I have the application written in Rails and Ember frontend for it. It is accessible by nginx server. Here is configuration for Rails part:
upstream app_project_app {
server unix:///tmp/project.sock fail_timeout=0;
}
And here is configuration for ember part:
server {
listen 80;
server_name project.demo.domain.pl;
root /home/lunar/apps/project-ember/current;
try_files /system/maintenance.html $uri/index.html $uri.html $uri #app;
access_log /var/log/nginx/project_app_access.log;
error_log /var/log/nginx/project_app_error.log;
keepalive_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_connect_timeout 60;
if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){
return 405;
}
location ~ ^/assets/ {
expires max;
add_header Cache-Control public;
add_header ETag "";
break;
}
location = /favicon.ico {
expires max;
add_header Cache-Control public;
}
location / {
try_files $uri/index.html $uri.html $uri #app;
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 502 503 504 /500.html;
error_page 403 /403.html;
}
location #app {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://app_project_app;
}
}
Now the application grown and has websockets server (using faye). And the client can't connect to the server:
WebSocket connection to 'ws://project.demo.domain.pl/faye' failed: Error during WebSocket handshake: Unexpected response code: 400
I've read, that I need to enable SSL for this handshake. How can I do this in nginx? I also read, that I don't need to use https and I can use SSL only for websockets, is it true? And if yes, how should look configuration for nginx in this case?
For websocket support you need add the following directives in your #app location block
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgradeā;
Read more here
Related
Below is my AWS NGINX config file. I am using rich text with active storage in my new rails app after upload when i am trying to open a file it gives me 404 error in production where in development it works really fine.
files:
/etc/nginx/conf.d/proxy.conf:
mode: "000755"
owner: root
group: root
content: |
upstream backend {
server unix:///var/run/puma/my_app.sock;
}
log_format logd '$msec"$uri"'
'$status"$request_time"$upstream_response_time"'
'$http_x_forwarded_for';
server {
listen 80;
server_name _ localhost; # need to listen to localhost for worker tier
return 301 https://$host$request_uri;
}
server {
listen 443;
charset UTF-8;
server_name _ localhost; # need to listen to localhost for worker tier
root /var/app/current/public;
# try_files $uri/index.html $uri /deploy/$uri /deploy/$uri.html /deploy/$uri.js #puma;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/access.log main;
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour logd;
# 413 Request Entity Too Large
client_max_body_size 50M;
large_client_header_buffers 8 32k;
location / {
try_files $uri /deploy/$uri /deploy/$uri.html /deploy/$uri.js #puma;
}
location #puma{
proxy_pass http://backend;
# proxy_pass http://backend; # match the name of upstream directive which is defined above
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_redirect off;
#break;
}
location /assets {
alias /var/app/current/public/assets;
allow all;
}
location ~ \.(png|jpg|jpeg|gif|ico|html|woff|woff2|ttf|svg|eot|otf|pdf)$ {
expires max;
access_log off;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc|pdf)$ {
access_log off;
add_header Cache-Control "max-age=2592000";
}
if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
return 405;
}
if (-f $document_root/system/maintenance.html) {
return 503;
}
}
Whenever i open Link with file extension it shows me 404 error but if i open the same link without file extension it works Link without file extension. Not sure what i am doing wrong please help
Try disabling the below blocks in your Nginx, this might fix it
location ~ \.(png|jpg|jpeg|gif|ico|html|woff|woff2|ttf|svg|eot|otf|pdf)$ {
gzip_static on;
gzip on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_vary on;
gzip_proxied any;
expires max;
access_log off;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc|pdf)$ {
access_log off;
add_header Cache-Control "max-age=2592000";
}
I've got a problem with proxying of subdomain's name from nginx to rails server. In my rails app I have links like tenant1.localhost:3000, tenant2.localhost:3000, etc. and it works fine. On production I use Nginx + Puma and nginx doesn't proxy to puma any request if I open link with subdomain.
nginx.conf
upstream puma_muninn {
server app:3000;
}
server {
listen 80;
client_max_body_size 4G;
keepalive_timeout 10;
error_page 500 502 504 /500.html;
error_page 503 #503;
server_name localhost puma_muninn;
server_name ~^(?<subdomain>.+)localhost$;
root /var/www/muninn/public;
try_files $uri/index.html $uri #puma_muninn;
location #puma_muninn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://$subdomain.puma_muninn;
# limit_req zone=one;
access_log /var/www/muninn/log/nginx.access.log;
error_log /var/www/muninn/log/nginx.error.log;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location = /50x.html {
root html;
}
location = /404.html {
root html;
}
location #503 {
error_page 405 = /system/maintenance.html;
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html break;
}
rewrite ^(.*)$ /503.html break;
}
if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
return 405;
}
if (-f $document_root/system/maintenance.html) {
return 503;
}
location ~ \.(php|html)$ {
return 405;
}
}
production.rb
config.action_dispatch.tld_length = 2
But as I said puma doesn't even get requests from nginx.
Any ideas?
A domain in nginx.conf has to be specific instead of localhost.
I need a help to set some roots in a same server when use unicorn+nginx with rails apps.
My app works when I set only a root.
upstream contab_teste {
server unix:/home/ubuntu/apps/contab/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name default_server;
rails_env production;
try_files $uri $uri/index.html #app;
root /home/ubuntu/apps/contab/public;
location #app {
proxy_pass http://contab_teste;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
When I set another root directory its not works.
I tried in some ways to do like this:
upstream contab_teste {
server unix:/home/ubuntu/apps/contab/shared/sockets/unicorn.sock fail_timeout=0;
}
upstream contab_apresentacao {
server unix:/home/ubuntu/apps/contab_apresentacao/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name default_server;
rails_env production;
try_files $uri $uri/index.html #app;
root /home/ubuntu/apps/contab/public;
location #app {
proxy_pass http://contab_teste;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /apresentacao {
#rewrite ^/apresentacao(.*) /$1 break;
root /home/ubuntu/apps/contab_apresentacao/public;
proxy_pass http://contab_apresentacao;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Someone can help me please?
thanks!
I am trying to configure the server with rails 5, Nginx and Puma. The application is running fine but Actioncable is giving
WebSocket connection to 'ws://server_name.com/cable' failed:
Error during WebSocket handshake: Unexpected response code: 200
Below are my nginx settings,
upstream app {
server unix:/tmp/app.sock fail_timeout=0;
}
server {
listen 80;
server_name server_name.com;
try_files $uri/index.html $uri #app;
client_max_body_size 100M;
location #app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app;
client_max_body_size 10M;
}
location /cable {
proxy_pass http://app/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location ~ ^/(assets|uploads)/ {
root assets_path;
gzip_static on;
expires max;
add_header Cache-Control public;
add_header ETag "";
break;
}
error_page 500 502 503 504 /500.html;
}
In rails in production.rb, I did the settings like below.
config.action_cable.url = 'ws://server_name.com/cable'
Any help will be appreciated.
try to add:
config.action_cable.allowed_request_origins = ['*']
config.action_cable.disable_request_forgery_protection = true
to your config/environments/production.rb file
it works with me, you can check this link also.
and this question
Try using,
location /cable {
proxy_pass http://app; # not http://app/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
And also make sure that you have config.action_cable.allowed_request_origins = [/http:\/\/*/, /https:\/\/*/] in your production.rb if you don't have ssl
Using the websocket-rails gem, I'm able to successfully get a websocket connection straight through puma in development, however, when deployed to production and attempting to access the websocket through nginx (passing off to puma) I have a couple of errors: one in the nginx error log:
[info] 14340#0: *7 upstream timed out (110: Connection
timed out) while proxying upgraded connection, client: 123.45.67.89, server:
foo.com, request: "GET /websocket HTTP/1.1", upstream:
"http://unix:///opt/oneconnect/shared/tmp/sockets/puma.sock:/websocket", host:
"foo.com"
... and one on the javascript console:
WebSocket connection to 'ws://foo.com/websocket' failed: Error during WebSocket handshake: Unexpected response code: 301
I found that nginx (the version I'm using is 1.4.6) is capable of websocket use but requires special configuration, which I've already attemped (getting the errors above). Here's my nginx.conf:
upstream oneconnect {
server unix:///opt/oneconnect/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
listen 443 ssl;
#ssl on;
ssl_certificate /etc/ssl/foo.com.crt;
ssl_certificate_key /etc/ssl/foo.com.key;
root /opt/oneconnect/current/public;
try_files $uri #oneconnect;
access_log /opt/oneconnect/current/log/nginx.access.log;
error_log /opt/oneconnect/current/log/nginx.error.log info;
server_name foo.com;
location ~ ^/(assets)/ {
root /opt/oneconnect/current/public;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location /websocket/ {
proxy_pass http://oneconnect;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location #oneconnect {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://oneconnect;
}
}
I'm assuming that I'm missing something simple, but I'm stumped at this point and have Googled until my eyes started bleeding. If anyone could help it would be much appreciated, or maybe just point me to how to debug these connections (it seems hard to get debug info from a ws connection). Thanks for your time.
Assuming u have already initializer for eventmachine
config/initializers/eventmachine.rb
Thread.new { EventMachine.run } unless EventMachine.reactor_running? && EventMachine.reactor_thread.alive?
nginx site conf:
upstream puma_project_production {
server unix:/var/www/project/shared/tmp/sockets/puma.sock fail_timeout=0;
}
server {
listen 80;
client_max_body_size 4G;
keepalive_timeout 10;
error_page 500 502 504 /500.html;
error_page 503 #503;
server_name localhost project.local;
root /var/www/project/current/public;
try_files $uri/index.html $uri #puma_project_production;
location #puma_project_production {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma_project_production;
# limit_req zone=one;
access_log /var/www/project/shared/log/nginx.access.log;
error_log /var/www/project/shared/log/nginx.error.log;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location = /50x.html {
root html;
}
location = /404.html {
root html;
}
location #503 {
error_page 405 = /system/maintenance.html;
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html break;
}
rewrite ^(.*)$ /503.html break;
}
if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
return 405;
}
if (-f $document_root/system/maintenance.html) {
return 503;
}
location /websocket {
proxy_pass http://puma_project_production;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ \.(php|rb)$ {
return 405;
}
}