Nginx reverse proxy - .js and .css forbidden
My setup: a raspberry pi which is part of 2 LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN.
So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).
With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file I get a 403 error 'forbidden'.
Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.
Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)
NGINX CONFIG:
location / {
proxy_bind 192.168.1.2;
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_pass http://192.168.1.1/;
}
192.168.1.2 is the address of the pi in the first LAN.
192.168.1.1 is the address of the router (part of the first LAN) I want to access.
Example error I see in the developer console of web browser (this goes for all .js and .css files):
HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it.
GET - http://192.168.2.2/css/main.css
Corresponding line in the access.log of nginx:
"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi
t/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the persmission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?
Corresponding html line in the source file (seen when using curl directly from the pi):
<link rel="stylesheet" href="../css/main.css">
I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy).
What am I missing?
Thank you in advance,
Wim
nginx reverse-proxy
asked 1 hour ago
WimOnFire
11
New contributor
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
My setup: a raspberry pi which is part of 2 LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN.
So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).
With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file I get a 403 error 'forbidden'.
Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.
Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)
NGINX CONFIG:
location / {
proxy_bind 192.168.1.2;
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_pass http://192.168.1.1/;
}
192.168.1.2 is the address of the pi in the first LAN.
192.168.1.1 is the address of the router (part of the first LAN) I want to access.
Example error I see in the developer console of web browser (this goes for all .js and .css files):
HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it.
GET - http://192.168.2.2/css/main.css
Corresponding line in the access.log of nginx:
"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi
t/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the persmission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?
Corresponding html line in the source file (seen when using curl directly from the pi):
<link rel="stylesheet" href="../css/main.css">
I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy).
What am I missing?
Thank you in advance,
Wim
nginx reverse-proxy
asked 1 hour ago
WimOnFire
11
New contributor
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
My setup: a raspberry pi which is part of 2 LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN.
So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).
With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file I get a 403 error 'forbidden'.
Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.
Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)
NGINX CONFIG:
location / {
proxy_bind 192.168.1.2;
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_pass http://192.168.1.1/;
}
192.168.1.2 is the address of the pi in the first LAN.
192.168.1.1 is the address of the router (part of the first LAN) I want to access.
Example error I see in the developer console of web browser (this goes for all .js and .css files):
HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it.
GET - http://192.168.2.2/css/main.css
Corresponding line in the access.log of nginx:
"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi
t/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the persmission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?
Corresponding html line in the source file (seen when using curl directly from the pi):
<link rel="stylesheet" href="../css/main.css">
I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy).
What am I missing?
Thank you in advance,
Wim
nginx reverse-proxy
asked 1 hour ago
WimOnFire
11
New contributor
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
My setup: a raspberry pi which is part of 2 LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN.
So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).
With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file I get a 403 error 'forbidden'.
Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.
Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)
NGINX CONFIG:
location / {
proxy_bind 192.168.1.2;
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_pass http://192.168.1.1/;
}
192.168.1.2 is the address of the pi in the first LAN.
192.168.1.1 is the address of the router (part of the first LAN) I want to access.
Example error I see in the developer console of web browser (this goes for all .js and .css files):
HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it.
GET - http://192.168.2.2/css/main.css
Corresponding line in the access.log of nginx:
"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi
t/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the persmission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?
Corresponding html line in the source file (seen when using curl directly from the pi):
<link rel="stylesheet" href="../css/main.css">
I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy).
What am I missing?
Thank you in advance,
Wim
nginx reverse-proxy
nginx reverse-proxy
asked 1 hour ago
WimOnFire
11
New contributor
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
WimOnFire
11
New contributor
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 1 hour ago
asked 1 hour ago
WimOnFire
11
New contributor
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
WimOnFire
11
asked 1 hour ago
WimOnFire
11
11
New contributor
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
WimOnFire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
WimOnFire is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491347%2fnginx-reverse-proxy-js-and-css-forbidden%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
WimOnFire is a new contributor. Be nice, and check out our Code of Conduct.
WimOnFire is a new contributor. Be nice, and check out our Code of Conduct.
WimOnFire is a new contributor. Be nice, and check out our Code of Conduct.
WimOnFire is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491347%2fnginx-reverse-proxy-js-and-css-forbidden%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
