Nginx upstream server works with IP address but not with DNS

Question

Sorry for mistakes. I am new with Nginx.

I have my application deployed on docker engine. So I have basically 5 docker images but here 2 are most important:

• 1st backend. (Django DRF application using gunicorn)
• 2nd frontend. (React App on Nginx)

I am upstreaming backend on Nginx so in Nginx.conf file I have 2 locations defined:

1. "/" for frontend
2. "/api" for backend (upstream backend to be able to use it).

I am able to start my containers and they "talk" to each other if I am using IP address in my browser. So backend get requests and give responses.

Now I bought dns and added ssl certificates (LetsEncrypt, but still i have to add exception, but that is a separate question). If I reach my site using DNS frontend works, but backend does not work.

Here is unsuccessful with using DNS.

and successful request using IP address.

Here is my nginx.conf

 user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; # include /etc/nginx/conf.d/*.conf; upstream backend { server api:8000; } server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/ssl/live/site.org/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/site.org/privkey.pem; location /api { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; # # Om nom nom cookies # add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; # # Custom headers and headers various browsers *should* be OK with but aren't # add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; # # Tell client that this pre-flight info is valid for 20 days # add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } # Tried this ipv6=off resolver 1.1.1.1 ipv6=off valid=30s; set $empty ""; proxy_pass http://backend$empty; # proxy_pass http://backend; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_read_timeout 3600; proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 128; proxy_set_header Content-Security-Policy upgrade-insecure-requests; } location / { root /usr/share/nginx/html; index index.html index.htm; try_files $uri $uri/ /index.html; } # location /static/ { # alias /home/app/web/staticfiles/; # } } server { listen 80; listen [::]:80; location / { return 301 https://$host$request_uri; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } } }

Answer 1

This HTTP 400 Bad Request error looks like the one coming from the Django request validation, since your requests differs only by the Host HTTP request header value. You should include every used domain name to the ALLOWED_HOSTS list in the settings.py Django file. Domain names should be specified as they would appear in the Host header (excluding the possible port number); a wildcard-like entry like .example.com is allowed, assuming the example.com domain and every subdomain. Special value * can be used to skip Host header validation (not recommended unless you do this validation at some other request processing level).