NGINX reverse proxy passing localhost URL

I am using NGINX as a reverse proxy to provide access via sub domains - the configuration files are pretty simple and have been working for a long time - infact it is still working for 2 of my 4 sub domains. Here is an example config:
server {
server_name sub.domain.example;

location / {
proxy_pass http://127.0.0.1:PORT;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Since yesterday I am having a problem with 2 of 4 subdomains say example.domain.com just hangs for a second then passes me the address “http://127.0.0.1:PORT” to which obviously no connection is established.

Example2.domain.com with the same nginx configuration works the same as it always has done - passing the web site hosted at http://127.0.0.1:PORT2 on the origin server with no issues. I have checked SSL certificates and it is valid for all sites.

This issue completely goes away when I disable the cloudflare proxy and just use DNS for the 2 affected sub domains, I have tried to purge the cache on cloudflare too.

Any help with this? I really do not understand what the difference is between the working and non working sub domains.

I am afraid server administration is well beyond the scope of the forum and better discussed at StackExchange for example.

You wrote your site works fine without the proxies? This does apply to HTTPS, right?

Yes the 2 affected sub domains work fine when in DNS only mode and load via HTTPS (port 80 is closed on the origin server)

I have 2 other sub domains with the exact same configuration that load fine with Proxied mode

What’s the domain and hostnames?

And you did make sure the domain is configured on Full Strict, right?

Thanks for the help Sandro - Full strict is enabled

I appear to have resolved this by adding the following to the nginx configuration files:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

A very stange one to come up randomly and even harder to diagnose but got it solved in the end!

Appreciate the quick responses on this as always!

That would suggest you had somewhere an IP check and blocked it because you did not take the proper client address into account. Yes, rewriting IP addresses is recommended, but you should take Cf-Connecting-IP instead.

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs has more on that.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.