X-Accel-Redirect feature does not work for external connections (inside docker network)

Question

I'm trying to allow container with django to manage access to media files served from another container with nginx. Because of that despite of nginx documentation, I've removed the internal line from the location config:

server {

    server_name nginx; //name of the container used for accessing from another containers

    charset UTF-8;

    client_max_body_size 32m;

    listen 80;

    location /protected/media/ {

        // internal;

        alias /data/djan,go/media/;

    }

}

With this config I'm able to use /protected/media urls from django containers so I've succeeded at doing wget  from shell of container with django.

But django's code

response = HttpResponse()

del response['Content-Type']

response['X-Accel-Redirect'] = 'http://nginx/protected/media/' + path # I'm sure that this url matches to url I've used succesfully with wget

return response 

returning 404 Here is the django's url:

path('media/<path:path>', media_access, name='media')

Where I'm wrong?

Answer 1

It sounds like what you're trying to do is have X-Accel-Redirect with an absolute URL for an external domain/host, hence the need to remove internal as per http://nginx.org/r/internal to make the files accessible without authentication. It doesn't work like that.

Take a look at the examples provided at http://nginx.org/r/proxy_pass_request_headers, for example:

location /x-accel-redirect-here/ {

    proxy_method GET;

    proxy_pass_request_headers off;

    proxy_pass_request_body off;

    proxy_pass ...

}

It'd be totally reasonable for nginx to have a requirements of having to use relative URLs in X-Accel-Redirect; otherwise, how would nginx know how exactly to handle the request?

You probably would have to use relative URLs in X-Accel-Redirect, and, if you require escaping into another container, to have extra internal location directives to do an explicit proxy_pass, as appropriate.