I'm running a rails application on Ruby 2.0/Puma instances and am trying to customize the nginx configuration. I need to increase the permitted request size to allow file uploads. I've found some other posts that have lead me to add this to my .ebextensions:
files:
"/etc/nginx/conf.d/proxy.conf" :
mode: "000755"
owner: root
group: root
content: |
client_max_body_size 70M;
That does create the file as expected, but it doesn't seem to work until I manually restart nginx. Because of that, I've tried to figure out a way to restart nginx with .ebextensions commands, but haven't had any success. Does anyone know of a way to restart nginx with .ebextensions or know of a better approach to solving this problem?
I found a way to restart nginx after deployment using an undocumented technique for running post-deployment scripts. I added this to my .ebextensions:
files:
"/opt/elasticbeanstalk/hooks/appdeploy/post/03_restart_nginx.sh":
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
service nginx restart
To reload the nginx config, you can use container_commands
From http://www.infoq.com/news/2012/11/elastic-beanstalk-config-files:
The container_commands key allows you to execute commands for your container. They are run after the application and web server have been set up and the application has been extracted, but before the application is deployed. container_commands are processed in lexicographical order by name.
container_commands:
01_reload_nginx:
command: "service nginx reload"
I might be a little late with the response here, but I've discovered another, less intrusive way to configure nginx on Elastic Beanstalk.
You can specify configuration files for nginx directly by creating an .ebextensions/nginx/conf.d directory. Any config files found inside are automatically copied to your /etc/nginx/conf.d/ directory during the EB deployment.
This seems to be a more robust solution.
Documentation available here:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-se-nginx.html
EDIT: As pointed out in comments, Elastic Beanstalk has inconsistent implementations between platforms. The documentation here is for Java SE, and it appears this documentation is not relevant for all platforms.
this is my configuration and worked for me. You have to include it inside of the http block.
files:
"/etc/nginx/conf.d/proxy.conf" :
mode: "000755"
owner: root
group: root
content: |
http {
client_max_body_size 20M;
}
The following worked for me (I increased my HTTP payload to 100M - please adjust if you'd like to increase to another size):
files:
"/etc/nginx/conf.d/proxy.conf":
mode: "000755"
owner: root
group: root
content: |
client_max_body_size 100M;
"/opt/elasticbeanstalk/hooks/appdeploy/post/03_restart_nginx.sh":
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
service nginx restart
I got it working like this. No need to restart or reload nginx since the commands (and not container_commands) runes BEFORE the application deploy.
commands:
01-get-nginx-conf-file:
command: "aws s3 cp s3://somepath/nginx.conf /home/ec2-user"
02-replace-default-nginx-config:
command: "cp /home/ec2-user/nginx.conf /etc/nginx/nginx.conf"
I had a similar situation with a Docker deployment into Elastic Beanstalk. I was able to solve the change as well as the nginx reload with a single config file here: <app>/.ebextensions/increase_upload_size.config including the following code:
container_commands:
01_reload_nginx:
command: "sudo service nginx reload"
files:
"/etc/nginx/conf.d/proxy.conf" :
mode: "000644"
owner: root
group: root
content: |
client_max_body_size 20M;
The change was implemented when I did an "Upload and Deploy" within EB.
I was able to get it working by adding the configuration files under the .platform directory as noted in https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html. I created a file .platform/nginx/conf.d/increase_upload_size.conf with the following code and just did a standard deploy
client_max_body_size 10M;
Related
I'm trying to run Nginx as the docker container on SELinux enabled server with mounted configuration as
-v /host/path/nginx.conf:/etc/nginx/nginx.conf:Z
That works fine till I will deploy updated configuration using ansible playbook (user/group root and mode 0644) as:
tasks:
- name: remove NGINX conf
file:
path: "/host/path/nginx.conf"
state: absent
become: true
- name: copy NGINX conf
become: true
copy:
src: "../nginx-conf/nginx.conf"
dest: "/host/path/nginx.conf"
mode: 0640
owner: root
group: root
and then reload nginx in the container as
docker container exec nginx-service nginx -s reload
that will error out with Permission Denied (13) to deployed configuration.
When I will check permissions to /host/path/nginx.conf those are correct (user/group:root and mode 0644) but for some reason nginx is not able to read that file.
When I will get inside the container and check /etc/nginx/nginx.conf permissions there are not carried over - they show up as question marks.
Any clue how to get it to work without reloading whole container just nginx service?
I have a docker webserver and I'm mounting my ./uploads/ folder into /uploads/ but to get it to work I have to do
location ~ /uploads/ {
root /;
}
Nginx says not to use root /;, but I'm, not sure if I'm ok doing this because its actaully going to /uploads/ Nginx wiki
Is this ok or what can I do for this to be correct & secure
As the documentation says, map your './uploads' to '/usr/share/www/uploads' and then you won't have any issues. And replace /uploads/ with the new location and remove the "root /" declaration that should definitely not be there.
I have enabled uwsgi module for metricbeat. But, logs doesn't appear on kibana. I am using default uwsgi.yml for metricbeat and it looks like this.
# Module: uwsgi
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/6.5/metricbeat-modul-uwsgi.html
- module: uwsgi
#metricsets:
# - status
period: 10s
hosts: ["tcp://127.0.0.1:9090"]
I've even tried to find port uwsgi is running on, but I failed. How should I change uwsgi.yml file to make it work properly? I've never used uwsgi myself and my linux knowledge is pretty basic. Thanks in advance.
You need to add this line in your uwsgi config (normally in /etc/uwsgi/apps-enabled/yourapp.ini):
stats = 127.0.0.1:9090
I have a UWSGI running behind Nginx proxy server. I tried to benchmark my backend instance using Apache bench. At one point in time, I get Too many open files (24) error when I run the command ab -c 1100 -n 2000 https://example.com/test.
I changed the ulimits of my ECS Instance as well as the docker containers and confirmed it by typing ulimit -n which returns 100000 in both the locations.
I cross checked the Individual NGINX, Uwsgi processes limits by opening the /proc/PID where the Max open files is set to 100000.
The worker_connections and worker_rlimit_nofile parameters in /etc/nginx/nginx.conf are also set to highest limit possible.
I have provisioned a scalable EB(Elasticbeanstalk) rails(puma) instance. I have applied for https through ACM(Amazon Certificate Manager) and applied it to my load balancer. HTTPS is enabled for my website now. But how do I force redirect to https? I have tried a number of solutions online where it was suggested to make a nginx configuration setting manually through .ebextensions and I am not sure where to get the certificate from ACM for this?(I am assuming that is not possible with ACM right now?). How do I force HTTPS?
The current AWS EB Rails and Node.js setups both use nginx (if your web server is apache see this answer), so the following should work (adapted from this question):
Create the file .ebextensions/01-force-https.config (the .config is important, not .conf) with the following content.
If your environment is a single instance:
files:
"/etc/nginx/conf.d/01-force-https.conf":
owner: root
group: root
mode: "000644"
content: |
server {
listen 8080;
return 301 https://$host$request_uri;
}
If your environment is load balanced, you unfortunately cannot simply add to the existing config but need to modify it with sed:
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 80;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
logger -t nginx_rw "https rewrite rules added"
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
Then add it to your git repo or app bundle and eb deploy. This creates /etc/nginx/conf.d/01-force-https.conf which is automatically included from /etc/nginx/nginx.conf. Note that eb deploy won't delete the file on the server if you later remove the corresponding file from .ebextensions. Also, I found the following helpful in debugging through eb ssh:
sudo service nginx configtest
sudo service nginx restart
AWS has a help article for HTTP to HTTPS redirection here:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-httpredirect.html
It covers 2 main approaches, and has links to the relevant scripts you can use to do it all for you (which they maintain as they update the Elastic Beanstalk platform).