I am using following nginx configurations:
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
include /etc/nginx/mime.types;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
upstream myapp.co {
server 127.0.0.1:8080;
}
server{
listen 80;
server_name myapp.co;
rewrite ^ https://myapp.co$request_uri? permanent;
}
server {
listen 443 ssl;
server_name myapp.co;
root /home/deployer/myapp/public;
ssl on;
ssl_certificate /etc/nginx/certs/myapp.co.crt;
ssl_certificate_key /etc/nginx/certs/myapp.co.private.key;
#server_name myapp.co _;
#root /home/deployer/myapp/public;
location / {
proxy_set_header X_FORWARDED_PROTO $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header CLIENT_IP $remote_addr;
proxy_redirect http:// https://;
if (!-f $request_filename) {
proxy_pass http://myapp.co;
break;
}
if (-f $document_root/system/maintenance.html) {
return 503;
}
}
}
}
The issue: when I load http://www.myapp.co, I get the error message
Welcome to nginx
But if I set to the browser
https://www.myapp.co
https://myapp.co
http://myapp.co
Everything is working well.
How can I fix up the proper displaying of the Rails app also for the request http://www.myapp.co?
I am quite amateur with setting up of nginx, so I'll be grateful for every advice.
Thank you
I think, you should set your server_name (in both server sections) like this:
server_name myapp.co www.myapp.co;
Related
I have two nginx reverse proxy on the same machine:
Installed into Ubuntu (takes 80 and 443 ports)
nginx in docker container (takes 445 port and mapped to 443)
The installed nginx should redirect particular domain requests to nginx in docker.
Installed nginx config:
upstream target {
server 127.0.0.1:8891 fail_timeout=0;
}
upstream target_green {
server 127.0.0.1:445 fail_timeout=0;
}
server {
set $rootfolder "/var/www/root/";
set $link "target.domain.example";
listen 443;
server_name target.domain.example;
charset utf-8;
client_max_body_size 1G;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl on;
ssl_certificate /etc/nginx/ssl/bundle.crt;
ssl_certificate_key /etc/nginx/ssl/private_key.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 6m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_dhparam /etc/nginx/dhparam.pem;
access_log /var/www/app/logs/access.log;
error_log /var/www/app/logs/error.log;
gzip on;
location / {
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://target;
}
location /ws/ {
proxy_pass http://target;
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /static {
gzip_vary on;
gzip on;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_comp_level 3;
gzip_types text/plain application/xml application/x-javascript text/css;
root /var/www/root/static/;
}
location /media {
gzip_vary on;
gzip on;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_comp_level 3;
gzip_types text/plain application/xml application/x-javascript text/css;
root /var/www/root/media/;
}
}
server {
listen 443 ssl;
server_name "target-green.domain.example";
charset utf-8;
client_max_body_size 1G;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl on;
ssl_certificate /etc/nginx/ssl/bundle.crt;
ssl_certificate_key /etc/nginx/ssl/private_key.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 6m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_dhparam /etc/nginx/dhparam.pem;
access_log /var/www/app/logs/access.log;
error_log /var/www/app/logs/error.log;
gzip on;
location / {
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://target_green;
}
}
nginx-in-docker config:
server {
set $rootfolder "/var/www/app/";
set $app "http://app:8891";
set $ws "http:/app-ws:10000";
listen 443 ssl;
# Docker DNS
resolver 127.0.0.11;
server_name "target-green.domain.example";
charset utf-8;
client_max_body_size 1G;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl_certificate /etc/nginx/ssl/ssl_certificate;
ssl_certificate_key /etc/nginx/ssl/ssl_certificate_key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 6m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_dhparam /etc/nginx/ssl_dhparam;
access_log /var/www/app/logs/access.log;
error_log /var/www/app/logs/error.log;
location / {
proxy_connect_timeout 159s;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass $app;
}
location /ws/ {
proxy_pass $ws;
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /static {
gzip_min_length 1100;
gzip_comp_level 3;
root $rootfolder/frontend/;
}
location /media {
gzip_min_length 1100;
gzip_comp_level 3;
root $rootfolder/;
}
}
Unfortunately, in the browser, I see target-green.domain.example redirected you too many times.
Hi have a docker that builds my frontend(gatsby) and backend(flask) into a single docker file.
I can run my backend if i use my current config that only deploys the backend.
What i need is to deploy both backend and frontend.
I use supervisord to launch uwsgi and nginx.
My dockerfile tree:
---app
---backend
---dev_maintenance
__init__.py
---frontend
---src
---node_modules
---public
nginx.conf
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
client_body_temp_path /spool/nginx/client_temp 1 2;
fastcgi_temp_path /spool/nginx/fastcgi_temp 1 2;
proxy_temp_path /spool/nginx/proxy_temp 1 2;
scgi_temp_path /spool/nginx/scgi_temp 1 2;
uwsgi_temp_path /spool/nginx/uwsgi_temp 1 2;
server {
listen 8080;
server_name localhost;
access_log /var/log/nginx/access.log;
location / {
try_files $uri #dev_maintenance;
}
location #dev_maintenance {
include uwsgi_params;
uwsgi_pass unix:///run/uwsgi.sock;
}
location /static {
alias /opt/repo/src/static;
expires 1d;
}
}
}
I was trying something like this:
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
client_body_temp_path /spool/nginx/client_temp 1 2;
fastcgi_temp_path /spool/nginx/fastcgi_temp 1 2;
proxy_temp_path /spool/nginx/proxy_temp 1 2;
scgi_temp_path /spool/nginx/scgi_temp 1 2;
uwsgi_temp_path /spool/nginx/uwsgi_temp 1 2;
server {
listen 8080;
server_name localhost;
access_log /var/log/nginx/access.log;
location / {
proxy_pass http://client:3000;
proxy_redirect default;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api {
proxy_pass http://api:5000;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
location #dev_maintenance {
include uwsgi_params;
uwsgi_pass unix:///run/uwsgi.sock;
}
location /static {
alias /opt/repo/src/static;
expires 1d;
}
}
}
supervisord.conf
[unix_http_server]
file=/run/supervisor.sock
chmod=0770
[supervisord]
nodaemon=true
pidfile=/run/pid/supervisord.pid
logfile=/var/log/supervisor/supervisord.log
childlogdir=/var/log/supervisor
logfile_maxbytes=50MB
logfile_backups=1
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///run/supervisor.sock
[program:nginx]
command=/usr/sbin/nginx -g "daemon off;" -c /etc/nginx/nginx.conf
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
[program:uwsgi]
command=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-available/uwsgi.ini
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
uswgi.ini
[uwsgi]
master = true
module= dev_maintenance:app
callable=app
buffer-size=65535
lazy=true
socket = /run/uwsgi.sock
Does not work of course , I'am new to this and it's confusing to learn it. any help?
So i fixed the problem, i needed to copy my frontend Gatsby build that is generated in the docker when i run npm run build to the /opt/repo/src/static folder and change the location /api to:
location /api {
try_files $uri #dev_maintenance;
}
I need a help to set some roots in a same server when use unicorn+nginx with rails apps.
My app works when I set only a root.
upstream contab_teste {
server unix:/home/ubuntu/apps/contab/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name default_server;
rails_env production;
try_files $uri $uri/index.html #app;
root /home/ubuntu/apps/contab/public;
location #app {
proxy_pass http://contab_teste;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
When I set another root directory its not works.
I tried in some ways to do like this:
upstream contab_teste {
server unix:/home/ubuntu/apps/contab/shared/sockets/unicorn.sock fail_timeout=0;
}
upstream contab_apresentacao {
server unix:/home/ubuntu/apps/contab_apresentacao/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name default_server;
rails_env production;
try_files $uri $uri/index.html #app;
root /home/ubuntu/apps/contab/public;
location #app {
proxy_pass http://contab_teste;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /apresentacao {
#rewrite ^/apresentacao(.*) /$1 break;
root /home/ubuntu/apps/contab_apresentacao/public;
proxy_pass http://contab_apresentacao;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Someone can help me please?
thanks!
Using the websocket-rails gem, I'm able to successfully get a websocket connection straight through puma in development, however, when deployed to production and attempting to access the websocket through nginx (passing off to puma) I have a couple of errors: one in the nginx error log:
[info] 14340#0: *7 upstream timed out (110: Connection
timed out) while proxying upgraded connection, client: 123.45.67.89, server:
foo.com, request: "GET /websocket HTTP/1.1", upstream:
"http://unix:///opt/oneconnect/shared/tmp/sockets/puma.sock:/websocket", host:
"foo.com"
... and one on the javascript console:
WebSocket connection to 'ws://foo.com/websocket' failed: Error during WebSocket handshake: Unexpected response code: 301
I found that nginx (the version I'm using is 1.4.6) is capable of websocket use but requires special configuration, which I've already attemped (getting the errors above). Here's my nginx.conf:
upstream oneconnect {
server unix:///opt/oneconnect/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
listen 443 ssl;
#ssl on;
ssl_certificate /etc/ssl/foo.com.crt;
ssl_certificate_key /etc/ssl/foo.com.key;
root /opt/oneconnect/current/public;
try_files $uri #oneconnect;
access_log /opt/oneconnect/current/log/nginx.access.log;
error_log /opt/oneconnect/current/log/nginx.error.log info;
server_name foo.com;
location ~ ^/(assets)/ {
root /opt/oneconnect/current/public;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location /websocket/ {
proxy_pass http://oneconnect;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location #oneconnect {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://oneconnect;
}
}
I'm assuming that I'm missing something simple, but I'm stumped at this point and have Googled until my eyes started bleeding. If anyone could help it would be much appreciated, or maybe just point me to how to debug these connections (it seems hard to get debug info from a ws connection). Thanks for your time.
Assuming u have already initializer for eventmachine
config/initializers/eventmachine.rb
Thread.new { EventMachine.run } unless EventMachine.reactor_running? && EventMachine.reactor_thread.alive?
nginx site conf:
upstream puma_project_production {
server unix:/var/www/project/shared/tmp/sockets/puma.sock fail_timeout=0;
}
server {
listen 80;
client_max_body_size 4G;
keepalive_timeout 10;
error_page 500 502 504 /500.html;
error_page 503 #503;
server_name localhost project.local;
root /var/www/project/current/public;
try_files $uri/index.html $uri #puma_project_production;
location #puma_project_production {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma_project_production;
# limit_req zone=one;
access_log /var/www/project/shared/log/nginx.access.log;
error_log /var/www/project/shared/log/nginx.error.log;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location = /50x.html {
root html;
}
location = /404.html {
root html;
}
location #503 {
error_page 405 = /system/maintenance.html;
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html break;
}
rewrite ^(.*)$ /503.html break;
}
if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
return 405;
}
if (-f $document_root/system/maintenance.html) {
return 503;
}
location /websocket {
proxy_pass http://puma_project_production;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ \.(php|rb)$ {
return 405;
}
}
While these files are being served in development fine, and also in production on my local machine, these are not served on live production. I get a 404 not found error. Everything else is working fine. These files are present in the public directory of the app (-approot-/public)
I am using nginx and unicorn over the live server. My nginx/sites-available/default file:
upstream example.com {
server unix:/tmp/example.socket fail_timeout=0;
}
server {
listen 80 default;
server_name example.com www.example.com;
root /home/myuser/apps/example/current/public;
access_log /var/log/nginx/access.log;
rewrite_log on;
location / {
proxy_pass http://example.com;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ ^/(images|javascripts|stylesheets|assets|system)/ {
root /home/myuser/apps/example/current/public;
expires max;
break;
}
}
You write one more location rule like
server {
listen 80 default;
server_name example.com www.example.com;
root /home/myuser/apps/example/current/public;
access_log /var/log/nginx/access.log;
rewrite_log on;
location / {
proxy_pass http://example.com;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ ^/(images|javascripts|stylesheets|assets|system)/ {
root /home/myuser/apps/example/current/public;
expires max;
break;
}
location ~ ^/(robots.txt|sitemap.xml.gz)/ {
root /home/myuser/apps/example/current/public;
}
}
Append this to etc/nginx/sites-available/default:
location ~ ^/(robots.txt|sitemap.xml.gz) {
root /home/<user>/apps/<appname>/current/public;
}
Append this to etc/nginx/sites-available/{your-app-config-file}:
location ~ .*(robots.txt|sitemap.xml.gz) {
# if you already set root above, then the following line is not needed.
root /path_to_app/public;
}