My Bitbucket instance is running in an Ubuntu server.
The initial installation was done by following the wizard and in that moment it was set the default port 7990.
Now I would like to change it to use the port 443, so as per the official documentation it can be easily done by changing the value server.port in the shared/bitbucket.properties file.
However, after that change, the server is not even listening in the new configured port.
Bitbucket is started as root user.
Why is bitbucket not taking into account the port modification?
Fixed after configuring a Nginx server which will do relay between port 7990 and 443.
Config bitbucket:
server.port=7990
server.proxy-name=******************
server.proxy-port=443
server.scheme=https
jdbc.url=jdbc\:postgresql\://localhost\:5432/bitbucket
jdbc.driver=org.postgresql.Driver
jdbc.user=******************
jdbc.password=*************
Config Nginx:
server {
location / {
proxy_pass http://localhost:7990;
proxy_redirect off;
server_tokens off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 443 default ssl http2;
server_name ******************;
ssl_certificate "******************";
ssl_certificate_key "******************";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 0;
location / {
proxy_pass http://localhost:7990;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
}
Related
One of the website is not accessible via nginx reverse proxy when we have configuration files of two different websites (hosted on two docker containers) palced under /etc/nginx/conf.d. The configuration files are as follows
Website 1: /etc/nginx/conf.d/tr.conf
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/tr.crt;
ssl_certificate_key /etc/nginx/ssl/tr.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name trac.internal.local;
location /trend {
proxy_pass http://tr/trend:9090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://tr/trend /;
}
}
Website 2: /etc/nginx/conf.d/pageview.conf
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/pageview.crt;
ssl_certificate_key /etc/nginx/ssl/pageview.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name pageview.internal.local;
location /pageview {
proxy_pass http://pageviewfront:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://pageviewfront /;
}
}
I have the following NGINX that works without issue for root https / . However whenever I try to change location / { to a subdomain like location /example { it breaks everything. if you go to domain.com/exmaple it takes you to a 404 error no matter where you go.
############## Jupyter ####################
server {
listen 0.0.0.0:443 ssl;
server_name domain.com
www.domain.com;
ssl_certificate /etc/nginx/self.crt;
ssl_certificate_key /etc/nginx/self.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_session_cache builtin:1000 shared:SSL:10m;
access_log /var/log/nginx/jupyter.log ;
error_log /var/log/nginx/jupyter.error.log debug;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jupyter;
proxy_read_timeout 90;
}
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
proxy_pass http://jupyter;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
}
}
You're missing the root parameter in your nginx configuration.
You should check in the guide how to use it http://nginx.org/en/docs/beginners_guide.html
It reports you should do something like
location / {
root /var/www/webapp/public; // something like that
// .. config
}
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
root /var/www/webapp/api; // something like that
// .. config
}
I am running Nginx server with the puma on https. I configured Letsencrypt for SSL verification. The problem is that the server is running fine but when I try to create a user through devise it throws this error
"HTTP Origin header (https://example.com) didn't match request.base_url (http://example.com)"
I tried to modify the nginx.conf configuration as specified over here
https://github.com/rails/rails/issues/22965#issuecomment-172929004
but still, no luck here is my configuration file
upstream puma {
server unix:///home/ubuntu/blue_whale/example/shared/tmp/sockets/gofickle-puma.sock;
}
server
{
listen 443 ssl default;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /home/ubuntu/blue_whale/example/current/public;
access_log /home/ubuntu/blue_whale/example/current/log/nginx.access.log;
error_log /home/ubuntu/blue_whale/example/current/log/nginx.error.log info;
add_header Strict-Transport-Security “max-age=31536000”;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://puma;
}
I have the exact same setup as you and mine is working with the below proxy config:
location #rails {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://rails_app;
}
I think it might be the X-Forwarded-Proto and SSL that might be causing your issue, it isn't necessary behind the proxy.
I am getting "400 Bad Request The plain HTTP request was sent to HTTPS port nginx/1.13.12" upon Nginx/Docker/SSL configuration. Below is my SSL configuration inside Docker container of Nginx. Please help.
server {
listen 80;
listen 443 ssl;
server_name mydomain.com;
root /usr/share/etc/nginx;
index index.html index.htm index.php;
if ($scheme = http)
{
return 301 https://$server_name$request_uri;
}
ssl on;
ssl_certificate /etc/ssl/certs/mydomain.crt;
ssl_certificate_key /etc/ssl/private/mydomain.key;
ssl_session_timeout 5m;
location /{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost;
proxy_read_timeout 180;
proxy_redirect off;
proxy_redirect http://localhost $scheme://mydomain.com;
proxy_http_version 1.1;
proxy_request_buffering off;
}
}
I'm using a Nginx-proxy in a docker-container. And I have to run multiple applications on a server. I want to run them all in a docker container except one. I run Jira an Confluence in container. It took me a lot of time to configure the applications and the Nginx-config. Now I want to run Graylog2 on the Server aswell and I'm facing kind of the same problems like in Jira/Confluence. I guess it's maybe because I don't really understand how all this works. Thats why I made the following image:
Thats how I understand the reverse proxy. The nginx-conf looks like this:
upstream jenkins {
server 43.3.34.333:8080 fail_timeout=0;
}
upstream docker-jira {
server jira:8080;
}
upstream docker-conf {
server conf:8090;
}
upstream docker-graylog {
server graylog:9000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mySite.de;
return 301 https://mySite.de;
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mySite.de;
include snippets/ssl-mySite.de;
include snippets/ssl-params.conf;
location /jenkins {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jenkins;
proxy_redirect http://jenkins $scheme://mySite.de;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
client_max_body_size 2M;
}
location /graylog {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-jira/jira;
client_max_body_size 100M;
add_header X-Frame-Options ALLOW;
}
location /confluence {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://docker-conf/confluence;
proxy_redirect http://docker-conf/confluence https://mySite.de;
client_max_body_size 100M;
add_header X-Frame-Options SAMEORIGIN;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://mySite.de:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
client_max_body_size 100M;
}
}
To run Graylog2 behind a proxy you have to set some settings(Graylog2 docu):
set web_listen_uri
set rest_listen_uri
set web_endpoint_uri
I did it like this:
rest_listen_uri = http://localhost:9000/api/
web_listen_uri = http://localhost:9000/graylog
GRAYLOG_WEB_ENDPOINT_URI: https://mySite.de/api
When I got to https://mySite.de/graylog I get a 502 Bad Gateway Error. Nginx-log:
connect() failed (111: Connection refused) while connecting to upstream, client: 33.11.102.157, server: mySite.de, request: "GET /graylog HTTP/2.0", upstream: "http://172.18.0.9:9000/graylog", host: "mySite.de"
My Network:
NETWORK ID NAME DRIVER SCOPE
6c9de2d6b0ac MyNet bridge local
I don't really get it.
Leave your 80–>443 redirect you have with NGINX doing the SSL termination, then sending to backend over http.
Change these to listen on the LAN IP or docker DNS name:
web_listen_uri = http://docker-graylog:9000/graylog
rest_listen_uri = http://docker-graylog:9000/api
Note: The problem with your current config is it is only listening on localhost, and a request coming in externally will never make it to the app, because it’s not listening for external connections. It’s only listening for connections within the graylog container. NGINX can’t reach graylog on localhost:9000 across the LAN.
The bad gateway indicates that your proxy is probably working, but no connections to app can be made.
More details on that:
https://forums.docker.com/t/access-to-localhost-from-bridge-network/22948/2
This config is basically what you already have, but copied it from graylog documentation. Your current proxy config might work as is.
upstream docker-graylog {
server graylog:9000;
}
server
{
listen 443 ssl spdy;
server_name mySite.de;
# <- your SSL Settings here!
location /graylog
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/api;
proxy_pass http://docker-graylog/graylog;
}
}