Rewrite -- failure

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Rewrite -- failure

Paul
New to this list (lurked for a couple of weeks), so hope you'll bear
with me. I'm trying to get a charity's volunteers set up to work from home.

Using nginx 1.14.0 (latest on Ubuntu 14.04LTS -- all up to date; #nginx
-V below) as a front end for a number of servers using Apache 2.4.

My problem is that I need to split serv1.example.com to two physical
servers (both fully functional on LAN). The first (192.168.aaa.bbb)
serving static https works fine. But I cannot "rewrite" (redirect,
re-proxy?) to the second server (192.168.xxx.yyy, Perl cgi) where the
request comes in as https://serv1.example.com/foo and I need to get rid
of "foo"

        "rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent;" (tried
permanent, break, last and no flags)

is valid as a PCRE regex, but logs give me a 404 trying to find "foo"
which has nothing to do with the cgi root:

        [14/Apr/2020:16:14:19 -0400] "GET /foo HTTP/1.1" 404 2471

What I am trying for is "GET / HTTP/1.1" 200

Here's my server config.  Any all assistance would be greatly
appreciated -- many thanks and stay well -- Paul


server {

     listen 443 ssl;
     # [4 lines managed by Certbot, working perfectly]

     server_name serv1.example.com;

     access_log /var/log/nginx/access.log;
     error_log  /var/log/nginx/mysite-error_log;

     proxy_buffering off;

     location / {              # static server, html, works perfectly,
         proxy_pass http://192.168.aaa.bbb;
         proxy_set_header Host $host;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

     location /foo {           # big db server, perfect on LAN, PERL, cgi
         # rewrite ^/foo(.*) /$1 break;   #tried permanent, break, last
and no flags
         # rewrite ^/foo/(.*)$ /$1 last;   #tried permanent, break, last
and no flags
         rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent;
#tried permanent, break, last and no flags
         proxy_pass <a href="http://192.168.xxx.yyy:8084;">http://192.168.xxx.yyy:8084;
         proxy_set_header Host $host;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

server {
     if ($host = serv1.example.com) {
         return 301 https://$host$request_uri;
     } # managed by Certbot

# automatically sets to https if someone comes in on http
     listen 80;
     listen 8084;
     server_name serv1.example.com;
     rewrite     ^   https://$host$request_uri? permanent;
}
_________

nginx -V
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.1  11 Sep 2018
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2
-fdebug-prefix-map=/build/nginx-GkiujU/nginx-1.14.0=.
-fstack-protector-strong -Wformat -Werror=format-security -fPIC
-Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions
-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log
--lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid
--modules-path=/usr/lib/nginx/modules
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-http_ssl_module --with-http_stub_status_module
--with-http_realip_module --with-http_auth_request_module
--with-http_v2_module --with-http_dav_module --with-http_slice_module
--with-threads --with-http_addition_module
--with-http_geoip_module=dynamic --with-http_gunzip_module
--with-http_gzip_static_module --with-http_image_filter_module=dynamic
--with-http_sub_module --with-http_xslt_module=dynamic
--with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic
--with-mail_ssl_module

   \\\||//
    (@ @)
ooO_(_)_Ooo__________________________________
|______|_____|_____|_____|_____|_____|_____|_____|
|___|____|_____|_____|_____|_____|_____|_____|____|
|_____|_____| mailto:[hidden email] _|____|____|
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Rewrite -- failure

lists@lazygranch.com
Wouldn't it be less work to set up subdomains and handle this with DNS?

I for one will never qualify for this T shirt.

https://store.xkcd.com/products/i-know-regular-expressions




  Original Message  


From: [hidden email]
Sent: April 14, 2020 1:39 PM
To: [hidden email]
Reply-to: [hidden email]
Subject: Rewrite -- failure


New to this list (lurked for a couple of weeks), so hope you'll bear
with me. I'm trying to get a charity's volunteers set up to work from home.

Using nginx 1.14.0 (latest on Ubuntu 14.04LTS -- all up to date; #nginx
-V below) as a front end for a number of servers using Apache 2.4.

My problem is that I need to split serv1.example.com to two physical
servers (both fully functional on LAN). The first (192.168.aaa.bbb)
serving static https works fine. But I cannot "rewrite" (redirect,
re-proxy?) to the second server (192.168.xxx.yyy, Perl cgi) where the
request comes in as https://serv1.example.com/foo and I need to get rid
of "foo"

"rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent;" (tried
permanent, break, last and no flags)

is valid as a PCRE regex, but logs give me a 404 trying to find "foo"
which has nothing to do with the cgi root:

[14/Apr/2020:16:14:19 -0400] "GET /foo HTTP/1.1" 404 2471

What I am trying for is "GET / HTTP/1.1" 200

Here's my server config.  Any all assistance would be greatly
appreciated -- many thanks and stay well -- Paul


server {

     listen 443 ssl;
     # [4 lines managed by Certbot, working perfectly]

     server_name serv1.example.com;

     access_log /var/log/nginx/access.log;
     error_log  /var/log/nginx/mysite-error_log;

     proxy_buffering off;

     location / {              # static server, html, works perfectly,
         proxy_pass http://192.168.aaa.bbb;
         proxy_set_header Host $host;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

     location /foo {           # big db server, perfect on LAN, PERL, cgi
         # rewrite ^/foo(.*) /$1 break;   #tried permanent, break, last
and no flags
         # rewrite ^/foo/(.*)$ /$1 last;   #tried permanent, break, last
and no flags
         rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent;
#tried permanent, break, last and no flags
         proxy_pass <a href="http://192.168.xxx.yyy:8084;">http://192.168.xxx.yyy:8084;
         proxy_set_header Host $host;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

server {
     if ($host = serv1.example.com) {
         return 301 https://$host$request_uri;
     } # managed by Certbot

# automatically sets to https if someone comes in on http
     listen 80;
     listen 8084;
     server_name serv1.example.com;
     rewrite     ^   https://$host$request_uri? permanent;
}
_________

nginx -V
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.1  11 Sep 2018
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2
-fdebug-prefix-map=/build/nginx-GkiujU/nginx-1.14.0=.
-fstack-protector-strong -Wformat -Werror=format-security -fPIC
-Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions
-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log
--lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid
--modules-path=/usr/lib/nginx/modules
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-http_ssl_module --with-http_stub_status_module
--with-http_realip_module --with-http_auth_request_module
--with-http_v2_module --with-http_dav_module --with-http_slice_module
--with-threads --with-http_addition_module
--with-http_geoip_module=dynamic --with-http_gunzip_module
--with-http_gzip_static_module --with-http_image_filter_module=dynamic
--with-http_sub_module --with-http_xslt_module=dynamic
--with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic
--with-mail_ssl_module

   \\\||//
    (@ @)
ooO_(_)_Ooo__________________________________
|______|_____|_____|_____|_____|_____|_____|_____|
|___|____|_____|_____|_____|_____|_____|_____|____|
|_____|_____| mailto:[hidden email] _|____|____|
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Rewrite -- failure

Francis Daly
In reply to this post by Paul
On Tue, Apr 14, 2020 at 04:38:51PM -0400, Paul wrote:

Hi there,

> My problem is that I need to split serv1.example.com to two physical servers
> (both fully functional on LAN). The first (192.168.aaa.bbb) serving static
> https works fine. But I cannot "rewrite" (redirect, re-proxy?) to the second
> server (192.168.xxx.yyy, Perl cgi) where the request comes in as
> https://serv1.example.com/foo and I need to get rid of "foo"

http://nginx.org/r/proxy_pass -- proxy_pass can (probably) do what
you want, without rewrites. The documentation phrase to look for is
"specified with a URI".

> "rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent;" (tried
> permanent, break, last and no flags)

"rewrite" (http://nginx.org/r/rewrite) works on the "/foo" part, not the
"https://" or the "serv1.example.com" parts of the request, which is why
that won't match your requests.

>     location /foo {           # big db server, perfect on LAN, PERL, cgi
>         # rewrite ^/foo(.*) /$1 break;   #tried permanent, break, last and
> no flags

That one looks to me to be most likely to work; but you probably need
to be very clear about what you mean when you think "it doesn't work".

In general - show the request, show the response, and describe the response
that you want instead.

>         # rewrite ^/foo/(.*)$ /$1 last;   #tried permanent, break, last and
> no flags
>         rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent; #tried
> permanent, break, last and no flags
>         proxy_pass <a href="http://192.168.xxx.yyy:8084;">http://192.168.xxx.yyy:8084;
>         proxy_set_header Host $host;
>         proxy_http_version 1.1;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>    }

I suggest trying

    location /foo/ {
        proxy_pass http://192.168.xxx.yyy:8084/;
    }

(note the trailing / in both places) and then seeing what else needs to
be added.

Note also that, in any case, if you request /foo/one.cgi which is really
upstream's /one.cgi, and the response body includes a link to /two.png,
then the browser will look for /two.png not /foo/two.png, which will
be sought on the other server. That may or may not be what you want,
depending on how you have set things up.

That is: it is in general non-trivial to reverse-proxy a service at a
different places in the url hierarchy from where the service believes
it is located. Sometimes a different approach is simplest.

> server {
>
> # automatically sets to https if someone comes in on http
>     listen 80;
>     listen 8084;

Hmm. Is this 8084 the same as 192.168.xxx.yyy:8084 above? If so, things
might get a bit confused.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

SSL and port number [was: Rewrite -- failure]

Paul
Thanks for your input. I have spent quite some time on this, and have
failed on "rewrite".

It all works using a different port number but *without* SSL -- the
moment I add the Certbot back in (see config below) I get "Error code:
SSL_ERROR_RX_RECORD_TOO_LONG".

Also, same server, on default port 80, works perfectly as https, but if
I add :80 to the requested URL, I get the same "Error code:
SSL_ERROR_RX_RECORD_TOO_LONG"...

All suggestions warmly welcomed, thanks. ...and stay well - Paul.

server {

     listen 8084;
#    listen 443 ssl;

#        ssl_certificate
/etc/letsencrypt/live/serv1.example.com/fullchain.pem; # managed by Certbot
#        ssl_certificate_key
/etc/letsencrypt/live/serv1.example.com/privkey.pem; # managed by Certbot
#    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

     server_name my_app;

     access_log /var/log/nginx/access.log;
     error_log  /var/log/nginx/ships-error_log;

     proxy_buffering off;

     location / {
         proxy_pass <a href="http://192.168.xxx.yyy:8084;">http://192.168.xxx.yyy:8084;
         proxy_set_header Host $host;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

#server {
#    if ($host = serv1.example.com) {
#        return 301 https://$host$request_uri;
#    } # managed by Certbot

# automatically sets to https if someone comes in on http
#    listen 8084;
#    listen 443 ssl;
#    server_name serv1.example.com;
#    rewrite     ^   https://$host$request_uri? permanent;
#}





On 2020-04-14 6:39 p.m., Francis Daly wrote:

> On Tue, Apr 14, 2020 at 04:38:51PM -0400, Paul wrote:
>
> Hi there,
>
>> My problem is that I need to split serv1.example.com to two physical servers
>> (both fully functional on LAN). The first (192.168.aaa.bbb) serving static
>> https works fine. But I cannot "rewrite" (redirect, re-proxy?) to the second
>> server (192.168.xxx.yyy, Perl cgi) where the request comes in as
>> https://serv1.example.com/foo and I need to get rid of "foo"
>
> http://nginx.org/r/proxy_pass -- proxy_pass can (probably) do what
> you want, without rewrites. The documentation phrase to look for is
> "specified with a URI".
>
>> "rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent;" (tried
>> permanent, break, last and no flags)
>
> "rewrite" (http://nginx.org/r/rewrite) works on the "/foo" part, not the
> "https://" or the "serv1.example.com" parts of the request, which is why
> that won't match your requests.
>
>>      location /foo {           # big db server, perfect on LAN, PERL, cgi
>>          # rewrite ^/foo(.*) /$1 break;   #tried permanent, break, last and
>> no flags
>
> That one looks to me to be most likely to work; but you probably need
> to be very clear about what you mean when you think "it doesn't work".
>
> In general - show the request, show the response, and describe the response
> that you want instead.
>
>>          # rewrite ^/foo/(.*)$ /$1 last;   #tried permanent, break, last and
>> no flags
>>          rewrite ^(.*serv1\.example\.com\/)foo\/(.*) $1$2 permanent; #tried
>> permanent, break, last and no flags
>>          proxy_pass <a href="http://192.168.xxx.yyy:8084;">http://192.168.xxx.yyy:8084;
>>          proxy_set_header Host $host;
>>          proxy_http_version 1.1;
>>          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>     }
>
> I suggest trying
>
>      location /foo/ {
>          proxy_pass http://192.168.xxx.yyy:8084/;
>      }
>
> (note the trailing / in both places) and then seeing what else needs to
> be added.
>
> Note also that, in any case, if you request /foo/one.cgi which is really
> upstream's /one.cgi, and the response body includes a link to /two.png,
> then the browser will look for /two.png not /foo/two.png, which will
> be sought on the other server. That may or may not be what you want,
> depending on how you have set things up.
>
> That is: it is in general non-trivial to reverse-proxy a service at a
> different places in the url hierarchy from where the service believes
> it is located. Sometimes a different approach is simplest.
>
>> server {
>>
>> # automatically sets to https if someone comes in on http
>>      listen 80;
>>      listen 8084;
>
> Hmm. Is this 8084 the same as 192.168.xxx.yyy:8084 above? If so, things
> might get a bit confused.
>
> Good luck with it,
>
> f
>


   \\\||//
    (@ @)
ooO_(_)_Ooo__________________________________
|______|_____|_____|_____|_____|_____|_____|_____|
|___|____|_____|_____|_____|_____|_____|_____|____|
|_____|_____| mailto:[hidden email] _|____|____|
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: SSL and port number [was: Rewrite -- failure]

Francis Daly
On Tue, Apr 21, 2020 at 07:09:41PM -0400, Paul wrote:

Hi there,

I confess I'm not quite certain what you are reporting here -- if you
can say "with *this* config, I make *this* request and I get *this*
response, but I want *that* response instead", it may be clearer.

However, there is one thing that might be a misunderstanding here:

"listen 8000;" means that nginx will listen for http, so you must make
requests to port 8000 using http not https.

"listen 8001 ssl;" means that nginx will listen for https, so you must
make requests to port 8001 using https not http.

You can have both "listen" directives in the same server{}, but you
still must use the correct protocol on each port, or there will be errors.

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: SSL and port number [was: Rewrite -- failure]

Paul
On 2020-04-22 3:14 a.m., Francis Daly wrote:

> On Tue, Apr 21, 2020 at 07:09:41PM -0400, Paul wrote:
>
> Hi there,
>
> I confess I'm not quite certain what you are reporting here -- if you
> can say "with *this* config, I make *this* request and I get *this*
> response, but I want *that* response instead", it may be clearer.
>
> However, there is one thing that might be a misunderstanding here:
>
> "listen 8000;" means that nginx will listen for http, so you must make
> requests to port 8000 using http not https.
>
> "listen 8001 ssl;" means that nginx will listen for https, so you must
> make requests to port 8001 using https not http.
>
> You can have both "listen" directives in the same server{}, but you
> still must use the correct protocol on each port, or there will be errors.

Hi Francis,

Thanks. I have the two sites "mostly" working now (full config below),
but could you please expand on your comment ""listen 8001 ssl;" means
that nginx will listen for https, so you must make requests to port 8001
using https not http."

My problem is that app/server A (static html) is working perfectly, but
app/server B works only if the user's browser requests specifically
"https://... ", but returns a "400 Bad Request // The plain HTTP request
was sent to HTTPS port // nginx" if the browser requests http (which I
believe is the default for most browsers if you paste or type just the
URL into them.)

In other words, the last few lines of the config. work for port 80
(sends seamlessly the 301, then the content), but not for port 8084
(sends only the 400.)

Many thanks -- Paul


# Combined file, two servers for myapps.example.com
# myappa "A" for static site /var/wwww/myappa on 192.168.aaa.bbb
# myappb "B" for cgi site /usr/share/myappb on 192.168.xxx.yyy

# Server A
server {

     listen 443 ssl;

     ssl_certificate
/etc/letsencrypt/live/myapps.example.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key
/etc/letsencrypt/myapps.example.com/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

     server_name myapps.example.com;

     access_log /var/log/nginx/access.log;
     error_log  /var/log/nginx/myapp-error_log;

     proxy_buffering off;

     location / {
         proxy_pass http://myappa;
         proxy_set_header Host $host;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

# Server B
server {

     listen 8084 ssl;

     ssl_certificate
/etc/letsencrypt/live/myapps.example.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key
/etc/letsencrypt/live/myapps.example.com/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

     server_name myapps.example.com;

     access_log /var/log/nginx/access.log;
     error_log  /var/log/nginx/myapp-error_log;

     proxy_buffering off;

     location / {
         proxy_pass <a href="http://myappb:8084;">http://myappb:8084;
         proxy_set_header Host $host;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

server {
     if ($host = myapps.example.com) {
         return 301 https://$host$request_uri;
     } # managed by Certbot

# automatically sets to https if someone comes in on http
     listen 80;
     listen 8084;
     server_name myapps.example.com;
     rewrite     ^   https://$host$request_uri? permanent;
}

   \\\||//
    (@ @)
ooO_(_)_Ooo__________________________________
|______|_____|_____|_____|_____|_____|_____|_____|
|___|____|_____|_____|_____|_____|_____|_____|____|
|_____|_____| mailto:[hidden email] _|____|____|
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: SSL and port number [was: Rewrite -- failure]

J.R.
In reply to this post by Paul
To redirect a browser from http to https, you don't need to do an 'if'
or 'rewrite'... The following would be the most efficient (and
simplest)...

server {
    listen       80;
    server_name  myapps.example.com;
    access_log   off;

    return 301 https://$host$request_uri;
}
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: SSL and port number [was: Rewrite -- failure]

Francis Daly
In reply to this post by Paul
On Tue, Apr 28, 2020 at 02:56:09PM -0400, Paul wrote:
> On 2020-04-22 3:14 a.m., Francis Daly wrote:

Hi there,

> Thanks. I have the two sites "mostly" working now (full config below), but
> could you please expand on your comment ""listen 8001 ssl;" means that nginx
> will listen for https, so you must make requests to port 8001 using https
> not http."

nginx listens on an ip:port, and it expects exactly one protocol to be
spoken on that port.

I believe I see what may be the problem here...

> My problem is that app/server A (static html) is working perfectly, but
> app/server B works only if the user's browser requests specifically
> "https://... ", but returns a "400 Bad Request // The plain HTTP request was
> sent to HTTPS port // nginx" if the browser requests http (which I believe
> is the default for most browsers if you paste or type just the URL into
> them.)

...your server B has two server blocks.

One says "listen 8084 ssl"; the other says "listen 8084".

You want one to be https and the other to be http. Current nginx does
not support doing that. If you need it to be done, you must use something
other than current nginx.

Your access url is "https://myapps.example.com:8084/"

If someone tries to use "ftp://myapps.example.com:8084/", they will get an
error indication. If they try "http://myapps.example.com:8084/", they will
get an error indication. If they try "gopher://myapps.example.com:8084/",
they will get an error indication.

The error indication that current-nginx gives is "this is not a valid
https protocol request"; it does not try to guess what sort of protocol
request it actually is.

If you just remove the "listen 8084" from the second server, and invite
people to use the correct url (either "http://myapps.example.com/", or
"https://myapps.example.com:8084/"), then it should all Just Work.

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx