Quick post about a specific issue I met with Nginx when using DNS resolvers and variables instead of hardcoding URL into a proxy_pass directive: URL processing is affected, and I didn’t know that. It probably bitten me several time already, so here it is.
Partly to avoid Nginx breakage when some upstream services were still down before Nginx start, I set up a Unbound DNS server, mapped IPs from the FreeBSD jails hosting services to some friendly and big boys approved domains.
Setting a resolver makes the domain stored in the variable $upstream resolved at runtine rather than when starting the service: The server will therefor stop to fails if upstream servers can’t be contacted.
Setting the proxy_pass like that implicitly changes the way the URL is processed and can lead to befuddling issues if the configuration maintainer (me) is not aware of that, especially when dealing with subpath.
Here, the /st/ path would be passed down to the URL set in the proxy_pass if it wasn’t for the rewrite rules declared above.
resolver 10.10.0.1 valid=10s ipv6=off;
resolver_timeout 2s;
location /st/ {
set $upstream syncthing.throne.home.arpa;
rewrite ^/st/(.*) /$1 break;
proxy_pass http://$upstream:8384;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
The issue is “simply” that path handling and prefix stripping does not work the same with variables. As far as I know, why it behaves like that doesn’t seem to be explained in the documentation, but how it behaves is documented in proxy_pass.