I currently have a deployed application. https://dostoevsky.rest/
It works well with Nginx and Docker.
However, I want to get a JSON when I hit the endpoint https://dostoevsky.rest/api/rand with a subdomain.
So, I want the subdomain api.dostoevsky.rest to redirect https://dostoevsky.rest/api/rand.
I thought I could configure Nginx as a reverse proxy, so I did the following:
server {
listen 80;
listen [::]:80;
server_name api.dostoevsky.rest www.api.dostoevsky.rest;
root /var/www/api.dostoevsky.rest/html;
location / {
proxy_pass http://<IP>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/rand {
proxy_pass http://<IP>/api/rand;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
However, when I do curl api.dostoevsky.rest I get the message:
<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
<hr><center>nginx/1.21.3</center>
</body>
</html>
I'm assuming the resource isn't found?
However, if I do curl https://dostoevsky.rest/api/rand it works fine. So, I think I'm making a mistake with the reverse proxy. Any help would be appreciated. Sorry if this is a low-quality question; I'm new to using Nginx.
Deployed on a DigitalOcean droplet.
Following is my complete nginx.conf file:
server {
listen 80;
listen [::]:80;
server_name dostoevsky.rest www.dostoevsky.rest;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dostoevsky.rest www.dostoevsky.rest;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/dostoevsky.rest/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dostoevsky.rest/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location / {
try_files $uri #nodejs;
}
location #nodejs {
proxy_pass http://nodejs:8080;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
}
server {
listen 80;
listen [::]:80;
server_name api.dostoevsky.rest www.api.dostoevsky.rest;
root /var/www/api.dostoevsky.rest/html;
location / {
proxy_pass http://<IP>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/rand {
proxy_pass http://<IP>/api/rand;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Related
One of the website is not accessible via nginx reverse proxy when we have configuration files of two different websites (hosted on two docker containers) palced under /etc/nginx/conf.d. The configuration files are as follows
Website 1: /etc/nginx/conf.d/tr.conf
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/tr.crt;
ssl_certificate_key /etc/nginx/ssl/tr.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name trac.internal.local;
location /trend {
proxy_pass http://tr/trend:9090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://tr/trend /;
}
}
Website 2: /etc/nginx/conf.d/pageview.conf
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/pageview.crt;
ssl_certificate_key /etc/nginx/ssl/pageview.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name pageview.internal.local;
location /pageview {
proxy_pass http://pageviewfront:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://pageviewfront /;
}
}
I have the following NGINX that works without issue for root https / . However whenever I try to change location / { to a subdomain like location /example { it breaks everything. if you go to domain.com/exmaple it takes you to a 404 error no matter where you go.
############## Jupyter ####################
server {
listen 0.0.0.0:443 ssl;
server_name domain.com
www.domain.com;
ssl_certificate /etc/nginx/self.crt;
ssl_certificate_key /etc/nginx/self.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_session_cache builtin:1000 shared:SSL:10m;
access_log /var/log/nginx/jupyter.log ;
error_log /var/log/nginx/jupyter.error.log debug;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jupyter;
proxy_read_timeout 90;
}
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
proxy_pass http://jupyter;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
}
}
You're missing the root parameter in your nginx configuration.
You should check in the guide how to use it http://nginx.org/en/docs/beginners_guide.html
It reports you should do something like
location / {
root /var/www/webapp/public; // something like that
// .. config
}
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
root /var/www/webapp/api; // something like that
// .. config
}
I am running Nginx server with the puma on https. I configured Letsencrypt for SSL verification. The problem is that the server is running fine but when I try to create a user through devise it throws this error
"HTTP Origin header (https://example.com) didn't match request.base_url (http://example.com)"
I tried to modify the nginx.conf configuration as specified over here
https://github.com/rails/rails/issues/22965#issuecomment-172929004
but still, no luck here is my configuration file
upstream puma {
server unix:///home/ubuntu/blue_whale/example/shared/tmp/sockets/gofickle-puma.sock;
}
server
{
listen 443 ssl default;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /home/ubuntu/blue_whale/example/current/public;
access_log /home/ubuntu/blue_whale/example/current/log/nginx.access.log;
error_log /home/ubuntu/blue_whale/example/current/log/nginx.error.log info;
add_header Strict-Transport-Security “max-age=31536000”;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://puma;
}
I have the exact same setup as you and mine is working with the below proxy config:
location #rails {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://rails_app;
}
I think it might be the X-Forwarded-Proto and SSL that might be causing your issue, it isn't necessary behind the proxy.
I've been working on this for the better part of a few days and I've been learning how Nginx works as I go, but I'm afraid I've missed something terribly stupid or simple.
I have a webapp running in a docker container at abc.domainname.com:444. If I access it at that URL, it's perfectly functional. However, I don't want the port number to be required in the URL so I've been trying to set up Nginx as a reverse proxy in front of that so that if someone accesses abc.domainname.com they get all of the content of abc.domainname.com:444. After a couple days' work I've been successful in getting the port number out of the URL for direct access, but the docker app is loading a few resources from places like abc.domainname.com:444/app/dfjsdfksdfjsdkfdsj.js, abc.domainname.com:444/images/images1/fjdskds.jpg and a few other subdirectories within /app/ and /images/. When I access the site at abc.domainname.com these assets are not loaded. According to my developer console there's a 404 for each resource. The URL of each resource is correct - or would be if the port number is specified.
Basically, abc.domainname.com:444/app/dfjsdfksdfjsdkfdsj.js loads the resource, but with the below Nginx config I've found that it seems like only the root is being proxy passed as that same resource cannot be called as abc.domainname.com/app/dfjsdfksdfjsdkfdsj.js
I've even tried to build blocks out for these items to no avail.
I get the feeling that there's an issue with my location blocks that I'm missing. Can anyone with more experience help me figure out my mistake so I can (hopefully) start understanding Nginx location blocks and how Nginx serves as a reverse proxy.
server_name abc.domainname.com;
server_tokens off;
error_log /home/runcloud/logs/nginx/Webappy_error.log;
access_log /home/runcloud/logs/nginx/Webapp_access.log main buffer=16k;
access_log /var/log/nginx-rc/Webapp_traffic.log traffic buffer=16k;
client_max_body_size 256m;
# Header option for security purpose
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# HSTS
add_header Strict-Transport-Security "max-age=15768000" always;
root /home/runcloud/webapps/Webapp;
index index.php index.html index.htm;
location ~ /.well-known/acme-challenge {
allow all;
log_not_found off;
root /opt/RunCloud/letsencrypt;
}
location / {
# Proxy config to remove the port number from the URL
proxy_pass https://abc.domainname.com:444;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
}
location ~ .(ico|css|gif|jpe?g|png|gz|zip|flv|rar|wmv|avi|css|js|swf|png|htc|mpeg|mpg|txt|otf|ttf|eot|woff|svg)$ {
expires 1M;
# Header option for security purpose
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# HSTS
add_header Strict-Transport-Security "max-age=15768000" always;
add_header Cache-Control "public";
# Proxy config to remove the port number from the URL
proxy_pass https://abc.domainname.com:444$request_uri;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ .(html)$ {
expires 24h;
# Header option for security purpose
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# HSTS
add_header Strict-Transport-Security "max-age=15768000" always;
add_header Cache-Control "public";
try_files $uri $uri/ /index.php$is_args$args;
}
location /app/ {
# Proxy config to remove the port number from the URL
proxy_pass https://abc.domainname.com:444/app/;
proxy_redirect off;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
try_files $uri $uri/ /index.php$is_args$args;
}
location /images/ {
# Proxy config to remove the port number from the URL
proxy_pass https://abc.domainname.com:444/images/;
proxy_redirect off;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/Webapp.sock;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_connect_timeout 30s;
include fastcgi_params;
}
I am getting "400 Bad Request The plain HTTP request was sent to HTTPS port nginx/1.13.12" upon Nginx/Docker/SSL configuration. Below is my SSL configuration inside Docker container of Nginx. Please help.
server {
listen 80;
listen 443 ssl;
server_name mydomain.com;
root /usr/share/etc/nginx;
index index.html index.htm index.php;
if ($scheme = http)
{
return 301 https://$server_name$request_uri;
}
ssl on;
ssl_certificate /etc/ssl/certs/mydomain.crt;
ssl_certificate_key /etc/ssl/private/mydomain.key;
ssl_session_timeout 5m;
location /{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost;
proxy_read_timeout 180;
proxy_redirect off;
proxy_redirect http://localhost $scheme://mydomain.com;
proxy_http_version 1.1;
proxy_request_buffering off;
}
}