MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    MagicMirror behind a NGinx Reverse Proxy

    Scheduled Pinned Locked Moved Solved Troubleshooting
    17 Posts 3 Posters 34.6k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sdetweil
      last edited by

      I would also try

      https://192.168.10.10/mmirror

      and see if that works (no redirect)
      this will test the certs and the passthru config

      Sam

      How to add modules

      learning how to use browser developers window for css changes

      1 Reply Last reply Reply Quote 0
      • E Offline
        ember1205
        last edited by

        Firstly, do you really want to put your mirror behind a piece of software developed by the Russians, released into Open Source, then claimed by another Russian Company as “theirs” after it was purchased out by a commercial entity (F5)? If you need a reverse proxy, you’re likely to have all that you need from a simply Apache setup.

        Second - you will need to ensure that all of your rewrite rules take into account the back-end port along with the front-end port information as well as specific host name rules.

        For example:

        If your MM is 192.168.1.10 and you have a system running reverse proxy with a VIP on 192.168.1.50, you will need to decide if you’re going to continue using port 8080 on the front-end or if you want to fall back to standard port 80 (or even tie it up with a certificate on 443 with HTTPS/SSL).

        In other words, you could be doing client to proxy as 192.168.1.100 -> http://192.168.1.50 or 192.168.1.100 -> http://192.168.1.50:8080 or 192.168.1.100 -> https://192.168.1.50 or something else entirely.

        After you have decided how you’re handling the front end, you then need to ensure that you’re rewriting ALL of that as it passes through the proxy to/from http://192.168.1.10:8080

        You ALSO need to ensure that you have updated the configuration on MM to allow connections from off-box IP’s. Specifically, unless you are forcing the use of the original source IP, connections to the mirror should be coming from the system running your proxy and THAT address needs to have access to the web server on the mirror.

        1 Reply Last reply Reply Quote 0
        • F Offline
          fbr1969 @sdetweil
          last edited by fbr1969

          @sdetweil @ember1205 Thank for your help.
          I made a mistake ! My error is 404 (Cannot GET /mmirror)

          I forgot to say :

          • My nginx server is fully fonctional with some other locations I’ve masqued in my exemple of configuration files… Like that :
              # Proxy to the Airsonic server
              location /airsonic {
                  proxy_set_header X-Real-IP         $remote_addr;
                  proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto https;
                  proxy_set_header X-Forwarded-Host  $http_host;
                  proxy_set_header Host              $http_host;
                  proxy_max_temp_file_size           0;
                  proxy_pass                         http://192.168.10.30:8080/airsonic;
                  proxy_redirect                     http:// https://;
              }
          
              location /calilivre {
                  proxy_bind              $server_addr;
                  proxy_pass              http://192.168.10.20:8080;
                  proxy_set_header        Host            $http_host;
                  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header        X-Forwarded-Host $server_name;
                  proxy_set_header        X-Scheme        $scheme;
                  proxy_set_header        X-Script-Name   /calilivre;  # IMPORTANT: path has NO trailing slash
              }
          
              location /calibd {
                  proxy_bind              $server_addr;
                  proxy_pass              http://192.168.10.50:8080;
                  proxy_set_header        Host            $http_host;
                  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header        X-Scheme        $scheme;
                  proxy_set_header        X-Script-Name   /calibd;  # IMPORTANT: path has NO trailing slash
              }
          
              location /mmirror {
                  proxy_bind              $server_addr;
                  proxy_pass              http://192.168.10.60:8080;
                  proxy_set_header        Host            $http_host;
                  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header        X-Scheme        $scheme;
                  proxy_set_header        X-Script-Name   /;  # IMPORTANT: path has NO trailing slash
              }
          

          So, airsonic, calibd or calilivre are fully fonctional in http (redirect to https) or https.
          My 'domainename (ex:domain.com) is resolved by dns.
          I can do my test on my private lan or on Internet. I’ve the same result (502 Bad Gateway).
          Look the curl result :

          curl -iL http://192.168.10.10/mmirror
          HTTP/1.1 301 Moved Permanently
          Server: nginx/1.14.2
          Date: Mon, 23 Dec 2019 18:14:36 GMT
          Content-Type: text/html
          Content-Length: 185
          Connection: keep-alive
          Location: https://[MyDomain]/mmirror
          
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.2
          Date: Mon, 23 Dec 2019 18:14:36 GMT
          Content-Type: text/html; charset=utf-8
          Content-Length: 146
          Connection: keep-alive
          X-DNS-Prefetch-Control: off
          X-Frame-Options: SAMEORIGIN
          Strict-Transport-Security: max-age=15552000; includeSubDomains
          X-Download-Options: noopen
          X-Content-Type-Options: nosniff
          X-XSS-Protection: 1; mode=block
          Content-Security-Policy: default-src 'self'
          
          <!DOCTYPE html>
          <html lang="en">
          <head>
          <meta charset="utf-8">
          <title>Error</title>
          </head>
          <body>
          <pre>Cannot GET /mmirror</pre>
          </body>
          </html>
          

          I think I have some problems with some "proxy_set_header " rules.

          Best regards

          F E 2 Replies Last reply Reply Quote 0
          • F Offline
            fbr1969 @fbr1969
            last edited by

            @fbr1969
            And yes, Magicmirror is fonctional in direct connection with : http://192.168.10.60:8080

            1 Reply Last reply Reply Quote 0
            • E Offline
              ember1205 @fbr1969
              last edited by

              @fbr1969 said in MagicMirror behind a NGinx Reverse Proxy:

              @sdetweil @ember1205 Thank for your help.

              I forgot to say :

              • My nginx server is fully fonctional with some other locations I’ve masqued in my exemple of configuration files… Like that :
              location /mmirror {
                  proxy_bind              $server_addr;
                  proxy_pass              http://192.168.10.60:8080;
                  proxy_set_header        Host            $http_host;
                  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header        X-Scheme        $scheme;
                  proxy_set_header        X-Script-Name   /;  # IMPORTANT: path has NO trailing slash
              }
              

              I think I have some problems with some "proxy_set_header " rules.

              It appears that your X-Script-Name IS setting a trailing slash and isn’t inserting / removing mmirror. Shouldn’t that last line be

                   proxy_set_header        X-Script-Name   /mmirror;  # IMPORTANT: path has NO trailing slash
              

              ??

              S 1 Reply Last reply Reply Quote 0
              • S Offline
                sdetweil @ember1205
                last edited by

                @ember1205 its pretty clear tho

                curl -iL http://192.168.10.10/mmirror
                HTTP/1.1 301 Moved Permanently
                Server: nginx/1.14.2
                Date: Mon, 23 Dec 2019 18:14:36 GMT
                Content-Type: text/html
                Content-Length: 185
                Connection: keep-alive
                Location: https://[MyDomain]/mmirror
                
                HTTP/1.1 404 Not Found
                Server: nginx/1.14.2
                Date: Mon, 23 Dec 2019 18:14:36 GMT
                Content-Type: text/html; charset=utf-8
                Content-Length: 146
                Connection: keep-alive
                X-DNS-Prefetch-Control: off
                X-Frame-Options: SAMEORIGIN
                Strict-Transport-Security: max-age=15552000; includeSubDomains
                X-Download-Options: noopen
                X-Content-Type-Options: nosniff
                X-XSS-Protection: 1; mode=block
                Content-Security-Policy: default-src 'self'
                
                Error
                <pre>Cannot GET /mmirror</pre>
                
                Cannot GET /mmirror

                because that is on the client issuing the curl command, url with no ip address is same as localhost

                what is this??
                Location: https://[MyDomain]/mmirror

                again this should be server.mydomain

                if u go to client and do an nslookup domain.com
                u will get an error
                ping domain.com will fail

                Sam

                How to add modules

                learning how to use browser developers window for css changes

                E 1 Reply Last reply Reply Quote 0
                • E Offline
                  ember1205 @sdetweil
                  last edited by

                  @sdetweil said in MagicMirror behind a NGinx Reverse Proxy:

                  @ember1205 its pretty clear tho

                  curl -iL http://192.168.10.10/mmirror
                  HTTP/1.1 301 Moved Permanently
                  Server: nginx/1.14.2
                  Date: Mon, 23 Dec 2019 18:14:36 GMT
                  Content-Type: text/html
                  Content-Length: 185
                  Connection: keep-alive
                  Location: https://[MyDomain]/mmirror
                  
                  HTTP/1.1 404 Not Found
                  Server: nginx/1.14.2
                  Date: Mon, 23 Dec 2019 18:14:36 GMT
                  Content-Type: text/html; charset=utf-8
                  Content-Length: 146
                  Connection: keep-alive
                  X-DNS-Prefetch-Control: off
                  X-Frame-Options: SAMEORIGIN
                  Strict-Transport-Security: max-age=15552000; includeSubDomains
                  X-Download-Options: noopen
                  X-Content-Type-Options: nosniff
                  X-XSS-Protection: 1; mode=block
                  Content-Security-Policy: default-src 'self'
                  
                  Error
                  <pre>Cannot GET /mmirror</pre>
                  
                  Cannot GET /mmirror

                  because that is on the client issuing the curl command, url with no ip address is same as localhost

                  what is this??
                  Location: https://[MyDomain]/mmirror

                  again this should be server.mydomain

                  if u go to client and do an nslookup domain.com
                  u will get an error
                  ping domain.com will fail

                  He stated that he is masking details of what he’s posting, so it’s definitely something to check.

                  However…

                  The error is delivered from nginx

                  Server: nginx/1.14.2
                  

                  Which means that it isn’t attempting to retrieve the URL from localhost.

                  The missing directive that I mentioned prior is where I believe the issue is… The client IS connecting and requesting /mmirror, but that is not defined on the nginx host. As a result, it’s being processed by the default host configured there which will be on a different back-end server and that server does not have a /mmirror path available to serve. So, 404.

                  S 1 Reply Last reply Reply Quote 0
                  • S Offline
                    sdetweil @ember1205
                    last edited by sdetweil

                    @ember1205 said in MagicMirror behind a NGinx Reverse Proxy:

                    but that is not defined on the nginx host.

                    but it is as a server entry in the nginx.conf

                    I have just set one up and see the same…

                    but the proxy doesn’t explicitly ask to pass the uri too

                    Sam

                    How to add modules

                    learning how to use browser developers window for css changes

                    S 1 Reply Last reply Reply Quote 0
                    • S Offline
                      sdetweil @sdetweil
                      last edited by

                      @ember1205 so, if u take off the mmirror part of the 1st server and use the / location to proxy pass it works, so you are correct… it passed the uri portion along too…

                      Sam

                      How to add modules

                      learning how to use browser developers window for css changes

                      1 Reply Last reply Reply Quote 0
                      • E Offline
                        ember1205
                        last edited by

                        When using a proxy server like this, it functions mostly like a content switch. In other words, you can redirect specific paths to different back-end hosts - this is commonly done when you have different servers holding different kinds of content.

                        When you have a VIP acting as a Content Switch, anything not explicitly defined for a particular path will be handled by the default VIP. In this case, he has not actually defined the /mmirror path, so appending that to his domain will result in the DEFAULT server getting the traffic as opposed to the mirror. That’s why the 404.

                        I believe that the directive I mentioned earlier is all that needs to be defined in order to get the nginx proxy handling that path accordingly…

                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 2 / 2
                        • First post
                          Last post
                        Enjoying MagicMirror? Please consider a donation!
                        MagicMirror created by Michael Teeuw.
                        Forum managed by Sam, technical setup by Karsten.
                        This forum is using NodeBB as its core | Contributors
                        Contact | Privacy Policy