Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

How to tell nginx to use another proxy to reach destination server ?

pepito
Altocumulus
Altocumulus

Hello.

I create this discussion because of the following problem I'm encountering.

Here is the situation :

  • I have multiple servers which are in a secure network zone
  • I have another server where nginx is installed
  • The NGINX server has access to a remote destination (a gitlab) through a proxy

So the flow is the following : Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab in another network zone.

Is it possible to tell nginx to use this "squid-proxy" to reach the gitlab server, please ?

For the moment, I have this configuration :

 

 

 

 

 

server {
  listen 443 ssl;
  server_name <ALIAS DNS OF NGINX SERVER>;

  ssl_certificate /etc/nginx/certs/mycert.crt;
  ssl_certificate_key /etc/nginx/certs/mykey.key;
  ssl_session_cache shared:SSL:1m;
  ssl_prefer_server_ciphers   on;

  access_log /var/log/nginx/mylog.access.log;
  error_log  /var/log/nginx/mylog.error.log debug;

  location / {
    proxy_pass https://the-gitlab-host:443;
  }
}

 

 

 

 

 

But it does not work. When I try to perform a git command from a server in secure zone, it fails and in the nginx logs I see a timeout, which is normal, because nginx does not use the squid proxy to reach the gitlab server.

Thank you in advance for your help !

Best regards.

1 ACCEPTED SOLUTION

Kevin_Stewart
F5 Employee
F5 Employee

Could you elaborate a bit more?

Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab

Are you suggesting that traffic passing through a reverse proxy (nginx) needs to pass through a forward proxy (squid) to get to an internal resource? And if so, an explicit forward proxy?

 

View solution in original post

3 REPLIES 3

Kevin_Stewart
F5 Employee
F5 Employee

Could you elaborate a bit more?

Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab

Are you suggesting that traffic passing through a reverse proxy (nginx) needs to pass through a forward proxy (squid) to get to an internal resource? And if so, an explicit forward proxy?

 

pepito
Altocumulus
Altocumulus

Hello Kevin.

Sorry for the delay of my answer.

Yes, I am using nginx as a reverse proxy.

To reach the gitlab specific destination, it needs to use a forward proxy and I don't know how to configure that. Do you know how to do it ?

Thanks in advance.

hmi
Nimbostratus
Nimbostratus

I have a similar requirement, the Nginx has to go through a Squid HTTP proxy to access the target destination.

how to configure it?

 

Thank you.