NGINX proxy_pass to defined upstream instead of https url directly-CodePudding

I have an nginx config that looks similar to this (simplified):

http {
    server {
        listen 80 default_server;

        location /api {
            proxy_pass https://my-bff.azurewebsites.net;
            proxy_ssl_server_name on;
        }
    }
}

Essentially, I have a reverse proxy to an API endpoint that uses https.

Now, I would like to convert this to an upstream group to gain access to keepalive and other features. So I tried this:

http {
    upstream bff-app {
        server my-bff.azurewebsites.net:443;
    }

    server {
        listen 80 default_server;


        location /api {
            proxy_pass https:/bff-app;
            proxy_ssl_server_name on;
        }
    }
}

Yet it doesn't work. Clearly I'm missing something.

In summary, how do I correctly do this "conversion" i.e. from url to defined upstream?

I have tried switching between http instead of https in the proxy_pass directive, but that didn't work either.

I was honestly expecting this to be a simple replacement. One upstream for another, but I'm doing something wrong it seems.

CodePudding user response：

Richard Smith pointed me in the right direction.

Essentially, the issue was that the host header was being set to "bff-app" instead of "my-bff.azurewebsites.net" and this caused the remote server to close the connection.

Fixed by specifying header manually like below:

http {
    upstream bff-app {
        server my-bff.azurewebsites.net:443;
    }

    server {
        listen 80 default_server;

        location /api {
            proxy_pass https:/bff-app;
            proxy_ssl_server_name on;
            # Manually set Host header to "my-bff.azurewebsites.net",
            # otherwise it will default to "bff-app".
            proxy_set_header Host my-bff.azurewebsites.net; 
        }
    }
}