - correct external network answer - incorrect

Solution

  • Inside your nginx configuration the following part might be a problem:

    location ~ \.php$ {
  proxy_pass http://service1.mydomain.local:80;
  proxy_set_header Host service1.mydomain.local;  #$host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
}

location ~ /\. {
  deny all;
}

    That basically means, that you only proxy requests ending on php and deny all other requests.

    Maybe try changing location ~ \.php$ { to location ~* \.(png|ico|gif|jpg|jpeg|css|js|php)$ {. Those endings are just an example, you can allow which ones you want to.