Working through reverse proxy

[Zombieboy]

Greetings,

I have a couple of ZM servers in my internal network (both 1.34 and 1.36) and I'm trying to set a unified external access to them through a single ngnix-served entry point that would do all the SSL-ing, multiplexing and so on. What I'm looking to achieve is an external URL of https://external.server.com/zm-1 to be proxied to http://zm-1.internal.lan/zm and https://external.server.com/zm-2 to http://zm-2.internal.lan/zm.

I've managed to get some partial success but still struggling with a couple of problems. What I did so far was:

1) configure a location in nginx for both internal servers as follows:

Code: Select all

location ^~ /zm-1/ {
    proxy_pass http://zm1-.internal.lan/zm/;
    add_header 'Access-Control-Allow-Origin' '*';                  
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    proxy_http_version    1.1;                  
    proxy_redirect off;                         
    proxy_set_header      Host $host;                                 
    proxy_set_header      X-Real-IP            $remote_addr;          
    proxy_set_header      X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header      X-NginX-Proxy    true;

}

location ^~ /zm-2/ {
    proxy_pass http://zm2-.internal.lan/zm/;
    add_header 'Access-Control-Allow-Origin' '*';                  
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    proxy_http_version    1.1;                  
    proxy_redirect off;                         
    proxy_set_header      Host $host;                                 
    proxy_set_header      X-Real-IP            $remote_addr;          
    proxy_set_header      X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header      X-NginX-Proxy    true;
}

That got me to the login screen and the list of monitors, but online monitor viewing wasn't working. Looking at the network traffic I found out that something in the ZM's code was generating absolute URIs (starting from "/zm/..."). I changed ZM setting in /etc/zm/conf.d/01-system-paths.conf:

Code: Select all

# ZoneMinder url path to the zms streaming server
#ZM_PATH_ZMS=/zm/cgi-bin/nph-zms
ZM_PATH_ZMS=cgi-bin/nph-zms

This got the online monitors viewing working but I still can't view event lists and details. Further investigation of the network traffic shows that there's still plenty of absolute URIs in the ZM's replies....

Is there any way to make ZM work properly through a reverse proxy without changing the php code or writing custom rewrite rules for links in html on the reverse proxy?

[Maximo1970]

This is what I've used previously. Hopefully this will help you along a ittle.

Code: Select all

server {

        access_log /var/log/nginx/zoneminder.access.log;
        error_log /var/log/nginx/zoneminder.error.log;

        listen 80;
        server_name FQDN HERE;

        location / {
                add_header Last-Modified $date_gmt;
                add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
                if_modified_since off;
                expires 60;
                etag off;
                proxy_pass                              http://HOSTNAME HERE;
                proxy_set_header Host                   $http_host;
                proxy_set_header X-Real-IP              $remote_addr;
                proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto      $scheme;
                proxy_set_header X-Forwarded-Port       $server_port;

        }

        location /zm/cgi-bin {
                auth_basic off;
                alias /usr/libexec/zoneminder/cgi-bin;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $request_filename;
                fastcgi_param HTTP_PROXY "";
                fastcgi_pass unix:/var/run/fcgiwrap.socket;
        }

        location ~ /zm/api/(css|img|ico) {
                auth_basic off;
                rewrite ^/zm/api(.+)$ /api/app/webroot/$1 break;
                try_files $uri $uri/ =404;
        }

}

[Adishtayn]

Hi, sorry to bump a thread. You’ve done great work so far. One trick that helped me: rewrite the HTML on-the-fly in nginx to prefix all /zm/ paths with your upstream location (/zm-1/ or /zm-2/). Use sub_filter and enable proxy_set_header Accept-Encoding "" so nginx can rewrite links in the response. If you're routing traffic through proxies, these https://lightningproxies.net/products/ipv6-proxies work well for me in similar setups.