Discussion:
Reverse proxy for a sub directory
max
2018-03-12 09:20:24 UTC
Permalink
Hi,

To make CouchDB listen as sub directory, doc says (
https://cwiki.apache.org/confluence/display/COUCHDB/Nginx+as+a+proxy) to
use:
location /couchdb {
rewrite /couchdb/(.*) /$1 break;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

But this cannot be used for attachment with special character such as +,
-, ,
For those CouchDB will send back: "{"error":"not_found","reason":"Document
is missing attachment"}"

The only way I found to fix it is:
location /couchdb/ {
rewrite ^ $request_uri;
rewrite ^/ couchdb /(.*) $1 break;
return 400;
proxy_pass http://127.0.0.1:5984/$uri;
}

But doing so I cannot access CouchDB root (http://127.0.0.1/couchdb) since
it will result in Nginx 500 error (zero length URI).

Do you know a better Nginx configuration?

Thanks,

Max
Jan Lehnardt
2018-03-12 10:08:48 UTC
Permalink
Hi Max,

this is more an nginx than a CouchDB question, but https://serverfault.com/questions/459369/disabling-url-decoding-in-nginx-proxy#463932 suggests that if you use proxy_pass without a uri (not even a slash), that things should work.

Can you verify you’re using `proxy_pass http://localhost:5984;` and not e.g. `proxy_pass http://localhost:5984/;`. If you are, you should open a ticket with the nginx team.

Best
Jan
--
Post by max
Hi,
To make CouchDB listen as sub directory, doc says (
https://cwiki.apache.org/confluence/display/COUCHDB/Nginx+as+a+proxy) to
location /couchdb {
rewrite /couchdb/(.*) /$1 break;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
But this cannot be used for attachment with special character such as +,
-, ,
For those CouchDB will send back: "{"error":"not_found","reason":"Document
is missing attachment"}"
location /couchdb/ {
rewrite ^ $request_uri;
rewrite ^/ couchdb /(.*) $1 break;
return 400;
proxy_pass http://127.0.0.1:5984/$uri;
}
But doing so I cannot access CouchDB root (http://127.0.0.1/couchdb) since
it will result in Nginx 500 error (zero length URI).
Do you know a better Nginx configuration?
Thanks,
Max
--
Professional Support for Apache CouchDB:
https://neighbourhood.ie/couchdb-support/
Sinan Gabel
2018-03-12 10:34:03 UTC
Permalink
Hi Max,

Sorry for not being able to answer your actual question, I still want to
draw your attention to the need for further nginx location needs (i.e.
_changes): Here's an example of a working configuration when listening at
the root / and using ssl.

location ~ ^/(.*)/_changes {
proxy_pass http://couchdb_node;

proxy_redirect off;

proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}

location / {
proxy_pass http://couchdb_node;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
Post by Jan Lehnardt
Hi Max,
this is more an nginx than a CouchDB question, but
https://serverfault.com/questions/459369/disabling-
url-decoding-in-nginx-proxy#463932 suggests that if you use proxy_pass
without a uri (not even a slash), that things should work.
Can you verify you’re using `proxy_pass http://localhost:5984;` and not
e.g. `proxy_pass http://localhost:5984/;`. If you are, you should open a
ticket with the nginx team.
Best
Jan
--
Post by max
Hi,
To make CouchDB listen as sub directory, doc says (
https://cwiki.apache.org/confluence/display/COUCHDB/Nginx+as+a+proxy) to
location /couchdb {
rewrite /couchdb/(.*) /$1 break;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
But this cannot be used for attachment with special character such as +,
-, ,
For those CouchDB will send back: "{"error":"not_found","reason"
:"Document
Post by max
is missing attachment"}"
location /couchdb/ {
rewrite ^ $request_uri;
rewrite ^/ couchdb /(.*) $1 break;
return 400;
proxy_pass http://127.0.0.1:5984/$uri;
}
But doing so I cannot access CouchDB root (http://127.0.0.1/couchdb)
since
Post by max
it will result in Nginx 500 error (zero length URI).
Do you know a better Nginx configuration?
Thanks,
Max
--
https://neighbourhood.ie/couchdb-support/
max
2018-03-12 11:02:21 UTC
Permalink
Thanks for your answers.
@Jan
I already tried this and it cannot be used since the sub directory part
remains in the URI. To be able to use it without the trailing '/' I would
need to tell CouchDB to listen on "127.0.0.1:5984/couchdb" and (I think) I
cannot.
You are right "this is more an nginx than a CouchDB question" but CouchDB
2.0 doc contains this "Reverse proxy for a sub directory" part that seems
not correct, that's why I was hopping help from CouchDB users :).

@Sinan
You are completely right but only with '/' and actually this was exactly my
configuration when I did not need sub directories but now I do.
Post by Jan Lehnardt
Hi Max,
Sorry for not being able to answer your actual question, I still want to
draw your attention to the need for further nginx location needs (i.e.
_changes): Here's an example of a working configuration when listening at
the root / and using ssl.
location ~ ^/(.*)/_changes {
proxy_pass http://couchdb_node;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
location / {
proxy_pass http://couchdb_node;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
Post by Jan Lehnardt
Hi Max,
this is more an nginx than a CouchDB question, but
https://serverfault.com/questions/459369/disabling-
url-decoding-in-nginx-proxy#463932 suggests that if you use proxy_pass
without a uri (not even a slash), that things should work.
Can you verify you’re using `proxy_pass http://localhost:5984;` and not
e.g. `proxy_pass http://localhost:5984/;`. If you are, you should open a
ticket with the nginx team.
Best
Jan
--
Post by max
Hi,
To make CouchDB listen as sub directory, doc says (
https://cwiki.apache.org/confluence/display/COUCHDB/Nginx+as+a+proxy)
to
Post by Jan Lehnardt
Post by max
location /couchdb {
rewrite /couchdb/(.*) /$1 break;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
But this cannot be used for attachment with special character such as
+,
Post by Jan Lehnardt
Post by max
-, ,
For those CouchDB will send back: "{"error":"not_found","reason"
:"Document
Post by max
is missing attachment"}"
location /couchdb/ {
rewrite ^ $request_uri;
rewrite ^/ couchdb /(.*) $1 break;
return 400;
proxy_pass http://127.0.0.1:5984/$uri;
}
But doing so I cannot access CouchDB root (http://127.0.0.1/couchdb)
since
Post by max
it will result in Nginx 500 error (zero length URI).
Do you know a better Nginx configuration?
Thanks,
Max
--
https://neighbourhood.ie/couchdb-support/
Renato
2018-03-12 12:22:29 UTC
Permalink
Hi Max,

I use couch (2.1) in a sub dir via nginx as a proxy with the suggested conf you mentioned in your first email. The only difference is that I turn off buffering at the same level instead of filtering for “_changes” (I may change that). I have attachments with “-“ , “_” and “ “ just not with “+”.
I tried adding a doc with a “+” and uploaded it via Fauxton. The “+“ in the name is converted to a space (“ “) in the attachment listing of the respective couch doc. If I try to retrieve the attachment directly, I can either use a “%20” where the space is or also “+”. So it seems that the “+” is reserved as a substitute for a space character and works but maybe not as expected. The other chars should work as expected.

This is what works for me:

location /couchdb {
rewrite /couchdb/(.*) /$1 break;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Renato
Post by max
Thanks for your answers.
@Jan
I already tried this and it cannot be used since the sub directory part
remains in the URI. To be able to use it without the trailing '/' I would
need to tell CouchDB to listen on "127.0.0.1:5984/couchdb" and (I think) I
cannot.
You are right "this is more an nginx than a CouchDB question" but CouchDB
2.0 doc contains this "Reverse proxy for a sub directory" part that seems
not correct, that's why I was hopping help from CouchDB users :).
@Sinan
You are completely right but only with '/' and actually this was exactly my
configuration when I did not need sub directories but now I do.
Post by Jan Lehnardt
Hi Max,
Sorry for not being able to answer your actual question, I still want to
draw your attention to the need for further nginx location needs (i.e.
_changes): Here's an example of a working configuration when listening at
the root / and using ssl.
location ~ ^/(.*)/_changes {
proxy_pass http://couchdb_node;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
location / {
proxy_pass http://couchdb_node;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
Post by Jan Lehnardt
Hi Max,
this is more an nginx than a CouchDB question, but
https://serverfault.com/questions/459369/disabling-
url-decoding-in-nginx-proxy#463932 suggests that if you use proxy_pass
without a uri (not even a slash), that things should work.
Can you verify you’re using `proxy_pass http://localhost:5984;` and not
e.g. `proxy_pass http://localhost:5984/;`. If you are, you should open a
ticket with the nginx team.
Best
Jan
--
Post by max
Hi,
To make CouchDB listen as sub directory, doc says (
https://cwiki.apache.org/confluence/display/COUCHDB/Nginx+as+a+proxy)
to
Post by Jan Lehnardt
Post by max
location /couchdb {
rewrite /couchdb/(.*) /$1 break;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
But this cannot be used for attachment with special character such as
+,
Post by Jan Lehnardt
Post by max
-, ,
For those CouchDB will send back: "{"error":"not_found","reason"
:"Document
Post by max
is missing attachment"}"
location /couchdb/ {
rewrite ^ $request_uri;
rewrite ^/ couchdb /(.*) $1 break;
return 400;
proxy_pass http://127.0.0.1:5984/$uri;
}
But doing so I cannot access CouchDB root (http://127.0.0.1/couchdb)
since
Post by max
it will result in Nginx 500 error (zero length URI).
Do you know a better Nginx configuration?
Thanks,
Max
--
https://neighbourhood.ie/couchdb-support/
max
2018-03-12 12:45:09 UTC
Permalink
Indeed in some cases, simple space or '-' works in attachment name, but '+'
in attachment name surround with space ' + ' always result in missing
attachement with ou without buffering. I also noticed some URI escape
replace space by + and not %20 but I cannot guess which one clients will
use (browser, Android, iOS, .NET etc). As long as CouchDB can have ' + ' in
attachment name I have to correctly configure my reverse proxy to allow
it...

Max
Post by Jan Lehnardt
Hi Max,
I use couch (2.1) in a sub dir via nginx as a proxy with the suggested
conf you mentioned in your first email. The only difference is that I turn
off buffering at the same level instead of filtering for “_changes” (I may
change that). I have attachments with “-“ , “_” and “ “ just not with “+”.
I tried adding a doc with a “+” and uploaded it via Fauxton. The “+“ in
the name is converted to a space (“ “) in the attachment listing of the
respective couch doc. If I try to retrieve the attachment directly, I can
either use a “%20” where the space is or also “+”. So it seems that the “+”
is reserved as a substitute for a space character and works but maybe not
as expected. The other chars should work as expected.
location /couchdb {
rewrite /couchdb/(.*) /$1 break;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Renato
Post by max
Thanks for your answers.
@Jan
I already tried this and it cannot be used since the sub directory part
remains in the URI. To be able to use it without the trailing '/' I would
need to tell CouchDB to listen on "127.0.0.1:5984/couchdb" and (I
think) I
Post by max
cannot.
You are right "this is more an nginx than a CouchDB question" but CouchDB
2.0 doc contains this "Reverse proxy for a sub directory" part that seems
not correct, that's why I was hopping help from CouchDB users :).
@Sinan
You are completely right but only with '/' and actually this was exactly
my
Post by max
configuration when I did not need sub directories but now I do.
Post by Jan Lehnardt
Hi Max,
Sorry for not being able to answer your actual question, I still want to
draw your attention to the need for further nginx location needs (i.e.
_changes): Here's an example of a working configuration when listening
at
Post by max
Post by Jan Lehnardt
the root / and using ssl.
location ~ ^/(.*)/_changes {
proxy_pass http://couchdb_node;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
location / {
proxy_pass http://couchdb_node;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
Post by Jan Lehnardt
Hi Max,
this is more an nginx than a CouchDB question, but
https://serverfault.com/questions/459369/disabling-
url-decoding-in-nginx-proxy#463932 suggests that if you use proxy_pass
without a uri (not even a slash), that things should work.
Can you verify you’re using `proxy_pass http://localhost:5984;` and
not
Post by max
Post by Jan Lehnardt
Post by Jan Lehnardt
e.g. `proxy_pass http://localhost:5984/;`. If you are, you should
open a
Post by max
Post by Jan Lehnardt
Post by Jan Lehnardt
ticket with the nginx team.
Best
Jan
--
Post by max
Hi,
To make CouchDB listen as sub directory, doc says (
https://cwiki.apache.org/confluence/display/COUCHDB/Nginx+as+a+proxy)
to
Post by Jan Lehnardt
Post by max
location /couchdb {
rewrite /couchdb/(.*) /$1 break;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
But this cannot be used for attachment with special character such as
+,
Post by Jan Lehnardt
Post by max
-, ,
For those CouchDB will send back: "{"error":"not_found","reason"
:"Document
Post by max
is missing attachment"}"
location /couchdb/ {
rewrite ^ $request_uri;
rewrite ^/ couchdb /(.*) $1 break;
return 400;
proxy_pass http://127.0.0.1:5984/$uri;
}
But doing so I cannot access CouchDB root (http://127.0.0.1/couchdb)
since
Post by max
it will result in Nginx 500 error (zero length URI).
Do you know a better Nginx configuration?
Thanks,
Max
--
https://neighbourhood.ie/couchdb-support/
Loading...