Multiple Websites not working on Nginx Revrese Proxy - docker

One of the website is not accessible via nginx reverse proxy when we have configuration files of two different websites (hosted on two docker containers) palced under /etc/nginx/conf.d. The configuration files are as follows
Website 1: /etc/nginx/conf.d/tr.conf
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/tr.crt;
ssl_certificate_key /etc/nginx/ssl/tr.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name trac.internal.local;
location /trend {
proxy_pass http://tr/trend:9090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://tr/trend /;
}
}
Website 2: /etc/nginx/conf.d/pageview.conf
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/pageview.crt;
ssl_certificate_key /etc/nginx/ssl/pageview.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name pageview.internal.local;
location /pageview {
proxy_pass http://pageviewfront:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://pageviewfront /;
}
}

Related

Use a Subdomain with Nginx to get a JSON from an Endpoint

I currently have a deployed application. https://dostoevsky.rest/
It works well with Nginx and Docker.
However, I want to get a JSON when I hit the endpoint https://dostoevsky.rest/api/rand with a subdomain.
So, I want the subdomain api.dostoevsky.rest to redirect https://dostoevsky.rest/api/rand.
I thought I could configure Nginx as a reverse proxy, so I did the following:
server {
listen 80;
listen [::]:80;
server_name api.dostoevsky.rest www.api.dostoevsky.rest;
root /var/www/api.dostoevsky.rest/html;
location / {
proxy_pass http://<IP>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/rand {
proxy_pass http://<IP>/api/rand;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
However, when I do curl api.dostoevsky.rest I get the message:
<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
<hr><center>nginx/1.21.3</center>
</body>
</html>
I'm assuming the resource isn't found?
However, if I do curl https://dostoevsky.rest/api/rand it works fine. So, I think I'm making a mistake with the reverse proxy. Any help would be appreciated. Sorry if this is a low-quality question; I'm new to using Nginx.
Deployed on a DigitalOcean droplet.
Following is my complete nginx.conf file:
server {
listen 80;
listen [::]:80;
server_name dostoevsky.rest www.dostoevsky.rest;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dostoevsky.rest www.dostoevsky.rest;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/dostoevsky.rest/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dostoevsky.rest/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location / {
try_files $uri #nodejs;
}
location #nodejs {
proxy_pass http://nodejs:8080;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
}
server {
listen 80;
listen [::]:80;
server_name api.dostoevsky.rest www.api.dostoevsky.rest;
root /var/www/api.dostoevsky.rest/html;
location / {
proxy_pass http://<IP>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/rand {
proxy_pass http://<IP>/api/rand;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

docker NGINX server sub location issue

I have the following NGINX that works without issue for root https / . However whenever I try to change location / { to a subdomain like location /example { it breaks everything. if you go to domain.com/exmaple it takes you to a 404 error no matter where you go.
############## Jupyter ####################
server {
listen 0.0.0.0:443 ssl;
server_name domain.com
www.domain.com;
ssl_certificate /etc/nginx/self.crt;
ssl_certificate_key /etc/nginx/self.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_session_cache builtin:1000 shared:SSL:10m;
access_log /var/log/nginx/jupyter.log ;
error_log /var/log/nginx/jupyter.error.log debug;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jupyter;
proxy_read_timeout 90;
}
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
proxy_pass http://jupyter;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
}
}
You're missing the root parameter in your nginx configuration.
You should check in the guide how to use it http://nginx.org/en/docs/beginners_guide.html
It reports you should do something like
location / {
root /var/www/webapp/public; // something like that
// .. config
}
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
root /var/www/webapp/api; // something like that
// .. config
}

Unable to change port number in Bitbucket

My Bitbucket instance is running in an Ubuntu server.
The initial installation was done by following the wizard and in that moment it was set the default port 7990.
Now I would like to change it to use the port 443, so as per the official documentation it can be easily done by changing the value server.port in the shared/bitbucket.properties file.
However, after that change, the server is not even listening in the new configured port.
Bitbucket is started as root user.
Why is bitbucket not taking into account the port modification?
Fixed after configuring a Nginx server which will do relay between port 7990 and 443.
Config bitbucket:
server.port=7990
server.proxy-name=******************
server.proxy-port=443
server.scheme=https
jdbc.url=jdbc\:postgresql\://localhost\:5432/bitbucket
jdbc.driver=org.postgresql.Driver
jdbc.user=******************
jdbc.password=*************
Config Nginx:
server {
location / {
proxy_pass http://localhost:7990;
proxy_redirect off;
server_tokens off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 443 default ssl http2;
server_name ******************;
ssl_certificate "******************";
ssl_certificate_key "******************";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 0;
location / {
proxy_pass http://localhost:7990;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
}

HTTP Origin header (https://example.com) didn't match request.base_url (http://example.com) rails

I am running Nginx server with the puma on https. I configured Letsencrypt for SSL verification. The problem is that the server is running fine but when I try to create a user through devise it throws this error
"HTTP Origin header (https://example.com) didn't match request.base_url (http://example.com)"
I tried to modify the nginx.conf configuration as specified over here
https://github.com/rails/rails/issues/22965#issuecomment-172929004
but still, no luck here is my configuration file
upstream puma {
server unix:///home/ubuntu/blue_whale/example/shared/tmp/sockets/gofickle-puma.sock;
}
server
{
listen 443 ssl default;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /home/ubuntu/blue_whale/example/current/public;
access_log /home/ubuntu/blue_whale/example/current/log/nginx.access.log;
error_log /home/ubuntu/blue_whale/example/current/log/nginx.error.log info;
add_header Strict-Transport-Security “max-age=31536000”;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://puma;
}
I have the exact same setup as you and mine is working with the below proxy config:
location #rails {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://rails_app;
}
I think it might be the X-Forwarded-Proto and SSL that might be causing your issue, it isn't necessary behind the proxy.

400 Bad Request nginx/1.13.12

I am getting "400 Bad Request The plain HTTP request was sent to HTTPS port nginx/1.13.12" upon Nginx/Docker/SSL configuration. Below is my SSL configuration inside Docker container of Nginx. Please help.
server {
listen 80;
listen 443 ssl;
server_name mydomain.com;
root /usr/share/etc/nginx;
index index.html index.htm index.php;
if ($scheme = http)
{
return 301 https://$server_name$request_uri;
}
ssl on;
ssl_certificate /etc/ssl/certs/mydomain.crt;
ssl_certificate_key /etc/ssl/private/mydomain.key;
ssl_session_timeout 5m;
location /{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost;
proxy_read_timeout 180;
proxy_redirect off;
proxy_redirect http://localhost $scheme://mydomain.com;
proxy_http_version 1.1;
proxy_request_buffering off;
}
}

Resources