nginx proxy pass subpaths not redirected

Question

I have the following nginx config:

    location /mail {
           rewrite           ^/mail/(.*) /$1 break;
           proxy_pass https://roundcube-host;
           proxy_connect_timeout 1;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $http_host;
           proxy_set_header X-Forwarded-Proto https;
    }

with:

    upstream roundcube-host {
          server roundcube-ip-address:443;
    }

So, I would like to redirect all requests from /mail to a backend roundcube server.

But, only the request which matches /mail is redirected. So, /mail/plugins, etc... are not redirected which means I don't have any CSS or JS, etc. as nginx is trying to find them locally.

How can I have all the paths correctly redirected?

Here is my complete nginx config. The frontend is owncloud.

upstream phpcgi {
    fair;
    server 127.0.0.1:9000;
    server 127.0.0.1:9001;
    keepalive 5;
}

upstream roundcube-host {
    server roundcube-ip-address:443;
}

server {
    listen 443 ssl;
    #server_name cloud.example.com;

    ssl_certificate /etc/ssl/certs/owncloud.crt;
    ssl_certificate_key /etc/ssl/private/owncloud.key;

    access_log /var/log/nginx/data_access.log;
    error_log /var/log/nginx/data_error.log info;

    # Path to the root of your installation
    root /var/www/;

    client_max_body_size 10G; # set max upload size
    fastcgi_buffers 64 4K;

    rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
    rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
    rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

    index index.php;
    error_page 403 = /core/templates/403.php;
    error_page 404 = /core/templates/404.php;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
            deny all;
    }

    location / {
            # The following 2 rules are only needed with webfinger
            rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
            rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

            rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
            rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

            rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

            try_files $uri $uri/ index.php;
    }

    location ~ ^(.+?\.php)(/.*)?$ {
            try_files $1 = 404;

            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$1;
            fastcgi_param PATH_INFO $2;
            fastcgi_param HTTPS on;
            fastcgi_pass phpcgi;
            # Or use unix-socket with 'fastcgi_pass unix:/var/run/php5-fpm.sock;'
            fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
    }

    # Optional: set long EXPIRES header on static assets
    location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
            expires 30d;
            # Optional: Don't log access to assets
            access_log off;
    }

    # Change the path according to the data directory
    location ~ ^/var/data {
            internal;
            root /;
    }

    location ~ ^/tmp/oc-noclean/.+$ {
            internal;
            root /;
    }

    location ~ ^/mail(.*)$ {
           rewrite           ^/mail/(.*) /$1 break;
           proxy_pass https://roundcube-host;
           proxy_connect_timeout 1;
           proxy_set_header        Host              $http_host;
           proxy_set_header        X-Real-IP         $remote_addr;
           proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
           proxy_set_header        X-Forwarded-Proto $https;
    }
}

Answer 1

References to nginx docs: HttpCoreModule#location, HttpProxyModule#proxy_pass.

There is a better way than using regex (which is slow) for location match. In this case, you could use ^~ to tell nginx to match the given prefix /mail before doing any regex match. You also don't need that rewrite rule because proxy_pass can do that simple rewrite by itself (by adding a trailing slash / in the upstream server url).

My suggestion is to replace

    location ~ ^/mail(.*)$ {
        rewrite           ^/mail/(.*) /$1 break;
        proxy_pass https://roundcube-host;

by

    location ^~ /mail {
        proxy_pass https://roundcube-host/;

Answer 2

try:

location ~ ^/mail(.*)$ {
           rewrite           ^/mail/(.*) /$1 break;
           proxy_pass https://roundcube-host;
           proxy_connect_timeout 1;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $http_host;
           proxy_set_header X-Forwarded-Proto https;
    }

Answer 3

If I change it to the below with the extra / it matches everything beyond mail as well as /mail directly.

location /mail/ {

}

NGINX 1.14.2

Answer 4

I had similar issues and ended up doing this

location ^~ /api/profile {
     include common.conf;
     proxy_pass https://$PROFILE_URL:443/app/api/profile/;
}
location ^~ /api/profile/ {
    include common.conf;
    proxy_pass https://$PROFILE_URL:443/app/api/profile/;
}

I'm not sure if it's faster than a regex :D The thing is that ^~ /api/profile didn't work for me since it didn't include subpaths, and ^~ /api/profile/ did included them but calls to /api/profile did not get a match.

I didn't wanted to start playing around with regex so I just did this. Worked as a charm.