Nginx reverse proxy - .js and .css forbidden












0















My setup: a raspberry pi which is part of 2 separate LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN. (Direct access to the router from outside its LAN is not possible)



So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).



With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file (which are reference inline in the html that gets loaded) I get a 403 error 'forbidden'.



Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.



Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)



NGINX CONFIG:



location / {

  proxy_bind              192.168.1.2;

  include /etc/nginx/mime.types;

  default_type application/octet-stream;

  proxy_pass      http://192.168.1.1/;

}


192.168.1.2 is the address of the pi in the first LAN. 192.168.1.1 is the address of the router (part of the first LAN) I want to access.



Example error I see in the developer console of web browser (this goes for all .js and .css files):



HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it.  GET - http://192.168.2.2/css/main.css


Corresponding line in the access.log of nginx:



"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"


I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the permission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?



Corresponding html line in the source file (seen when using curl directly from the pi):



 <link rel="stylesheet" href="../css/main.css">


I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in management website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy). I also have no idea what the root folder would be (it's a TP-Link MR400).



Some additional information: if I open a webbrowser on the LAN of the router and manually navigate directly to http://192.168.1.1/css/main.css I also get the 403 Forbidden. Navigating to http://192.168.1.1/ however loads the inline stylesheet without any problems. Hope this helps to identify the permission issue?



What am I missing?



Thank you in advance, Wim






nginx reverse-proxy







share|improve this question























  • For people struggling with the same issue: I managed to resolve the issue. The line in the access log kept bugging me since it still said "192.168.2.2" as referer, even when I specified in the configuration that the referer was "192.168.1.2". Just to try, I put proxy_set_header Referer "http://192.168.1.1"; in the configuration, and that fixed everything. It seems really weird that this would solve everything, but it does...

    – Wim
    Dec 29 '18 at 19:23
















0















My setup: a raspberry pi which is part of 2 separate LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN. (Direct access to the router from outside its LAN is not possible)



So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).



With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file (which are reference inline in the html that gets loaded) I get a 403 error 'forbidden'.



Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.



Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)



NGINX CONFIG:



location / {

  proxy_bind              192.168.1.2;

  include /etc/nginx/mime.types;

  default_type application/octet-stream;

  proxy_pass      http://192.168.1.1/;

}


192.168.1.2 is the address of the pi in the first LAN. 192.168.1.1 is the address of the router (part of the first LAN) I want to access.



Example error I see in the developer console of web browser (this goes for all .js and .css files):



HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it.  GET - http://192.168.2.2/css/main.css


Corresponding line in the access.log of nginx:



"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"


I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the permission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?



Corresponding html line in the source file (seen when using curl directly from the pi):



 <link rel="stylesheet" href="../css/main.css">


I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in management website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy). I also have no idea what the root folder would be (it's a TP-Link MR400).



Some additional information: if I open a webbrowser on the LAN of the router and manually navigate directly to http://192.168.1.1/css/main.css I also get the 403 Forbidden. Navigating to http://192.168.1.1/ however loads the inline stylesheet without any problems. Hope this helps to identify the permission issue?



What am I missing?



Thank you in advance, Wim






nginx reverse-proxy







share|improve this question























  • For people struggling with the same issue: I managed to resolve the issue. The line in the access log kept bugging me since it still said "192.168.2.2" as referer, even when I specified in the configuration that the referer was "192.168.1.2". Just to try, I put proxy_set_header Referer "http://192.168.1.1"; in the configuration, and that fixed everything. It seems really weird that this would solve everything, but it does...

    – Wim
    Dec 29 '18 at 19:23














0












0








0








My setup: a raspberry pi which is part of 2 separate LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN. (Direct access to the router from outside its LAN is not possible)



So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).



With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file (which are reference inline in the html that gets loaded) I get a 403 error 'forbidden'.



Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.



Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)



NGINX CONFIG:



location / {

  proxy_bind              192.168.1.2;

  include /etc/nginx/mime.types;

  default_type application/octet-stream;

  proxy_pass      http://192.168.1.1/;

}


192.168.1.2 is the address of the pi in the first LAN. 192.168.1.1 is the address of the router (part of the first LAN) I want to access.



Example error I see in the developer console of web browser (this goes for all .js and .css files):



HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it.  GET - http://192.168.2.2/css/main.css


Corresponding line in the access.log of nginx:



"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"


I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the permission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?



Corresponding html line in the source file (seen when using curl directly from the pi):



 <link rel="stylesheet" href="../css/main.css">


I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in management website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy). I also have no idea what the root folder would be (it's a TP-Link MR400).



Some additional information: if I open a webbrowser on the LAN of the router and manually navigate directly to http://192.168.1.1/css/main.css I also get the 403 Forbidden. Navigating to http://192.168.1.1/ however loads the inline stylesheet without any problems. Hope this helps to identify the permission issue?



What am I missing?



Thank you in advance, Wim






nginx reverse-proxy







share|improve this question














My setup: a raspberry pi which is part of 2 separate LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN. (Direct access to the router from outside its LAN is not possible)



So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).



With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file (which are reference inline in the html that gets loaded) I get a 403 error 'forbidden'.



Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.



Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)



NGINX CONFIG:



location / {

  proxy_bind              192.168.1.2;

  include /etc/nginx/mime.types;

  default_type application/octet-stream;

  proxy_pass      http://192.168.1.1/;

}


192.168.1.2 is the address of the pi in the first LAN. 192.168.1.1 is the address of the router (part of the first LAN) I want to access.



Example error I see in the developer console of web browser (this goes for all .js and .css files):



HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it.  GET - http://192.168.2.2/css/main.css


Corresponding line in the access.log of nginx:



"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"


I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the permission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?



Corresponding html line in the source file (seen when using curl directly from the pi):



 <link rel="stylesheet" href="../css/main.css">


I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in management website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy). I also have no idea what the root folder would be (it's a TP-Link MR400).



Some additional information: if I open a webbrowser on the LAN of the router and manually navigate directly to http://192.168.1.1/css/main.css I also get the 403 Forbidden. Navigating to http://192.168.1.1/ however loads the inline stylesheet without any problems. Hope this helps to identify the permission issue?



What am I missing?



Thank you in advance, Wim






nginx reverse-proxy




nginx reverse-proxy






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 29 '18 at 11:55









WimWim

11




11













  • For people struggling with the same issue: I managed to resolve the issue. The line in the access log kept bugging me since it still said "192.168.2.2" as referer, even when I specified in the configuration that the referer was "192.168.1.2". Just to try, I put proxy_set_header Referer "http://192.168.1.1"; in the configuration, and that fixed everything. It seems really weird that this would solve everything, but it does...

    – Wim
    Dec 29 '18 at 19:23



















  • For people struggling with the same issue: I managed to resolve the issue. The line in the access log kept bugging me since it still said "192.168.2.2" as referer, even when I specified in the configuration that the referer was "192.168.1.2". Just to try, I put proxy_set_header Referer "http://192.168.1.1"; in the configuration, and that fixed everything. It seems really weird that this would solve everything, but it does...

    – Wim
    Dec 29 '18 at 19:23

















For people struggling with the same issue: I managed to resolve the issue. The line in the access log kept bugging me since it still said "192.168.2.2" as referer, even when I specified in the configuration that the referer was "192.168.1.2". Just to try, I put proxy_set_header Referer "http://192.168.1.1"; in the configuration, and that fixed everything. It seems really weird that this would solve everything, but it does...

– Wim
Dec 29 '18 at 19:23





For people struggling with the same issue: I managed to resolve the issue. The line in the access log kept bugging me since it still said "192.168.2.2" as referer, even when I specified in the configuration that the referer was "192.168.1.2". Just to try, I put proxy_set_header Referer "http://192.168.1.1"; in the configuration, and that fixed everything. It seems really weird that this would solve everything, but it does...

– Wim
Dec 29 '18 at 19:23










0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1388717%2fnginx-reverse-proxy-js-and-css-forbidden%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1388717%2fnginx-reverse-proxy-js-and-css-forbidden%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Сан-Квентин

Image
Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но
Read more

Алькесар

Image
Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове
Read more

Josef Freinademetz

Image
San Ujöp (Giuseppe/Josef) Freinademetz Josef Freinademetz in abiti cinesi   Religioso e missionario   Nascita 15 aprile 1852 Morte 28 gennaio 1908 Venerato da Chiesa cattolica Beatificazione 1975 Canonizzazione 5 ottobre 2003 Ricorrenza 28 gennaio Manuale Ujöp Freinademetz noto anche come Giuseppe o Josef Freinademetz (Oies, 15 aprile 1852 – Taikia, 28 gennaio 1908) è stato un presbitero austriaco, membro della Società del Verbo Divino, fu missionario in Cina; è venerato come santo dalla Chiesa cattolica. .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output .citazione-lang{vertical-align:top}.mw-parser-output .citazione-lang td{width:50%}.mw-parser-output .citazione-lang td:first-child{padding:0 0 0 2.4em}.mw-parser-output .citazione-lang td:nth-child(2){padding:0 1.2em} «Io amo la Cina e i cinesi; voglio morire in mezzo a loro, e tra loro
Read more