Nginx, how to allow DOMAIN:PORT and IP:PORT requests

What's the proper way to configure Nginx to allow DOMAIN:PORT requests like this:

http://example.com:8080/?a=xxx&b=yyy&c=zzz
over TCP or UDP

And IP:PORT requests like this:

http://1.2.3.4:8086/?a=xxx&b=yyy&c=zzz
over TCP or UDP

Nginx also must allow domain requests like these, which already work correctly on my setup:

http://example.com/home
http://example.com/work
over TCP

For the IP:PORT requests, I tried this config, but it didn't work:

server {
    listen 8080;
    server_name 1.2.3.4:8080;
    root /home/public_html/example.com;

    location / {
        client_max_body_size 10m;
        client_body_buffer_size 20m;
        proxy_connect_timeout 10s;
        proxy_send_timeout 5s;
        proxy_read_timeout 60s;
        proxy_buffer_size 8k;
        proxy_buffers 4 64k;
        proxy_busy_buffers_size 128k;
        proxy_temp_file_write_size 128k;
        proxy_redirect off;
        proxy_pass http://1.2.3.4:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

---

Added for steve klein

server {
    # HTTP IP:PORT ...
    # http://example.com:8080/app/?ip=1.2.3.4&pt=55555&do=things
    # there's a listener on port 55555
    #
    listen 8080;
    server_name example.com www.example.com;
    root /home/public_html/example.com;

    location /app {
        client_max_body_size 128k;
        client_body_buffer_size 256k;
        proxy_connect_timeout 10s;
        proxy_send_timeout 5s;
        proxy_read_timeout 60s;
        proxy_buffer_size 8k;
        proxy_buffers 4 64k;
        proxy_busy_buffers_size 128k;
        proxy_temp_file_write_size 128k;
        proxy_ignore_client_abort on;
        proxy_pass http://$arg_ip:$arg_pt;
        proxy_redirect off;
    }
}

With your #resolve domain for port 8080, Google Chrome Console shows the error net::ERR_CONNECTION_REFUSED and there's no response shown in the Chrome Network monitor, only the request is shown.

That is a comment - not sure how this is happening but it can be safely removed. If you are still having issues, perhaps post your updated config in your OP.

steve, I was talking about your "server" config statement that's headed by your comment #resolve domain for port 8080. I'll post the updated config.

Do you really have a folder called example.com? Otherwise, your root needs to be the path to your actual root folder for your application.

In the above config, example.com as domain name, and as a part of the public root path, is only a place holder for the real thing.

If you log into your server and you cd to whatever root is assigned to, do you get to your root directory? If so, it is set correctly.

Back to your error message, does your firewall allow access on port 8080?

Yes, cd /public/root/path takes you to the correct public root directory. And iptables does not block access to port 8080.

Why do you have location /app (sorry just noticed that in your updated post)? That will only route requests to folder app at your root. Normally, you would include a route to location /.

You can see the GET request format in the comments at the top of the server block: http://example.com:8080/app/?ip=1.2.3.4&pt=55555&do=things

So all requests will go to the app folder? I've never seen a request start with a question mark... where is the page name?

For the location block shown above, there is no page. app is the resource, and the payload uri is the parameters, which begin after the ?. I'm not showing several other location blocks, for other resources made available by the server, many of which do offer html pages for service.

app needs to be a folder under your root or this won't match. Documentation here. So this configuration will only support requests to /path/to/root/app.

Sorry, iptables must explicitly allow port 8080, which it wasn't doing!

Aha the firewall strikes! Glad you were able to work it out.