Simple reverse proxy in docker with nginx gives 404

General
1

Hi!
I’m trying to make a little personal project, but even though I have stripped it down as much as I could, it still wont work.
I have three containers in docker: attacker (kali with nginx), reverse-proxy (alpine with nginx), and victim (alpine).
Attacker(172.17.0.2) hosts a website and I’d like to reach it with the victim(172.17.0.4) through the reverse-proxy(172.17.0.3). I only want the interactions between the containers, nothing outside them.
So far I can get attacker’s website directly by curl http://172.17.0.2:5555 and reverse-proxy’s by curl http://172.17.0.3/ . But when I do curl http://172.17.0.3/merlin I get:

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

For reverse-proxy (172.17.0.3) my /etc/nginx/conf.d/default.conf :

server {
    listen       80;
    listen  [::]:80;
    server_name  proxy;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    location /merlin {
        proxy_pass http://172.17.0.2:5555;
    }
    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

For attacker (172.17.0.2) my /etc/nginx/conf.d/default.conf :

server {
    listen       5555;
    listen  [::]:5555;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }


    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}

Grant Collins on youtube has managed something similar, but I just can’t get it to work.

2

Is there anything in the “Attacker” container at /merlin? My guess is that there isn’t and you expect the proxy container to redirect you to the root directory, but the “Attacker” container will get that path and and wants to give you /merlin which is not there. So you need some regex to redirect to the root directory. Unfortunately I can’t give that regex now, but if you search for “nginx proxy_pass rewrite rule” you can probably find one.

Or just move your application from the root to /merlin :slight_smile: if you can

1 Like
3

Hi, thank you for the reply!
In the attacker container I just have the same basic index.html that out of the box nginx gives.
So far I only wanted to see if I can proxy the request for that html, so no app, no nothing.
When I curl the attacker (http://172.17.0.2/) I get that html, so do I need regex to get the same result just from http://172.17.0.3/merlin ?

4

Yes, yo do. The proxy will pass the whole path, so you need to deal with that.

1 Like
5

So in reality I’m asking for http://172.17.0.2:5555/merlin which doesn’t exist hence the 404? I think I get it, thank you!