3

Here is my nginx proxy.conf file, 

server { listen port 9090; root /usr/share/nginx/html; # not sure whether this line is needed or not index index.html; # not sure whether this line is needed or not location / { proxy_pass http://google.com } }

I'm trying to hide the original website address, example google.com behind my localhost:9090.

But when i start nginx service using this proxy.conf file and type localhost:9090 in my browser it is correctly redirecting me to google.com but it is revealing the url google.com in the browser.

I saw some questions here like How to hide backend URL/URI with Nginx reverse proxy , but i didn't quite get an answer to my problem.

If you need any additional information regarding this please ask in the comments. I'm ready to provide any information if that allows you to give me a solution to my problem.

Improve this question
2
  • 4
    Google sends this redirect. Use another backend site for your testing. Commented Sep 28, 2019 at 9:45
  • That's both true. But you can also catch the redirect with Nginx and Lua, be it for Google or another backend hanging in the same network. Detail fact: If the backend is behind a connect or socks proxy, Nginx is not able to execute the proxy_pass command yet. Commented Sep 28, 2019 at 20:40

1 Answer 1

Reset to default
1

Example for Ubuntu 16.04 and Ubuntu 18.04

Backends that return hard (301) or temporary (302 or newer 303) redirects to the browser – the browser executes them – can easily take the user away from your Nginx. This can be intercepted with Lua.

What I show here is at least legally in the grey area, but rather black (regarding Google). Do not bring into production! All the security headers that Google attaches to the requests will spoil your fun anyway.

Installation

# sudo apt purge nginx-* # maybe necessary, backup your /etc/nginx/… configs before! sudo add-apt-repository ppa:nginx/stable sudo apt-cache show nginx-extras | grep -P '((xenial)|(bionic))' sudo apt install nginx-extras # Lua support (nginx-extras is > nginx-full)

Config

/etc/nginx/sites-available/test.conf

server { listen 80; listen [::]:80; server_name niegit.com; # Nginx vs. Lua # # Comment: # vs. -- # Concat: NIL vs. .. # $request_uri vs. ngx.var.request_uri # path with query string # $is_args$args vs. ngx.var.is_args .. ngx.var.args # query string # $1 vs. ngx.var[1] # regex capturing group 1 # $2 vs. ngx.var[2] # regex capturing group 2 location / { rewrite_by_lua_block { -- Probs with AJAX/XHR and/or Websockets! ngx.log(ngx.ALERT, 'See this text in /var/log/nginx/error.log') local map = { GET = ngx.HTTP_GET, POST = ngx.HTTP_POST, } ngx.req.read_body() local res = ngx.location.capture('/location_2' .. (ngx.var.request_uri or ''), { method = map[ngx.var.request_method], body = ngx.var.request_body }) -- Detect/change redirect... local redirect_target = res.header.Location if redirect_target and res.status > 300 and res.status < 309 then ngx.log(ngx.ALERT, redirect_target) local redirect_target_changed, n, err = ngx.re.gsub(redirect_target, 'https?[:]//(?:www[.])?google[.]com(?:[:][0-9]*)?', 'http://niegit.com') ngx.log(ngx.ALERT, redirect_target_changed) return ngx.redirect(redirect_target_changed, 303) else ngx.exec('@named_location_3') return ngx.exit(ngx.HTTP_OK) end } } location /location_2 { proxy_pass https://www.google.com/; } location @named_location_3 { proxy_pass https://www.google.com$request_uri; } }

Activate

cd /etc/nginx/sites-enabled sudo ln -s ../sites-available/test.conf test.conf sudo nginx -t sudo service nginx reload # or newer: sudo systemctl reload nginx

If there are no sites-available and sites-enabled folders, simply put test.conf in your conf.d folder.

Testing

curl -I niegit.com # not active at the moment

If you offer foreign backends under your own domain, this should only happen for test purposes or you ask the owner. The example shown here can of course be used legally for your own backends and save your ass. ;)

Improve this answer
2
  • This does not work against website like uptimerobot.com which only works on https and http urls gets redirect to https. There is a public page like stats.uptimerobot.com/wivhjuit. My goal is to reach that without changing browser url. Any idea how that could work ? Commented Jul 23, 2020 at 18:00
  • I guess you didn't understand the line with gsub and can't do a regex. Also, most uptime robots query with HEAD instead of GET or POST, as I remember. Commented Aug 1, 2020 at 12:25

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.