"Connection Refused" with nginx as reverse proxy

Server NGINX
1

I have set up nginx as a reverse proxy with this configuration

worker_processes 1;

pid /run/nginx.pid;

events {

worker_connections 4096;

}

http {

include /etc/nginx/default.d/proxy.conf;

default_type application/octet-stream;

sendfile on;

tcp_nopush on;

server_names_hash_bucket_size 128;

server {

listen       127.107.138.162:8080;

server_name _;


access_log /var/log/nginx/access.log;

error_log /var/log/nginx/error.log;


access_log on;


# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;


location / {

  proxy_pass      http://127.0.0.1:8080;

}


location /rhesos-server {

    proxy_pass

http://10.154.181.43:8080/rhesos-server/rhesos/api/v1/ping;

}


location /rhesos {

    proxy_pass

http://10.154.181.43:8080/rhesos-server/rhesos/api/v1/ping;

}

}

}

However, when I use the curl command to send a request using the proxy
like this, I see a “Connection Refused”

curl -v -x ‘http://<username>:<password>@128.107.138.162:8080
http://10.154.181.43:8080/rhesos-server/rhesos/api/v1/ping

  • About to connect() to proxy 128.107.138.162 port 8080 (#0)

  • Trying 128.107.138.162…

  • Adding handle: conn: 0x7f99a980aa00

  • Adding handle: send: 0

  • Adding handle: recv: 0

  • Curl_addHandleToPipeline: length: 1

    • Conn 0 (0x7f99a980aa00) send_pipe: 1, recv_pipe: 0

  • Failed connect to 10.154.181.43:8080; Connection refused

  • Closing connection 0

curl: (7) Failed connect to 10.154.181.43:8080; Connection refused

Whereas when I try this without the proxy, it succeeds …

curl -v http://10.154.181.43:8080/rhesos-server/rhesos/api/v1/ping

  • About to connect() to 10.154.181.43 port 8080 (#0)

  • Trying 10.154.181.43…

  • Adding handle: conn: 0x7fa3da003a00

  • Adding handle: send: 0

  • Adding handle: recv: 0

  • Curl_addHandleToPipeline: length: 1

    • Conn 0 (0x7fa3da003a00) send_pipe: 1, recv_pipe: 0

  • Connected to 10.154.181.43 (10.154.181.43) port 8080 (#0)

GET /rhesos-server/rhesos/api/v1/ping HTTP/1.1

User-Agent: curl/7.30.0

Host: 10.154.181.43:8080

Accept: /

< HTTP/1.1 200 OK

  • Server Apache-Coyote/1.1 is not blacklisted

< Server: Apache-Coyote/1.1

< Cache-Control: no-cache

< Content-Type: application/json;charset=UTF-8

< Transfer-Encoding: chunked

< Date: Sat, 30 Jan 2016 00:59:28 GMT

<

  • Connection #0 to host 10.154.181.43 left intact

{“serviceName”:“Rhesos”,“serviceType”:“REQUIRED”,“serviceState”:“online”,“message”:“Healthy”,“lastUpdated”:“2016-01-30T00:59:28.571Z”,“upstreamServices”:[{“serviceName”:“CommonIdentityScim”,“serviceType”:“REQUIRED”,“serviceState”:“online”,“message”:“CommonIdentityScim
is
healthy”,“lastUpdated”:“2016-01-30T00:59:20.641Z”,“upstreamServices”:[],“baseUrl”:“https://identity.webex.com”}

Can someone tell what is wrong in my configuration?

Thanks,

Radha.

2

Francis,

Thank you for pointing out the discrepency in the ip address. I have
fixed
that and the netstat out looks like this

netstat -anp | grep 8080
tcp 0 0 128.107.138.162:8080 0.0.0.0:*
LISTEN

And I issued the curl command like this, but I still see this error

curl -v http://128.107.138.162:8080/rhesos-server/rhesos/api/v1/ping

  • About to connect() to 128.107.138.162 port 8080 (#0)
  • Trying 128.107.138.162…
  • Adding handle: conn: 0x7ffb9c003a00
  • Adding handle: send: 0
  • Adding handle: recv: 0
  • Curl_addHandleToPipeline: length: 1
    • Conn 0 (0x7ffb9c003a00) send_pipe: 1, recv_pipe: 0
  • Failed connect to 128.107.138.162:8080; Connection refused
  • Closing connection 0
    curl: (7) Failed connect to 128.107.138.162:8080; Connection refused

Also, my curl command with the proxy set in the command is trying to
simulate how the real request is going to come in to the server.

Thanks,
Radha.

3

On Mon, Feb 01, 2016 at 04:24:20PM +0000, Radha Venkatesh (radvenka)
wrote:

Hi there,

    • Conn 0 (0x7ffb9c003a00) send_pipe: 1, recv_pipe: 0
  • Failed connect to 128.107.138.162:8080; Connection refused
  • Closing connection 0
    curl: (7) Failed connect to 128.107.138.162:8080; Connection refused

If the connection attempt gets to nginx, the nginx logs can show
something
about it.

But it looks to me like your security system is preventing the request
getting to nginx in the first place. Check your firewall or other
network
control logs to see what is happening.

Also, my curl command with the proxy set in the command is trying to
simulate how the real request is going to come in to the server.

nginx is not a proxy. So no request that comes to the server will
involve
“curl -x” with the nginx host:port. As far as any client is concerned,
nginx is a web server.

Good luck with it,

f

Francis D. [email protected]

4

On Mon, Feb 01, 2016 at 01:00:04AM +0000, Radha Venkatesh (radvenka)
wrote:

Hi there,

server {
listen 127.107.138.162:8080;

However, when I use the curl command to send a request using the proxy like
this, I see a “Connection Refused”

curl -v -x ‘http://<username>:<password>@128.107.138.162:8080
http://10.154.181.43:8080/rhesos-server/rhesos/api/v1/ping

Two things there:

  • the “listen” address and the “curl -x” address are not the same.
  • nginx is not a proxy

Just make your curl request as normal to the nginx server.

Can someone tell what is wrong in my configuration?

Possibly nothing.

f

Francis D. [email protected]