[MapProxy] Changing MapProxy's baseurl
Wee Sritippho
wee.s at forest.go.th
Wed Mar 27 20:58:57 PDT 2024
Hello,
I'm hoping to understand how to configure MapProxy's base URL,
specifically to change it from "/" to "/proxy/".
Currently, I'm using nginx as a reverse proxy, with a configuration that
proxies requests from "tile.example.com/proxy" to MapProxy. However, my
services are generating URLs with "tile.example.com" as the base URL,
resulting in incorrect paths like
"tile.example.com/tms/1.0.0/mylayer/GLOBAL_MERCATOR".
I've searched through the documentation but haven't been able to find
settings related to adjusting the base URL. Has anyone had experience
with this or could provide guidance?
Here's my Nginx configuration for reference:
location ~* "^/proxy(/|$)(.*)" {
set $namespace "map";
set $ingress_name "mapproxy-ingress";
set $service_name "mapproxy";
set $service_port "8080";
set $location_path
"/proxy(/|${literal_dollar})(.*)";
set $global_rate_limit_exceeding n;
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = true,
force_no_ssl_redirect = false,
preserve_trailing_slash = false,
use_port_in_redirects = false,
global_throttle = { namespace =
"", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } },
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and
`satisfy any` directives as satisfy any
# will always succeed when there's
`access_by_lua_block` that does not have any lua code doing
`ngx.exit(ngx.DECLINED)`
# other authentication method such as basic
auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
plugins.run()
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
port_in_redirect off;
set $balancer_ewma_score -1;
set $proxy_upstream_name "map-mapproxy-8080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
client_max_body_size 1m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the
backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection
$connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto
$pass_access_scheme;
proxy_set_header X-Forwarded-Scheme
$pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For
$http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
#
https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 4k;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream
server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
rewrite "(?i)/proxy(/|$)(.*)" /$2 break;
proxy_set_header X-Forwarded-Prefix "/proxy";
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
Thank you in advance for any assistance!
--
Wee Sritippho
Thai Royal Forest Department
Tel: +6625614292 ext. 5621
More information about the MapProxy
mailing list