nginx リバース プロキシを使用してサブドメインをサブディレクトリにリダイレクトする方法は?

nginx リバース プロキシを使用してサブドメインをサブディレクトリにリダイレクトする方法は?

私はサブスタックニュースレターを持っていますが、CNAMEレコードは次のようになっていますnewsletter.identosphere.net

identosphere.net/newsletterユーザーがメイン サイトの一部として各ニュースレターにアクセスできるように、そのコンテンツを表示したいと考えています。

identosphere.net/newsletter/issue-13/コンテンツを表示する必要がありますnewsletter.identosphere.net/issue-13/

さらに、もし可能なら(nginx または dns による)サブドメインのトラフィックをルートドメインのフォルダにリダイレクトしたい

現在使用しているのは:

location /newsletter/ {
    proxy_pass        http://newsletter.identosphere.net/;
    access_log /var/log/nginx/reverse-access.log;
    error_log /var/log/nginx/reverse-error.log;
}

この設定で何が起こるか:

私はタイプするhttps://identosphere.net/ニュースレターそしてリダイレクトされますhttps://newsletter.identosphere.net/


ご要望に応じて翻訳者残りの nginx 設定を投稿します。

私が言及しなかったのは、私が使用しているメールインアボックスこれは、Web サーバーと DNS を含むセルフホスト型の電子メール サービスです。

カスタマイズは主に GUI 経由で行われます。私は、定期的に更新されるメイン構成ではなく、構成の一部をカスタマイズできるサポートされていない機能を使用しています。どうやら、"nginx user-config" にサーバー ブロックを追加できず、場所ブロックのみ追加できるようです。

現時点では、この問題を解決するつもりはありませんが、可能であれば、DNS(NSDA の) リダイレクトが設定されているため、リバース プロキシが妨げられています。

NGINXの設定はこちら

コメントに記載されているように、このファイルを編集することはできませんが、他の場所にある構成を介して指示を追加することはできます。

/etc/nginx/conf.d/local.conf

## NOTE: This file is automatically generated by Mail-in-a-Box.
##       Do not edit this file. It is continually updated by
##       Mail-in-a-Box and your changes will be lost.
##
##       Mail-in-a-Box machines are not meant to be modified.
##       If you modify any system configuration you are on
##       your own --- please do not ask for help from us.

upstream php-fpm {
    server unix:/var/run/php/php7.4-fpm.sock;
}
## identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/ssl_certificate.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/identosphere.net.conf;
    
    # Control Panel
    # Proxy /admin to our Python based control panel daemon. It is
    # listening on IPv4 only so use an IP address and not 'localhost'.
    location /admin/assets {
        alias /usr/local/lib/mailinabox/vendor/assets;
    }
    rewrite ^/admin$ /admin/;
    rewrite ^/admin/munin$ /admin/munin/ redirect;
    location /admin/ {
        proxy_pass http://127.0.0.1:10222/;
        proxy_set_header X-Forwarded-For $remote_addr;
        add_header X-Frame-Options "DENY";
        add_header X-Content-Type-Options nosniff;
        add_header Content-Security-Policy "frame-ancestors 'none';";
    }

    # Roundcube Webmail configuration.
    rewrite ^/mail$ /mail/ redirect;
    rewrite ^/mail/$ /mail/index.php;
    location /mail/ {
        index index.php;
        alias /usr/local/lib/roundcubemail/;
    }
    location ~ /mail/config/.* {
        # A ~-style location is needed to give this precedence over the next block.
        return 403;
    }
    location ~ /mail/.*\.php {
        # note: ~ has precendence over a regular location block
        include fastcgi_params;
        fastcgi_split_path_info ^/mail(/.*)()$;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }

    # Nextcloud configuration.
    rewrite ^/cloud$ /cloud/ redirect;
    rewrite ^/cloud/$ /cloud/index.php;
    rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect;
    rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
    rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
    location /cloud/ {
        alias /usr/local/lib/owncloud/;
        location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
            deny all;
        }
        location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        # Enable paths for service and cloud federation discovery
        # Resolves warning in Nextcloud Settings panel
        location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
            index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
            fastcgi_pass php-fpm;
        }
    }
    location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
        # note: ~ has precendence over a regular location block
        # Accept URLs like:
        # /cloud/index.php/apps/files/
        # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d)
        # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240)
        # /cloud/remote.php/webdav/yourfilehere...
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
        fastcgi_param SCRIPT_NAME $1$2;
        fastcgi_param PATH_INFO $3;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
        fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel;
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;
        client_max_body_size 1G;
        fastcgi_buffers 64 4K;
    }
    location ^~ /owncloud-xaccel/ {
        # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file
        # path on disk as a subdirectory under this virtual path.
        # We must only allow 'internal' redirects within nginx so that the filesystem
        # is not exposed to the world.
        internal;
        alias /;
    }
    location ~ ^/((caldav|carddav|webdav).*)$ {
        # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
        # Properly proxying like this seems to work fine.
        proxy_pass https://127.0.0.1/cloud/remote.php/$1;
    }
    rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
    rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## autoconfig.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name autoconfig.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://autoconfig.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name autoconfig.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/autoconfig.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## autodiscover.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name autodiscover.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://autodiscover.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name autodiscover.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/autodiscover.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## mta-sts.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name mta-sts.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://mta-sts.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name mta-sts.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/mta-sts.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## www.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name www.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://www.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    rewrite ^(.*) https://identosphere.net$1 permanent;
}

答え1

少なくとも以下を設定する必要があります:

proxy_set_header Host newsletter.identosphere.net;

これにより、正しいHostヘッダーがアップストリーム サーバーに送信されます。アップストリーム サーバーは、Hostリクエストに誤ったヘッダーがある場合にリダイレクトを送信するように構成されている可能性があります。

答え2

Nginx 構成内でサーバー ブロックを使用して、リバース プロキシを使用することもできます。ポートのリダイレクトも可能で、非常に便利です。

以下は、私の設定ファイルからのライブ Web サイトに関する抜粋です/etc/nginx/sites-available/default

server {
    server_name   wows-karma.com www.wows-karma.com;
    location / {
        proxy_pass         http://localhost:5021;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

server {
    server_name   api.wows-karma.com;
    location / {
        proxy_pass         http://localhost:5020/api/;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

この例 (ちなみに、これは実際に稼働している Web サイトです) は、ユースケースをカバーするのに十分な資料です。API の例に従って、ニーズに合わせて調整することをお勧めします。

ああ、また、リバース プロキシはローカルだけでなくリモートの宛先でも機能します。可能性について考えてみてください...

関連情報