I have been messing around with NGINX (complete novice) and a home lab server. I have a few docker apps that I want to access via my domain. I have set up the https redirect and verified that it works. However my issue is getting the domain www.mydomain.net/app1 to resolve to app1 and www.mydomain.net/app2 to resolve to app2.
Here is my current config
server {
listen 443 ssl;
server_name mydomain.net www.mydomain.net;
*insert ssl configs*
location /tsd/ {
proxy_pass http://tsd:3334/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header x-Forwareded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
location /game/ {
proxy_pass http://game:5876/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header x-Forwareded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
I looked at the network tab headers after going to mydomain.net/tsd I see the request go in and then get a response header with location /printers/ instead of /tsd/printers/. I have tried a multitude of various things from stackoverflow and other sites to try and make the /tsd/ path stick.
Any help or suggestions would be greatly appreciated.
Thanks in advance.
Related
I have a small express application running inside a docker container. The endpoint is accessible locally through http://localhost:8888/api/run . The docker container was run using this command:
docker run -dp 8888:8888 code-editor
I configured NGINX to serve the response from docker using the location block:
server {
server_name www.baseURL.tech baseURL.tech;
-------------------CONNECT WITH APP INSIDE DOCKER--------------------
location /compiler {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8888/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
-------------------CONNECT WITH MAIN NODE APP--------------------
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8000/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
The path being called is https://baseURL/compiler/api/run as an ajax request from the main website https://baseURL but it is returning 404.
You have
location /compiler
which results in Nginx passing on the entire URL, i.e. compiler/api/run to the Express app.
You want it to remove the compiler part and the easiest way to do that is to add a slash at the end of the location, like this
location /compiler/
Then Nginx will only pass on api/run to Express.
I am trying to connect and use a server using websocket for fastapi with nginx.
403 error on server.
# server log
connection failed (403 Forbidden)
connection closed
I am using gunicorn, and I saw an article saying that some uvicorn should be used, and I changed it, but it did not work.
It works normally in the local environment.
What settings should I make to use rest-api and websocket together?
# nginx.conf
location /ws/ {
proxy_pass http://docker-fastapi;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
I have migrated to nexus 3 from nexus 2 . But then there is a problem that the nexus 3 does not support the Unzip plugin . So the workaround I came up with was to deploy a nexus 2 container and proxy all the unzip repos to the nexus 2 . Then create a redirect link when the url ends with ".zip-unzip" it redirects to the nexus 2. This could be done on the nginx configuration . And it should also preserve the nexus3 url but display the nexus2 page.
I tried to do this by defining a location block with a regex to match urls ending with ".zip-unzip" and the proxy pass of the nexus2. But it does not seem to work. I am also not sure how to make the nexus 2 also ssl encrypted at the same time.
server{
listen 443 ssl;
server_name mt-nexus.psi-mt.de;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /etc/nginx/conf.d/server.crt;
ssl_certificate_key /etc/nginx/conf.d/server.key;
include /etc/nginx/custom-errors.conf;
client_max_body_size 1G;
location / {
proxy_pass http://nexus3:8081;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 900;
}
location ~ ^"/nexus/(?<section>.+).zip-unzip$" {
proxy_pass http://nexus2:8081/$section.zip-unzip;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
I expect that when the url "https://nexus3.xyz.com/nexus/content/repositories/Releases_Unzip/xxx.zip-unzip" is passed, it redirect to the nexus 2 url link "https://nexus2.xyz.com/nexus/content/repositories/Releases_Unzip/xxx.zip-unzip" but have the url preserved of the nexus 3 i.e https://nexus3.xyz.com/...
Issue resolved by myself. you would have to use a location block but location block does not support the use of "$" when using the proxy pass. So you would have to use a rewrite inside the location block like this.
location ~ .zip-unzip/ {
rewrite ^/nexus/(.*)$ /nexus/$1 break;
proxy_pass http://nexus4unzip:8081;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
I'm using a Nginx-proxy in a docker-container. And I have to run multiple applications on a server. I want to run them all in a docker container except one. I run Jira an Confluence in container. It took me a lot of time to configure the applications and the Nginx-config. Now I want to run Graylog2 on the Server aswell and I'm facing kind of the same problems like in Jira/Confluence. I guess it's maybe because I don't really understand how all this works. Thats why I made the following image:
Thats how I understand the reverse proxy. The nginx-conf looks like this:
upstream jenkins {
server 43.3.34.333:8080 fail_timeout=0;
}
upstream docker-jira {
server jira:8080;
}
upstream docker-conf {
server conf:8090;
}
upstream docker-graylog {
server graylog:9000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mySite.de;
return 301 https://mySite.de;
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mySite.de;
include snippets/ssl-mySite.de;
include snippets/ssl-params.conf;
location /jenkins {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jenkins;
proxy_redirect http://jenkins $scheme://mySite.de;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
client_max_body_size 2M;
}
location /graylog {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-jira/jira;
client_max_body_size 100M;
add_header X-Frame-Options ALLOW;
}
location /confluence {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-conf/confluence;
proxy_redirect http://docker-conf/confluence https://mySite.de;
client_max_body_size 100M;
add_header X-Frame-Options SAMEORIGIN;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://mySite.de:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
client_max_body_size 100M;
}
}
To run Graylog2 behind a proxy you have to set some settings(Graylog2 docu):
set web_listen_uri
set rest_listen_uri
set web_endpoint_uri
I did it like this:
rest_listen_uri = http://localhost:9000/api/
web_listen_uri = http://localhost:9000/graylog
GRAYLOG_WEB_ENDPOINT_URI: https://mySite.de/api
When I got to https://mySite.de/graylog I get a 502 Bad Gateway Error. Nginx-log:
connect() failed (111: Connection refused) while connecting to upstream, client: 33.11.102.157, server: mySite.de, request: "GET /graylog HTTP/2.0", upstream: "http://172.18.0.9:9000/graylog", host: "mySite.de"
My Network:
NETWORK ID NAME DRIVER SCOPE
6c9de2d6b0ac MyNet bridge local
I don't really get it.
Leave your 80–>443 redirect you have with NGINX doing the SSL termination, then sending to backend over http.
Change these to listen on the LAN IP or docker DNS name:
web_listen_uri = http://docker-graylog:9000/graylog
rest_listen_uri = http://docker-graylog:9000/api
Note: The problem with your current config is it is only listening on localhost, and a request coming in externally will never make it to the app, because it’s not listening for external connections. It’s only listening for connections within the graylog container. NGINX can’t reach graylog on localhost:9000 across the LAN.
The bad gateway indicates that your proxy is probably working, but no connections to app can be made.
More details on that:
https://forums.docker.com/t/access-to-localhost-from-bridge-network/22948/2
This config is basically what you already have, but copied it from graylog documentation. Your current proxy config might work as is.
upstream docker-graylog {
server graylog:9000;
}
server
{
listen 443 ssl spdy;
server_name mySite.de;
# <- your SSL Settings here!
location /graylog
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
}
I've hosted my rails application on Digitalocean using Dokku. There's this need for my application to run real-time applications through Faye. I've been trying several ways like the shoreman plugin for Dokku and adding faye: bundle exec rackup faye.ru -s thin -E production to "Procfile" file. But no luck till now, need help on how I can get this Faye server running for my app.
You need to make several steps to have working faye server (e.g. on port 9292):
Your Procfile is OK
Expose port 9292 on Docker. I recommend install docker-options plugin and next dokku docker-options:add timer "-p 9292:9292"
Setup your app nginx.conf. Mine is here:
upstream app { server 127.0.0.1:49154; }
server {
listen [::]:80;
listen 80;
server_name app.dokku.mine;
location / {
proxy_pass http://app;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
}
location /faye {
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_buffering off;
proxy_cache_bypass $http_pragma $http_authorization;
proxy_no_cache $http_pragma $http_authorization;
proxy_pass http://localhost:9292;
}
}
I suggest to install nginx-alt plugin because config is overwritten on every deploy.