I am having a problem, I have set a nginx auth for my rails backend site which I am connecting with my rails frontend site using activeresource using self.user and self.password, everything works fine but when its loading images the backend site still asks for user name and login.
Any idea how to fix this?
Nginx config:
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# Phusion Passenger config
##
# Uncomment it if you installed passenger or passenger-enterprise
##
passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
nginx site config:
server {
listen 80;
listen [::]:80;
server_name servername.com;
passenger_enabled on;
passenger_friendly_error_pages on;
passenger_ruby /home/deploy/.rvm/gems/ruby-2.3.1/wrappers/ruby;
rails_env production;
root /home/deploy/project_name/current/public/;
location / {
passenger_enabled on;
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
I fixed this issue by adding an exception for image files.
location ~* \.(jpe?g|png|gif|ico)$ {
satisfy any;
auth_basic off;
}
Related
This is a follow up to Turn off https in Docker with some more information. I still haven't figured it out.
I asked in the Docker slack group and they are convinced it's coming from the nginx or traefik config.
In Firefox there is a SSL_ERROR_UNRECOGNIZED_NAME_ALERT error, and in Chrome it's the similar ERR_SSL_UNRECOGNIZED_NAME_ALERT. I'm not finding out much about either of those by searching.
My nginx config:
user nginx;
daemon off;
worker_processes auto;
error_log /proc/self/fd/2 debug;
events {
worker_connections 1024;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
fastcgi_buffers 16 32k;
fastcgi_buffer_size 32k;
fastcgi_intercept_errors on;
fastcgi_read_timeout 900;
include fastcgi_params;
access_log /proc/self/fd/1;
port_in_redirect off;
send_timeout 600;
sendfile on;
client_body_timeout 600;
client_header_timeout 600;
client_max_body_size 256M;
client_body_buffer_size 16K;
client_header_buffer_size 4K;
large_client_header_buffers 8 16K;
keepalive_timeout 60;
keepalive_requests 100;
reset_timedout_connection off;
tcp_nodelay on;
tcp_nopush on;
server_tokens off;
upload_progress uploads 1m;
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 2;
gzip_http_version 1.1;
gzip_min_length 20;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fonto
gzip_vary on;
gzip_proxied any;
gzip_disable msie6;
add_header X-XSS-Protection '1; mode=block';
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
map $http_x_forwarded_proto $fastcgi_https {
default $https;
http '';
https on;
}
map $uri $no_slash_uri {
~^/(?<no_slash>.*)$ $no_slash;
}
upstream backend {
server php:9000;
}
include conf.d/*.conf;
}
My nginx.conf.default:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
My docker-compose.yml is unchanged from the previous question.
I've looked for anthing resembling traefik config and can't find anything.
Things I've tried so far:
swapping things round inside the map $http_x_forwarded_proto $fastcgi_https i.e. default $http; http on; https '';
deleting that whole map block
removing the references to https in line 140 of docker-compose.yml
removing line 143 from docker-compose.yml
removing line 147 from docker-compose.yml
creating a self-signed certificate for localhost
sackcloth and ashes
I'm genuinely at a loss, any help appreciated.
After more tests from OP, and other user's comments: it seemed that the redirection (HTTP to HTTPS) was occurring after Nginx handled the request.
OP also tested using a single index.html file and was not redirected to HTTPS: confirming that the redirection came from PHP (or at least not from Nginx).
The next steps were to look into Drupal configuration, and/or htaccess configuration. OP changed some Drupal configuration (about redirections), and successfully got the drupal setup page working with HTTP only.
Best in those case is always to try to pin-point the where the issue come from:
Make your Nginx configuration minimal: simple index.html
Clear browser cache regularly: they sometimes cache the redirection
Check/remove htaccess to see if behavior changes
Finally, if Nginx is "clean" from any issue, and htaccess doesn't seem to be the issue: it's mostly "after", so the issue may come from "to who Nginx is sending the request"
From "large" frameworks/CMS like Drupal, Woocommerce, Laravel... Redirection is usually handled "easily" from configuration files or DB settings.
When you have custom code handling redirections: it'll need debugging
I used this guide to setup server.
Here are my configs:
nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json
application/javascript text/xml application/xml application/xml+rss
text/javascript;
##
# Phusion Passenger config
##
# Uncomment it if you installed passenger or passenger-enterprise
##
#include /etc/nginx/passenger.conf;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
nginx/mysite1
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name mysite1.com;
client_max_body_size 75m;
access_log /var/log/nginx/mysite1.access.log;
error_log /var/log/nginx/mysite1.error.log;
root /home/deploy/www/mysite1/public;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
}
}
nginx/mysite2
server {
listen 80;
#listen [::]:80 ipv6only=on;
server_name mysite2.com;
client_max_body_size 100m;
access_log /var/log/nginx/mysite2.access.log;
error_log /var/log/nginx/mysite2.error.log;
root /home/deploy/www/mysite2/public;
location / {
proxy_pass https://127.0.0.1:8181;
proxy_set_header Host $host;
}
}
mysite1 is working fine, but when I go to mysite2, I see mysite1.
I think the passenger is ok, cause I have passenger.8080.pid and passenger.8181.pid in direcories mysite1 and mysite2, respectively.
Run out of ideas, so asking for help.
So, the reason why I stuck is ... comma!
Somehow I separated domains with a comma. That is it.
When i open my rails app on server i get an nginx error, in the log it says:
/home/deploy/kingdoms/current/public/index.html" is not found (2: No
such file or directory)
I think it has something to do with
passenger.conf
passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /home/deploy/.rbenv/shims/ruby;
nxing conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Phusion Passenger config
##
# Uncomment it if you installed passenger or passenger-enterprise
##
include /etc/nginx/passenger.conf;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
I figured it out, the guide on gorails had the wrong public path in the sites enabled config
Go to /etc/nginx/sites-enabled/yourApp
look for the line that starts with root and set the directory to the location of your app. e.g
root /var/www/yourApp/current/public
then restart nginx sudo service nginx restart
That will solve it
I am trying to get a passenger + nginx instance running. Passenger has been successfully installed however, when going to to http://lakemagazine.northcentralus.cloudapp.azure.com/ we are receiving a time out error. So, I looked at nginx:
garrett#lakemag:~$ sudo nginx -t
nginx: [emerg] "server" directive is not allowed here in /etc/nginx/nginx.conf:65
nginx: configuration file /etc/nginx/nginx.conf test failed
Thus, nginx is not running, which I assume is my problem.
Here is my nginx.conf file:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml applic$
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
server {
listen 80;
server name http://lakemagazine.northcentralus.cloudapp.azure.com/;
root /lakemag/public;
passenger_enabled on;
passenger_ruby /home/garrett/.rvm/gems/ruby-2.3.0/wrappers/ruby;
}
}
Line 65 is where my server {} block starts. I am at a loss to my problem - all of the blocks seem to be defined appropriately to me. am I missing something?
*EDIT:
garrett#lakemag:~$ sudo nginx -t
[sudo] password for garrett:
nginx: [warn] server name "http://lakemagazine.northcentralus.cloudapp.azure.com/" has suspicious symbols in /etc/nginx/nginx.conf:65
nginx: [emerg] unknown directive "passenger_enabled" in /etc/nginx/nginx.conf:69
nginx: configuration file /etc/nginx/nginx.conf test failed
After Jorge's solution I am now receiving the above errors.
Where says:
server name http://lakemagazine.northcentralus.cloudapp.azure.com/
should say:
server_name http://lakemagazine.northcentralus.cloudapp.azure.com/
server is a directive to define a server block and to identify what server is you should write a server_name directive into it
http://nginx.org/en/docs/http/server_names.html
To check config file syntax use:
nginx -t
I have a client that wanted SSL on its site so I got the certificate and set up the nginx conf (below is the config) with it. If I dont point the root of the HTTPS part to the real server root it works, but if I set the root to the site files HTTPS gets redirected to HTTP. No error messages.
Any ideas?
user www-data;
worker_processes 4;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
passenger_root /usr/local/rvm/gems/ruby-1.9.3-p448/gems/passenger-4.0.14;
passenger_ruby /usr/local/rvm/wrappers/ruby-1.9.3-p448/ruby;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name www.nope.se;
passenger_enabled on;
root /var/www/current/public/;
#charset koi8-r;
#access_log logs/host.access.log main;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443;
server_name www.nope.se;
ssl on;
ssl_certificate /opt/nginx/cert/www.nope.se.crt;
ssl_certificate_key /opt/nginx/cert/www.nope.se.key;
ssl_session_timeout 10m;
#ssl_protocols SSLv2 SSLv3 TLSv1;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
passenger_enabled on;
root /var/www/current/public/;
# location / {
# root html;
# index index.html index.htm;
# }
}
}
I honestly do not understand your question. But here is some gyan on how a typical nginx-https configuration is done. hope you find it useful.
SSL is a protocol that works one layer below HTTP. Think of it as a tunnel inside which HTTP protocol travels. Hence your SSL certificates are loaded, no matter where you specify them, before any HTTP related configuration. This is also the reason why there should be only one SSL setting per nginx instance.
I recommend that you move your ssl certificate related logic to a separate server block like this.
server {
listen 443 ssl default_server;
ssl_certificate ssl/website.pem;
ssl_certificate_key ssl/website.key;
ssl_trusted_certificate ssl/ca.all.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; # default on newer versions
ssl_prefer_server_ciphers on;
# The following is all one long line. We use an explicit list of ciphers to enable
# forward secrecy without exposing ciphers vulnerable to the BEAST attack
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:AES128-SHA;
# The following is for reference. It needs to be specified again
# in each virtualhost, in both HTTP and non-HTTP versions.
# All this directive does it to tell the browser to use HTTPS version of the site and remember this for a month
add_header Strict-Transport-Security max-age=2592000;
}
I also recommend that you set a 301 redirect in your non-https server block as shown below.
Change this:
server {
listen 80;
server_name www.nope.se;
...
}
to something like this:
server {
listen 80;
server_name www.nope.se;
add_header Strict-Transport-Security max-age=7200;
return 301 https://$host$request_uri;
}
With this in place, when a user visits http://www.nope.se they will be automatically redirected to https://www.nope.se