How can devtron be reverse proxied directly through the host machine's nginx?

[EITSxiaozhai]

Reason:

I deployed the Devtron service on a Kubernetes host, where it runs successfully. I then used MetalLB to directly map the service to a host machine, and the service is pingable.

root@JPsb:/etc/nginx/sites-enabled# kubectl get svc -A
NAMESPACE        NAME                                               TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
default          kubernetes                                         ClusterIP      10.96.0.1        <none>           443/TCP                      13h
devtroncd        argocd-dex-server                                  ClusterIP      10.98.222.177    <none>           5556/TCP,5557/TCP,5558/TCP   13h
devtroncd        argocd-redis                                       ClusterIP      10.111.38.74     <none>           6379/TCP                     13h
devtroncd        argocd-repo-server                                 ClusterIP      10.98.252.114    <none>           8081/TCP                     13h
devtroncd        argocd-server                                      ClusterIP      10.107.221.251   <none>           80/TCP,443/TCP               13h
devtroncd        dashboard-service                                  LoadBalancer   10.102.107.135   172.25.0.2       80:32450/TCP                 13h
devtroncd        devtron-service                                    LoadBalancer   10.96.10.29      172.25.0.1       80:31084/TCP                 13h
devtroncd        kubelink-service-headless                          ClusterIP      None             <none>           50051/TCP                    13h
devtroncd        postgresql-postgresql                              ExternalName   <none>           149.104.26.111   <none>                       13h
ingress-nginx    nginx-ingress-ingress-nginx-controller             LoadBalancer   10.101.217.79    172.25.0.3       80:30638/TCP,443:30471/TCP   66m
ingress-nginx    nginx-ingress-ingress-nginx-controller-admission   ClusterIP      10.97.123.238    <none>           443/TCP                      66m
kube-system      cilium-envoy                                       ClusterIP      None             <none>           9964/TCP                     13h
kube-system      hubble-peer                                        ClusterIP      10.100.213.113   <none>           443/TCP                      13h
kube-system      kube-dns                                           ClusterIP      10.96.0.10       <none>           53/UDP,53/TCP,9153/TCP       13h
metallb-system   metallb-webhook-service                            ClusterIP      10.97.136.159    <none>           443/TCP                      13h

However, the issue I'm currently facing is that after the frontend sends requests to Nginx, the requested paths may be incorrect. I'm unsure which backend path I should modify.

root@JPsb:/etc/nginx/sites-enabled# curl http://172.25.0.1/health
{"code":200,"result":"OK"}root@JPsb:/etc/nginx/sites-enabled# 

The service is also operating normally.
Below is my Nginx service configuration with some information removed. Only the location directives are retained.

{
 # 静态资源处理
    location ~* ^/dashboard/.*\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        add_header Cache-Control "public, max-age=31536000, immutable";
        proxy_pass http://172.25.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        expires 1y;
    }

    # Dashboard 路径 - 修复路径处理
    location /dashboard/ {
        proxy_pass http://172.25.0.2/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 禁用缓存
        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        add_header Pragma "no-cache" always;
        add_header Expires "0" always;
    }

    # 修复 Orchestrator 路径处理
    location /orchestrator {
        proxy_pass http://172.25.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 确保传递原始URI
        proxy_set_header X-Original-URI $request_uri;
    }

    # 修复 API 路径处理
    location /api {
        proxy_pass http://172.25.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # API禁用缓存
        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        add_header Pragma "no-cache" always;
        add_header Expires "0" always;
    }

    # 启用 WebSocket 支持
    location /ws/ {
        proxy_pass http://172.25.0.1/ws/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        proxy_read_timeout 86400;
        proxy_send_timeout 86400;
        proxy_connect_timeout 86400;
    }

    # 健康检查
    location /health {
        access_log off;
        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        proxy_pass http://172.25.0.1:80;
        proxy_set_header Host $host;
    }

    # 日志配置
    error_log /var/log/nginx/devtron_error.log;
    access_log /var/log/nginx/devtron_access.log;
}

Question

1.When I use the configuration above, Nginx returns a GET https://xxx.com/autocomplete 404 (Not Found) error.
2.Why is this path being rewritten to this path?
3.How can I fix this Nginx configuration file?

[prakarsh-dt]

Hi @EITSxiaozhai,

Please try routing all the requests to http://172.25.0.1 (strip trailing / ) including the /dashboard one.
Devtron internally manages the routing to /dashboard

[EITSxiaozhai]

你好@EITSxiaozhai，

请尝试将所有请求路由至http://172.25.0.1（去掉尾随的 / ），包括 /dashboard 请求。Devtron 内部管理至 /dashboard 的路由

Thank you very much for your response. I've modified the Nginx reverse proxy code as you suggested. However, this has introduced a new issue.

{
    location = / {
        return 302 /dashboard;
    }

    # 静态资源处理
    location ~* ^/dashboard/.*\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        add_header Cache-Control "public, max-age=31536000, immutable";
        proxy_pass http://172.25.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        expires 1y;
    }

    # Dashboard 路径 - 修复路径处理
    location /dashboard {
        proxy_pass http://172.25.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 禁用缓存
        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        add_header Pragma "no-cache" always;
        add_header Expires "0" always;
    }

    # 修复 Orchestrator 路径处理
    location /orchestrator {
        proxy_pass http://172.25.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 确保传递原始URI
        proxy_set_header X-Original-URI $request_uri;
    }

    # 修复 API 路径处理
    location /api {
        proxy_pass http://172.25.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # API禁用缓存
        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        add_header Pragma "no-cache" always;
        add_header Expires "0" always;
    }

    # 启用 WebSocket 支持
    location /ws/ {
        proxy_pass http://172.25.0.1/ws/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        proxy_read_timeout 86400;
        proxy_send_timeout 86400;
        proxy_connect_timeout 86400;
    }

    # 健康检查
    location /health {
        access_log off;
        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        proxy_pass http://172.25.0.1:80;
        proxy_set_header Host $host;
    }

    # 日志配置
    error_log /var/log/nginx/devtron_error.log;
    access_log /var/log/nginx/devtron_access.log;
}

I changed all addresses to 172.25.0.1, and Nginx reported another missing file.

https://xxxx/orchestrator/app/autocomplete? 404 (Not Found)

[systemsdt]

Hi @EITSxiaozhai, you must be a member of the organization 'devtron-labs' to add or remove labels.

[EITSxiaozhai]

Hi @EITSxiaozhai, you must be a member of the organization 'devtron-labs' to add or remove labels.

Okay. I will remove the tag.

[systemsdt]

Hi @EITSxiaozhai, you must be a member of the organization 'devtron-labs' to add or remove labels.