Help with an nginx reverse proxy to Netlify

Hey folks. Been using fly for a while and having a blast!

Recently moved a reverse proxy from cloudflare workers to nginx on fly and ran into some issues. I’ll share a cut down version of my file and then explain the issues.

Basically, I want traffic visiting / (and a few other routes) to be proxied to a Gatsby site hosted on Netlify and everything else to go to a rails app.

All of this is working fine except the home page, so I’ve cut out the working routed from the nginx config file below.

server {
  listen 8080;
  listen [::]:8080;

  server_name niice.co;

  client_max_body_size 40M;
  port_in_redirect off;

  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-For $remote_addr;
  proxy_set_header X-Real-IP $remote_addr;

  # We want niice.co traffic to hit our static website
  location = / {
    proxy_pass https://niice-blog.netlify.app;
  }

  # We want all other traffic not caught above to be sent to our rails app
  location / {
    proxy_pass https://niice-co-bww8o.ondigitalocean.app;
  }

It mostly seems to work, but our uptime monitor shows the homepage as being down. It also doesn’t seem to auto redirect to https unless the browser has already been to that page before. At this point I’ve no idea what is actually working or if my browser has cached the working page and redirecting me to the https version.

If I’ve done a terrible job of explaining this I’m happy to answer any questions!

1 Like

Easy thing first – you’ll be happier handling the http → https redirect in nginx. Here’s how we do it in our example: nginx/nginx.conf at master · fly-apps/nginx · GitHub

Does your uptime monitor give you any more details on what’s failing?

This is a shot in the dark, but you might try changing your config to this:

  # We want niice.co traffic to hit our static website
  location = / {
    set $backend "https://niice-blog.netlify.app";
    proxy_pass $backend;

    proxy_set_header        Host                    "niice-blog.netlify.app";
    proxy_set_header        Connection              "";
    proxy_set_header        X-Forwarded-Host        $http_host;
  }

This is doing a couple of things:

  1. Forces NGINX to resolve niice-blog.netlify.app like it’s supposed to. When you hardcode an upstream, it resolves the hostname at startup time and then never again.
  2. Sets the host header to what Netlify expects

Try that out and see if it works better?

1 Like

You’re a wizard! Our uptime monitor is once again green and it seems to auto redirect to https!

As mentioned, I have several other location directives like the one below.

location ~ ^/integrations {
  proxy_pass https://niice-blog.netlify.app;
}

Any idea why I’ve not been seeing the same issues with them? Also, is it worth making the same changes to them ie storing the url as a variable etc?

It’s definitely worth doing it the same way. I have a feeling you’re just getting lucky with the other locations, but it’s hard to tell. I get many different IPs when I resolve that hostname:

dig a niice-blog.netlify.app +short

Ahh that makes a lot of sense! Thanks for the help, Kurt!