Support Forums

Trying to set up a nginx reverse proxy fails

Hey there,

Adding my netlify site fundbox-prod.netlify.com as a reverse proxy upstream fails in nginx.
Nginx logs show

2019/10/28 18:00:34 [error] 8560#8560: *105 connect() to [2604:a880:2:d0::21e9:c001]:443 failed (101: Network is unreachable) while connecting to upstream, client:, server: local.fbx.im, request: "GET / HTTP/1.1", upstream: "https://[2604:a880:2:d0::21e9:c001]:443/", host: "local.fbx.im"

Which makes sense.
We have multiple testing environments and they all have different subdomains but all of them are on .fbx.im domain.

We would like to show the netlify site on all of them with reverse proxying with nginx like so:

proxy_pass https://fundbox-prod.netlify.com/

Can this be done somehow in Netlify?

P.S - I cannot move the domain into Netlify due to internal reasons

Replying to myself here, it looked to be a config issue, I should have omitted the / in the end of this.
This now works.

Very glad to hear you found something that works for you!

Just as a heads up, I need to point out that we provide no tech support for being proxy’d to. Our CDN is designed to be the proxy to your backend, rather than vice versa. You are welcome to do it your way, but we won’t be able to help you in case it doesn’t work.

Do be aware that nginx in particular has in our experience shown a tendency to connect to a single CDN node (rather than leveraging our geographic routing via DNS to choose from an appropriate pool of nodes that are up and running at this particular moment), and then holds that connection (or at least the answer to the DNS lookup) in memory, and that will lead to downtime, since we regularly rotate our CDN nodes (e.g. during deployment of updates, end of life, moving traffic patterns). We do not provide any announcement when we do this.

So, this is a bad pattern to rely on for production.

@fool thank you so much for commenting on this!
I appreciate the response.

I will start thinking about doing a architecture redesign to point my domain directly to Netlify and then doing the proxying it rather than this way.

Just to be clear - we’re not trying to lock you in. Perhaps you can have two sites? www.you.com and blog.you.com or cart.you.com - anyway, separating the concerns.

But indeed, our intention if it must be “one hostname two services” is to proxy to you: https://docs.netlify.com/routing/redirects/rewrites-proxies/#proxy-to-another-service