cancel
Showing results for 
Search instead for 
Did you mean: 

How to tell nginx to use another proxy to reach destination server ?

pepito
Nimbostratus
Nimbostratus

Hello.

I create this discussion because of the following problem I'm encountering.

Here is the situation :

  • I have multiple servers which are in a secure network zone
  • I have another server where nginx is installed
  • The NGINX server has access to a remote destination (a gitlab) through a proxy

So the flow is the following : Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab in another network zone.

Is it possible to tell nginx to use this "squid-proxy" to reach the gitlab server, please ?

For the moment, I have this configuration :

 

 

 

 

 

server {
  listen 443 ssl;
  server_name <ALIAS DNS OF NGINX SERVER>;

  ssl_certificate /etc/nginx/certs/mycert.crt;
  ssl_certificate_key /etc/nginx/certs/mykey.key;
  ssl_session_cache shared:SSL:1m;
  ssl_prefer_server_ciphers   on;

  access_log /var/log/nginx/mylog.access.log;
  error_log  /var/log/nginx/mylog.error.log debug;

  location / {
    proxy_pass https://the-gitlab-host:443;
  }
}

 

 

 

 

 

But it does not work. When I try to perform a git command from a server in secure zone, it fails and in the nginx logs I see a timeout, which is normal, because nginx does not use the squid proxy to reach the gitlab server.

Thank you in advance for your help !

Best regards.

1 REPLY 1

Kevin_Stewart
F5 Employee
F5 Employee

Could you elaborate a bit more?

Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab

Are you suggesting that traffic passing through a reverse proxy (nginx) needs to pass through a forward proxy (squid) to get to an internal resource? And if so, an explicit forward proxy?