How to configure nginx, to make public proxy for safe web?

I want to configure reverse proxy with nginx, to be able to tunel requests from xxx.localhost:80 to xxx.safenet launcher.

Right now I have something like

server {
listen 80;
server_name ~^(?\w+).localhost$ ;
location / {
proxy_pass http://localhost:8101;
proxy_set_header Host $subdomain.safenet;
proxy_set_header Referer http://$subdomain.safenet/;

But it keeps saying: “Only ‘.safenet’ pages can be accessed”. How should I configure it, to be able to browse safenet pages via regular domain on regular browser using nginx reverse proxy.

PS: $subdomain variable is filled correctly, but this forum text editor removed it, since the part of regex code looks like regular html tag

1 Like

Hello @Username1 and welcome to the forum,

I am not sure what you are trying to achieve is actually possible. Or, the maybe I understand it the other way around. Let’s start from this:

Who is “it”? I suspect the browser? Then this is where the problem lies. See, a reverse proxy hides the source of the content and pretend it was its own. So by accessing “test.localhost” you might be served the content from “test.safenet” but your reverse proxy pretends it is served “test.localhost”.

The domain-sandboxing however happens on the level of the browser, which will check the CSP headers (more information here) against the domain it is visting. And it sees that “test.locahost” is only allowed to reference to itself and other “*.safenet” domains. So if anything in there tries to connect to (for e.g.) “api.locahost” that is a clear violation of that CSP and the browser will – rightfully – complain.

Long story short, I don’t think it is possible to achieve what you want to achieve with a reverse-proxy along. You could try overwrite the response CSP headers, but I think that is a bad idea – always. And I am not sure this is even possible with nginx.

1 Like

I don’t think anyone has configured such a thing yet, but I did ponder customising the nginx docker container to do just this. You could then just throw up the container and point it to another with the safe net proxy on it.

You could also take it a step further and allow access to the API in the same way too. However, authorising the connection needs to be done from the launcher UI currently, which is not useful for embedded/appliance software.

You can change the host header in nginx, which would probably get around any of the CORS issues. Nginx gives you a lot of control as a reverse proxy.

of course it is possible. Nginx can replace almost everything. It is easy to replace headers, content of all the incoming and outgoing traffic. So it should be easy to configure nginx to work as public proxy on old internet to serve all websites from maidsafe. The problem is, that I do not know what to configure, since I do not know, what is maidsafe launcher web server checking, on request headers, when my requests are denied be 403 error with response message “Only ‘.safenet’ pages can be accessed”. If someone gives me that iinformation, I will configure it instantly.