como fazer proxy reverso nginx \ redirecionar subdomínio para subdiretório?

como fazer proxy reverso nginx \ redirecionar subdomínio para subdiretório?

Tenho um boletim informativo sub-pilha com um registro CNAME apontando paranewsletter.identosphere.net

Quero que esse conteúdo seja exibido identosphere.net/newsletterpara que o usuário possa acessar cada boletim informativo como parte do meu site principal:

identosphere.net/newsletter/issue-13/deve exibir conteúdo denewsletter.identosphere.net/issue-13/

Além disso,se possível(seja por nginx ou DNS)Quero redirecionar o tráfego do subdomínio para sua pasta no domínio raiz.

No momento estou usando:

location /newsletter/ {
    proxy_pass        http://newsletter.identosphere.net/;
    access_log /var/log/nginx/reverse-access.log;
    error_log /var/log/nginx/reverse-error.log;
}

O que acontece com esta configuração:

Eu digitohttps://identosfera.net/newslettere sou redirecionado parahttps://newsletter.identosphere.net/


Conforme solicitado por@ppuschmann, estou postando o resto da minha configuração do nginx.

O que não mencionei é que estou usandoMailInABoxé um serviço de e-mail auto-hospedado que inclui um servidor web e DNS.

Principalmente, as personalizações são feitas via GUI. Estou usando um recurso não suportado que permite alguma personalização da sua configuração, mas não da configuração principal, que é atualizada regularmente. Aparentemente, não consigo adicionar blocos de servidor à minha "configuração do usuário nginx", apenas blocos de localização.

Neste ponto, não espero resolver isso, mas, se possível, gostaria de determinar como o DNS (NSD) o redirecionamento está definido, impedindo meu proxy reverso.

Aqui está a configuração do NGINX

Conforme declarado nos comentários, não posso editar este arquivo, mas posso adicionar instruções por meio de uma configuração localizada em outro lugar.

/etc/nginx/conf.d/local.conf

## NOTE: This file is automatically generated by Mail-in-a-Box.
##       Do not edit this file. It is continually updated by
##       Mail-in-a-Box and your changes will be lost.
##
##       Mail-in-a-Box machines are not meant to be modified.
##       If you modify any system configuration you are on
##       your own --- please do not ask for help from us.

upstream php-fpm {
    server unix:/var/run/php/php7.4-fpm.sock;
}
## identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/ssl_certificate.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/identosphere.net.conf;
    
    # Control Panel
    # Proxy /admin to our Python based control panel daemon. It is
    # listening on IPv4 only so use an IP address and not 'localhost'.
    location /admin/assets {
        alias /usr/local/lib/mailinabox/vendor/assets;
    }
    rewrite ^/admin$ /admin/;
    rewrite ^/admin/munin$ /admin/munin/ redirect;
    location /admin/ {
        proxy_pass http://127.0.0.1:10222/;
        proxy_set_header X-Forwarded-For $remote_addr;
        add_header X-Frame-Options "DENY";
        add_header X-Content-Type-Options nosniff;
        add_header Content-Security-Policy "frame-ancestors 'none';";
    }

    # Roundcube Webmail configuration.
    rewrite ^/mail$ /mail/ redirect;
    rewrite ^/mail/$ /mail/index.php;
    location /mail/ {
        index index.php;
        alias /usr/local/lib/roundcubemail/;
    }
    location ~ /mail/config/.* {
        # A ~-style location is needed to give this precedence over the next block.
        return 403;
    }
    location ~ /mail/.*\.php {
        # note: ~ has precendence over a regular location block
        include fastcgi_params;
        fastcgi_split_path_info ^/mail(/.*)()$;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }

    # Nextcloud configuration.
    rewrite ^/cloud$ /cloud/ redirect;
    rewrite ^/cloud/$ /cloud/index.php;
    rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect;
    rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
    rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
    location /cloud/ {
        alias /usr/local/lib/owncloud/;
        location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
            deny all;
        }
        location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        # Enable paths for service and cloud federation discovery
        # Resolves warning in Nextcloud Settings panel
        location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
            index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
            fastcgi_pass php-fpm;
        }
    }
    location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
        # note: ~ has precendence over a regular location block
        # Accept URLs like:
        # /cloud/index.php/apps/files/
        # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d)
        # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240)
        # /cloud/remote.php/webdav/yourfilehere...
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
        fastcgi_param SCRIPT_NAME $1$2;
        fastcgi_param PATH_INFO $3;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
        fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel;
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;
        client_max_body_size 1G;
        fastcgi_buffers 64 4K;
    }
    location ^~ /owncloud-xaccel/ {
        # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file
        # path on disk as a subdirectory under this virtual path.
        # We must only allow 'internal' redirects within nginx so that the filesystem
        # is not exposed to the world.
        internal;
        alias /;
    }
    location ~ ^/((caldav|carddav|webdav).*)$ {
        # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
        # Properly proxying like this seems to work fine.
        proxy_pass https://127.0.0.1/cloud/remote.php/$1;
    }
    rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
    rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## autoconfig.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name autoconfig.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://autoconfig.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name autoconfig.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/autoconfig.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## autodiscover.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name autodiscover.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://autodiscover.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name autodiscover.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/autodiscover.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## mta-sts.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name mta-sts.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://mta-sts.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name mta-sts.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/mta-sts.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## www.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name www.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://www.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    rewrite ^(.*) https://identosphere.net$1 permanent;
}

Responder1

Você precisa pelo menos definir:

proxy_set_header Host newsletter.identosphere.net;

Isso envia o cabeçalho correto Hostpara o servidor upstream, que pode estar configurado para enviar redirecionamentos quando houver um Hostcabeçalho incorreto na solicitação.

Responder2

Você poderia usar um bloco de servidor dentro da configuração do Nginx e, em seguida, usar o proxy reverso. Permite até um redirecionamento de porta, o que é simplesmente fantástico.

Aqui está um trecho sobre um site ativo, do meu arquivo de configuração em /etc/nginx/sites-available/default:

server {
    server_name   wows-karma.com www.wows-karma.com;
    location / {
        proxy_pass         http://localhost:5021;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

server {
    server_name   api.wows-karma.com;
    location / {
        proxy_pass         http://localhost:5020/api/;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

Este exemplo (que, a propósito, é um site real, ativo e funcional) deve ser material suficiente para cobrir seu caso de uso. Sugiro que você siga o exemplo da API e adapte-o às suas necessidades.

Ah, e também, o Proxy Reverso também funciona em destinos remotos, não apenas locais. Pense nas possibilidades...

informação relacionada