I have an issue with my webapp currently where it cannot submit a POST request. The request doesn't even make it past nginx.
When I looked at the access_log file, I saw this:
172.18.0.1 - - [22/Oct/2022:14:44:46 +0000] "POST /Manage/Message/Announcement/Update HTTP/1.1" 400 0
"http://localhost:9190/Manage/Message/Announcement/Edit/a4f91c12-ebd3-4c98-9544-41d3757770bf"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/106.0.0.0 Safari/537.36"
It just says Error 400. However, I don't know what caused the error 400. My error_log file is empty.
How can I get more details out from my nginx access_log?
This is my conf file:
upstream gateway_us {
server sdr_gateway.web;
}
upstream manage_us {
server sdr_manage.web;
}
server {
listen 80;
server_name localhost;
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
error_log /var/log/nginx/sdr-fe-nginx-error.log debug;
access_log /var/log/nginx/sdr-fe-nginx-access.log;
ignore_invalid_headers off;
underscores_in_headers on;
location /{
proxy_pass http://gateway_us/;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
location /Gateway/{
proxy_pass http://gateway_us/;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
location /Manage/{
proxy_pass http://manage_us/Manage/;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
A brief explanation of my webapp. It is a .net core web app and I want to submit a form using POST
I have changed the name of my antiforgery token and data protection key name to not contain any underscores or dots:
Data Protection Key Name:
SD-DPK-APP
Anti Forgery Token Name:
SD-AFT-APP
If it helps, this web app is running from a subdirectory. I have another app that is not in the subdirectory and it can perform POST requests fine.
Related
I currently have a deployed application. https://dostoevsky.rest/
It works well with Nginx and Docker.
However, I want to get a JSON when I hit the endpoint https://dostoevsky.rest/api/rand with a subdomain.
So, I want the subdomain api.dostoevsky.rest to redirect https://dostoevsky.rest/api/rand.
I thought I could configure Nginx as a reverse proxy, so I did the following:
server {
listen 80;
listen [::]:80;
server_name api.dostoevsky.rest www.api.dostoevsky.rest;
root /var/www/api.dostoevsky.rest/html;
location / {
proxy_pass http://<IP>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/rand {
proxy_pass http://<IP>/api/rand;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
However, when I do curl api.dostoevsky.rest I get the message:
<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
<hr><center>nginx/1.21.3</center>
</body>
</html>
I'm assuming the resource isn't found?
However, if I do curl https://dostoevsky.rest/api/rand it works fine. So, I think I'm making a mistake with the reverse proxy. Any help would be appreciated. Sorry if this is a low-quality question; I'm new to using Nginx.
Deployed on a DigitalOcean droplet.
Following is my complete nginx.conf file:
server {
listen 80;
listen [::]:80;
server_name dostoevsky.rest www.dostoevsky.rest;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dostoevsky.rest www.dostoevsky.rest;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/dostoevsky.rest/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dostoevsky.rest/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location / {
try_files $uri #nodejs;
}
location #nodejs {
proxy_pass http://nodejs:8080;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
}
server {
listen 80;
listen [::]:80;
server_name api.dostoevsky.rest www.api.dostoevsky.rest;
root /var/www/api.dostoevsky.rest/html;
location / {
proxy_pass http://<IP>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/rand {
proxy_pass http://<IP>/api/rand;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Have deployed my Rails 5.2 app via Capistrano, and am having problems with ActionCable. I am using Nginx, Puma and Lets Encrypt.
I have tried many combinations of configuration, but each time am receiving the same error. I am not sure how to debug this issue, and suggestions as well and any tips on re-arranging my ngnx.conf would be well-appreciated.
Have changed the real website to website.com
nginx.conf
upstream puma {
server unix:///home/deploy/apps/website/shared/tmp/sockets/website-puma.sock;
}
server {
server_name website.com www.website.com;
root /home/deploy/apps/website/current/public;
index index.html;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location #puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
location /cable {
proxy_pass http://puma;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection Upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name website.com www.website.com;
return 404; # managed by Certbot
}
config/production.rb
config.action_cable.mount_path = '/cable'
config.action_cable.url = 'wss://website.com/cable'
config.action_cable.allowed_request_origins = [ 'https://website.com', 'http://website.com' ]
Error Message
Reviewed posts
Rails5 Action Cable Nginx 404 and 502 errors
ActionCable on AWS: Error during WebSocket handshake: Unexpected response code: 404
Actioncable Nginx and Puma WebSocket handshake: Unexpected response
UPDATE
Updated nginx.conf
upstream puma {
server unix:///home/deploy/apps/immersive/shared/tmp/sockets/immersive-puma.sock;
}
server {
if ($host = www.immersive.ch) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = immersive.ch) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name immersive.ch www.immersive.ch;
return 404; # managed by Certbot
}
server {
server_name immersive.ch www.immersive.ch;
root /home/deploy/apps/immersive/current/public;
index index.html;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location #puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
location /cable {
proxy_pass http://puma;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_buffering off;
proxy_redirect off;
break;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/immersive.ch/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/immersive.ch/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
production.rb
config.action_cable.mount_path = '/cable'
config.action_cable.url = 'wss://immersive.ch/cable'
config.action_cable.allow_same_origin_as_host = true
config.action_cable.allowed_request_origins = [ '*' ]
#config.action_cable.allowed_request_origins = [ 'https://immersive.ch', 'http://immersive.ch' ]
Partial output of curl
> GET /cable HTTP/1.1
> Host: immersive.ch
> User-Agent: curl/7.54.0
> Accept: */*
> Origin: https://immersive.ch
> Sec-WebSocket-Key: MIN4DsiwEAutsE11kgG5rg==
> Upgrade: websocket
> Connection: Upgrade
> Sec-WebSocket-Version: 13
>
< HTTP/1.1 404 Not Found
< Server: nginx/1.15.5 (Ubuntu)
< Date: Tue, 16 Apr 2019 20:10:43 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-cache
< X-Request-Id: 7a9aa8f1-676d-419b-9e4f-0c1bb38bcaa2
< X-Runtime: 0.004730
<
* Connection #0 to host immersive.ch left intact
Page not found%
puma.rb
threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }.to_i
threads threads_count, threads_count
port ENV.fetch("PORT") { 3000 }
environment ENV.fetch("RAILS_ENV") { "development" }
workers 2
daemonize true
plugin :tmp_restart
EDIT 2
/var/logs/nginx/access.log
HTTP/1.1" 200 4447 "https://immersive.ch/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
xxx.xxx.xxx.xxx - - [16/Apr/2019:22:33:58 +0200] "GET /cable HTTP/1.1" 404 24 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
xxx.xxx.xxx.xxx - - [16/Apr/2019:22:33:59 +0200] "GET /cable HTTP/1.1" 404 24 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
puma.error.log
I, [2019-04-16T22:39:06.100106 #21136] INFO -- : [80dc2a43-13e1-499e-a8f6-9fd54d48270b] Started GET "/cable" for xxx.xxx.xxx.xxx at 2019-04-16 22:39:06 +0200
I, [2019-04-16T22:39:06.103811 #21136] INFO -- : [80dc2a43-13e1-499e-a8f6-9fd54d48270b] Started GET "/cable/"[non-WebSocket] for xxx.xxx.xxx.xxx at 2019-04-16 22:39
E, [2019-04-16T22:39:06.103943 #21136] ERROR -- : [80dc2a43-13e1-499e-a8f6-9fd54d48270b] Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: close, HTTP_UPGRADE: )
I, [2019-04-16T22:39:06.104062 #21136] INFO -- : [80dc2a43-13e1-499e-a8f6-9fd54d48270b] Finished "/cable/"[non-WebSocket] for xxx.xxx.xxx.xxx at 2019-04-16 22:39
puma.access.log
2019-04-16 20:58: HTTP parse error, malformed request (127.0.0.1): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
ActionCable answers 404 when Origin header is missing or does not match/invalid.
Check that it's not you regular 404:
curl -v 'https://your_site.com/cable' -H 'Origin: https://your_site.com' -H 'Sec-WebSocket-Key: MIN4DsiwEAutsE11kgG5rg==' -H 'Upgrade: websocket' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Version: 13'
When everything is fine there'll be HTTP/1.1 101 Switching Protocols, on origin mismatch - just Page not found body, or your regular 404 page if there's some other routing trouble.
Make sure allowed_request_origins in settings is correct. Note that it includes port, if it's non-standard. Check which Origin browser sends in devtools
Also there's config.action_cable.allow_same_origin_as_host = true (the default, needs correct Host and X-Forwarded-Proto headers)
Then we need nginx to pass all the headers that are being used to reconstruct origin:
location /cable {
proxy_pass http://puma;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; # <- most probably this one is missing
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on; # this is default, but just to be sure
proxy_buffering off;
proxy_redirect off;
break;
}
Update:
Remaining two cases when activecable responds with this is failed connection authentication and missing websocket driver(should not be the case for puma)
I am running Nginx server with the puma on https. I configured Letsencrypt for SSL verification. The problem is that the server is running fine but when I try to create a user through devise it throws this error
"HTTP Origin header (https://example.com) didn't match request.base_url (http://example.com)"
I tried to modify the nginx.conf configuration as specified over here
https://github.com/rails/rails/issues/22965#issuecomment-172929004
but still, no luck here is my configuration file
upstream puma {
server unix:///home/ubuntu/blue_whale/example/shared/tmp/sockets/gofickle-puma.sock;
}
server
{
listen 443 ssl default;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /home/ubuntu/blue_whale/example/current/public;
access_log /home/ubuntu/blue_whale/example/current/log/nginx.access.log;
error_log /home/ubuntu/blue_whale/example/current/log/nginx.error.log info;
add_header Strict-Transport-Security “max-age=31536000”;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://puma;
}
I have the exact same setup as you and mine is working with the below proxy config:
location #rails {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://rails_app;
}
I think it might be the X-Forwarded-Proto and SSL that might be causing your issue, it isn't necessary behind the proxy.
I'm using a Nginx-proxy in a docker-container. And I have to run multiple applications on a server. I want to run them all in a docker container except one. I run Jira an Confluence in container. It took me a lot of time to configure the applications and the Nginx-config. Now I want to run Graylog2 on the Server aswell and I'm facing kind of the same problems like in Jira/Confluence. I guess it's maybe because I don't really understand how all this works. Thats why I made the following image:
Thats how I understand the reverse proxy. The nginx-conf looks like this:
upstream jenkins {
server 43.3.34.333:8080 fail_timeout=0;
}
upstream docker-jira {
server jira:8080;
}
upstream docker-conf {
server conf:8090;
}
upstream docker-graylog {
server graylog:9000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mySite.de;
return 301 https://mySite.de;
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mySite.de;
include snippets/ssl-mySite.de;
include snippets/ssl-params.conf;
location /jenkins {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jenkins;
proxy_redirect http://jenkins $scheme://mySite.de;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
client_max_body_size 2M;
}
location /graylog {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-jira/jira;
client_max_body_size 100M;
add_header X-Frame-Options ALLOW;
}
location /confluence {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-conf/confluence;
proxy_redirect http://docker-conf/confluence https://mySite.de;
client_max_body_size 100M;
add_header X-Frame-Options SAMEORIGIN;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://mySite.de:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
client_max_body_size 100M;
}
}
To run Graylog2 behind a proxy you have to set some settings(Graylog2 docu):
set web_listen_uri
set rest_listen_uri
set web_endpoint_uri
I did it like this:
rest_listen_uri = http://localhost:9000/api/
web_listen_uri = http://localhost:9000/graylog
GRAYLOG_WEB_ENDPOINT_URI: https://mySite.de/api
When I got to https://mySite.de/graylog I get a 502 Bad Gateway Error. Nginx-log:
connect() failed (111: Connection refused) while connecting to upstream, client: 33.11.102.157, server: mySite.de, request: "GET /graylog HTTP/2.0", upstream: "http://172.18.0.9:9000/graylog", host: "mySite.de"
My Network:
NETWORK ID NAME DRIVER SCOPE
6c9de2d6b0ac MyNet bridge local
I don't really get it.
Leave your 80–>443 redirect you have with NGINX doing the SSL termination, then sending to backend over http.
Change these to listen on the LAN IP or docker DNS name:
web_listen_uri = http://docker-graylog:9000/graylog
rest_listen_uri = http://docker-graylog:9000/api
Note: The problem with your current config is it is only listening on localhost, and a request coming in externally will never make it to the app, because it’s not listening for external connections. It’s only listening for connections within the graylog container. NGINX can’t reach graylog on localhost:9000 across the LAN.
The bad gateway indicates that your proxy is probably working, but no connections to app can be made.
More details on that:
https://forums.docker.com/t/access-to-localhost-from-bridge-network/22948/2
This config is basically what you already have, but copied it from graylog documentation. Your current proxy config might work as is.
upstream docker-graylog {
server graylog:9000;
}
server
{
listen 443 ssl spdy;
server_name mySite.de;
# <- your SSL Settings here!
location /graylog
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
}
Im using sidekiq with Rails 4.2.8 and its working fine, the only issue is the Web UI on production servers. I can load the UI fine locally but if I deploy it to a production server than the UI will not load and there are no errors. Im mounting in my routes like so..
OptimoUi::Application.routes.draw do
require 'sidekiq/web'
devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
authenticate :admin_user do
mount Sidekiq::Web => '/sidekiq'
end
And when I got to the /sidekiq route after authenticating with active admin I have just a blank screen. No errors in the console, nothing in the rails log, not even a 404 or anything just nothing. The only time there is a something is in the nginx access log where If I refresh that page I get a 304
157.130.220.250 - ross [10/Oct/2017:15:23:20 +0000] "GET /sidekiq HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
Maybe I am missing something in Nginx configuration? Here is a some of the conf with allowed headers
location #application {
add_header X-yKind rails-api-1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Client-IP $proxy_add_x_forwarded_for;
proxy_redirect off;
# proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
proxy_hide_header Clear-Site-Data;
proxy_pass http://rails_app;
}
location ~ ^/(static|tou|csv_export|accounts|api) {
root /opt/optimo/current/public;
try_files $uri #application;
}
location ~ ^/(admin|manage) {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
try_files $uri #application;
}
## default location ##
location / {
try_files $uri $uri/ /index.html?/$request_uri;
}
And I have also uncommented this line in the rails configuration.
config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
But nothing seems to work and I am stumped by lack of errors anywhere.
I had to set up a proxy_pass for the /sidekiq location in the Nginx configuration.
location ~^/sidekiq {
proxy_pass http://rails_app;
}
It was rendering the html of one of our Ember pages for some reason.