I'm building a Nuxt 3 app, but I have a problema with .env file.
In production if I navigate www.mydomain.com/.env i can see al sensible data like API key.
I'trying to use runtimeConfig with apiSecret like this
runtimeConfig: {
// Keys within public, will be also exposed to the client-side
apiSecret: {
//stripe_pk: process.env.STRIPE_PK,
//client_id: process.env.CLIENT_ID,
api_key: example
},
but I encountered the same problem. Where is the mistake?
It is problem of your production server. In server config u should disble access to .env file.
Example for nginx:
server {
...
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
}
...
}
Related
I'm trying to use nginx to reverse proxy some services like Kanboard, PgAdmin, StackStorm, Grafana, etc. Using location /kanboard/ and /pgadmin/ i'm redirected correctly but the page can't import js and css files. Obs: I am using docker for the services and nginx.
I've already tried some proxy_pass params but didn't succeeded.
Nginx config
# /etc/nginx/nginx.conf
events {}
http {
server {
listen 80;
location /kanboard/ {
proxy_pass http://kanboard;
}
location /pgadmin/ {
proxy_pass http://pgadmin;
}
}
}
Accessing localhost/kanboard i was expected to be redirected to localhost/kanboard/login, but i am redirected to localhost/login.
When i access localhost/pgadmin the js and css files fail to import on the network tab, all the headers are to localhost/static/... instead of localhost/pgadmin/static/...
I am trying to set up a private docker registry behind an nginx proxy that is read-only (i.e. allows pull requests) for everyone but requires authentication for push requests. I have followed various guides but am still stumped. Below is my current nginx configuration:
events {
worker_connections 1024;
}
http {
upstream docker-registry {
server registry:5000;
}
## Set a variable to help us decide if we need to add the
## 'Docker-Distribution-Api-Version' header.
## The registry always sets this header.
## In the case of nginx performing auth, the header is unset
## since nginx is auth-ing before proxying.
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
'registry/2.0' '';
default registry/2.0;
}
server {
listen 80;
server_name docker-host.example.com;
location / {
rewrite ^(.*)$ https://docker-host.example.com$1 last;
}
}
server {
listen 443 ssl;
server_name docker-host.example.com;
ssl_certificate /etc/nginx/ssl/example.cert.pem;
ssl_certificate_key /etc/nginx/ssl/example.key.pem;
ssl_ciphers 'AES256+EECDH:AES256+EDH::!EECDH+aRSA+RC4:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 0;
location / {
limit_except GET HEAD OPTIONS {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/users.pwd;
}
include proxy.conf;
}
}
}
It does allow anonymous pull requests but push always fails with 'unauthorized: authentication required'. If I remove the conditional limit_except, i.e. require authentication for all access, it works just fine after logging in.
When I remove the authentication configuration from nginx entirely, everything works as well, but obviously without authentication.
Any help or pointers would be greatly appreciated.
We have been using https://github.com/cesanta/docker_auth and it works pretty well you can setup many authentication methods
For more info check
https://github.com/cesanta/docker_auth/blob/master/README.md
"unauthorized: authentication required" error comes from registry API. that means you have auth enabled in registry's itself. either disable auth in registry and use nginx basic auth only, or proxy pass "Authorization" header with related data (tricky).
The asset files for a couple of gems I'm using aren't loading after using Nginx in production mode. I'm pretty certain it has to do with the location blocks in my Nginx config, but I'm not sure what to add so that Nginx will point to where the files are located.
The gems in question are sidekiq and rack-mini-profiler
upstream cable {
server unix:///tmp/cable.sock;
}
server {
listen 80;
server_name 66.207.0.133;
root /home/john/rails/cable/public/assets;
location / {
proxy_pass http://cable;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* \.(css|js|otf|woff|ttf|svg|eot)$ {
root /home/john/rails/cable/public/;
}
}
The error in the Nginx log is:
2016/11/07 21:04:36 [error] 22745#22745: *51175 open() "/home/john/rails/cable/public/sidekiq/javascripts/dashboard.js" failed (2: No such file or directory), client: 69.49.80.136, server: 66.207.0.133, request: "GET /sidekiq/javascripts/dashboard.js HTTP/1.1", host: "66.207.0.133", referrer: "http://66.207.0.133/sidekiq"
Obviously the second location block is redirecting all requests for the needed .js and .css files to the wrong location, but how and to where can I redirect requests to /sidekiq/*.js to the correct files?
You first need to find where the correct files are in your filesystem.
find / -path "*/javascripts/dashboard.js"
A web search reveals that it might be /home/site/homepage_production/shared/bundle/ruby/1.9.1/gems/sidekiq-2.16.1/web/assets/javascripts/dashboard.js.
So, if you gotta serve that from /sidekiq/javascripts/dashboard.js on the web, and provided that all requests within /sidekiq/ are for static assets, then the following should be used:
location ^~ /sidekiq/ {
alias /home/site/homepage_production/shared/bundle/ruby/1.9.1/gems/sidekiq-2.16.1/web/assets/;
}
For more details, see:
http://nginx.org/r/location
http://nginx.org/r/alias
I've got a Rails app deployed via nginx/passenger. It will have multiple domains pointing to it.
I'm wondering if it's possible to configure nginx so that any URL that matches [somedomain.com]/blog/ will be servered by PHP/WordPress located in a different directory.
So, for example:
domain1.com, domain2.com, & domain2.com/some-resource/1 point to the Rails app at /var/rails/mainapp/
but domain1.com/blog/ goes to /var/sites/domain1.com/
and domain2.com/blog/ goes to /var/sites/domain2.com/
server {
location /blog {
alias /var/sites/domain1.com/;
}
location / {
}
}
You need define you /blog before / location
Here is my config. Hope it helps someone.
# Redirect all requests containing 'www.your-website.ru'
# to 'your-website.ru'
server {
listen 80;
server_name www.your-website.ru;
rewrite ^(.*) http://your-website.ru$1 permanent;
}
server {
listen 80;
server_name your-website.ru;
access_log logs/your-website.ru.log;
root /path-to-your-website.ru/current/public;
#####################
# Rails
#####################
location / {
rails_env production; # this is a production server
passenger_enabled on; #
I'm trying to migrate to nginx from Apache using Passenger in both instances to host a Rails app. The app takes a request, which is for an image- if the image exists at /system/logos/$requestedimage then it should get served, or it should be allowed to hit the Rails app to generate it if needed (where it is then cached to /system/logos).
In Apache I used the following:
RewriteCond %{DOCUMENT_ROOT}/system/logos/%{REQUEST_FILENAME} -f
RewriteRule ^/(.*)$ http://assets.clg.eve-metrics.com/system/logos/$1
This worked fine. The assets. subdomain is another subdomain but with the same root, just Passenger disabled, specifically set up for hosting static files (expires-wise).
In nginx I am using the following:
server {
listen 80;
passenger_enabled on;
server_name clg.eve-metrics.com www.clg.eve-metrics.com;
root /opt/www/clg/current/public;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml text/css application/javascript;
gzip_disable msie6;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
if (-f $document_root/system/logos$request_filename) {
rewrite ^/(.*)$ http://assets.clg.eve-metrics.com/system/logos/$1 break;
}
}
This doesn't work so well. At all, in fact. It never redirects to the cached path and it never hits the Rails app. It's like nginx is assuming it's a static asset so not passing it on to Passenger. Is there a way to stop this behaviour so it hits the app?
My rails application is running on nginx and passenger. I have moved my rails cache directory from the default /public to /public/system/cache/. To make it work, I had to insert this into my vhost config file:
if (-f $document_root/system/cache/$uri/index.html) {
rewrite (.*) /system/cache/$1/index.html break;
}
if (-f $document_root/system/cache/$uri.html) {
rewrite (.*) /system/cache/$1.html break;
}
I remember that I too tried to make it work with $request_filename, but didn't get it to work. Try with $uri instead and see if it works :-)
James, please try this configuration file
https://gist.github.com/711913
and pay attention on this location config:
location ~* \.(png|gif|jpg|jpeg|css|js|swf|ico)(\?[0-9]+)?$ {
access_log off;
expires max;
add_header Cache-Control public;
}
passenger won't let Rails to manage your assets files if you have right permissions (user run nginx should has permissions to access to file directly)