I've had no luck finding an answer to this, please comment with what information you'd like me to share to help diagnose.
I have a laravel app which works perfectly fine in development, i develop on docker and the live servers use a docker swarm. The login page loads up fine, the database is connected fine and the user exists, but when i log in it just keeps redirecting back to the login screen.
The setup on the production server runs via an nginx reverse proxy to an nginx docker container with a php-fpm container linked. I'm wondering if this is somehow something to do with the reverse proxy which i don't use on the local development copy, so i'm pasting the reverse proxy config in case it helps:
server {
listen 443 ssl;
ssl_certificate /usr/local/etc/ssl/certs/live/example.com/cert.pem;
ssl_certificate_key /usr/local/etc/ssl/certs/live/example.com/privkey.pem;
ssl_session_timeout 10m;
ssl_verify_client off;
server_name admin.example.com;
error_log /usr/share/nginx/logs/error-admin.log;
access_log /usr/share/nginx/logs/access-admin.log;
client_max_body_size 1024M;
location / {
proxy_read_timeout 1800;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_next_upstream error timeout http_502;
proxy_next_upstream_tries 10;
proxy_pass http://admin;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_session_reuse on;
proxy_http_version 1.1;
proxy_set_header X-XSS-Protection 1;
proxy_set_header X-Content-Type-Options nosniff;
proxy_set_header Referrer-Policy origin;
proxy_set_header X-Frame-Options DENY;
proxy_set_header Host admin.example.com;
proxy_request_buffering off;
}
}
As i say let me know if you need any more details from other places, i'm not sure where to look for the answer to this.
The access log of the reverse proxy does show a 302 redirect after posting to login, not sure if this is any help:
8
6.147.208.76 - - [04/Jun/2022:15:20:03 +0000] "POST /login HTTP/1.1" 302 386 "https://admin.example.com/login" "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko)
Version/15.3 Safari/605.1.15"
Related
I have a springboot application running on an Nginx server reverse proxy, inside of the nginx WWW root i have a forums directory i want to access via url/forums. So i am trying to setup a proxy for nginx so when someone goes to the website url/forums it will redirect to the nginx forums directory where i will have my PHP forums.
server {
listen 443 ssl; # Monitor port
server_name realmlands.com www.realmlands.com; # Domain name configuration, can be multiple
ssl_certificate /etc/letsencrypt/live/realmlands.com-0002/fullchain.pem; # Certificate address
ssl_certificate_key /etc/letsencrypt/live/realmlands.com-0002/privkey.pem; # Certificate address
# Fixed Writing
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
# Projects with reverse proxy configuration here
location /forums {
proxy_pass https://localhost:8080/forums;
# Fixed Writing
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
location / {
proxy_pass https://localhost:8443;
# Fixed Writing
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
But what happens when i go to url/forums it seems to redirect the browser to localhost/forums and shows the "This can't be reached".
How can i make it redirect to the nginx forums directory?
I'm trying to deploy my first Clojure WebSocket app and I think I'm getting close. I get a good response locally, and it looks like the endpoint wants to face the outside world (I see that the port is open when I run netstat), but no response. I'm certain that I have something setup incorrectly in nginx.
I currently already host a few other websites on this server, just want to add the necessary config to get requests made to wss://domain.com:8001 to communicate with my app.
Here is the location entry I'm using now:
location / {
proxy_pass http://localhost:8001;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
access_log /var/www/logs/test.access.log;
error_log /var/www/logs/test.error.log;
}
Could anyone help point me in the right direction? My guess is that I actually have too much in the config, and what's there is probably not correct.
** EDIT: ** For interested parties, I put up my working config (based on Erik Dannenberg's answer) in a gist.
You are missing two more headers, a minimal working config:
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
# add the two below
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
# optional, but helpful if you run into timeouts
proxy_read_timeout 86400;
}
So I'm using Laravel Forge's built-in features to generate and integrate a LetsEncrypt certificate. But I'm having issues with getting my subdomains to work.
Whenever I try to go to www.example.com or https://www.example.com, it redirects me to https://example.com. The same happens when I try to add more subdomains, like foo.example.com redirects to https://example.com
I have my domain hosted with Namecheap and set it up as so:
This is my Nginx configuration file as generated by Forge:
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/before/*;
# FORGE CONFIG (DOT NOT REMOVE!)
include upstreams/example.com;
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/example.com/244866/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/244866/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
charset utf-8;
access_log off;
error_log /var/log/nginx/example.com-error.log error;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/server/*;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://386082_app/;
proxy_redirect off;
# Handle Web Socket Connections
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/after/*;
This is the first time I'm using an Nginx server so I'm not sure how to change that. I've tried playing around with my settings in Namecheap DNS settings, and making sure my SSL is generated with all the subdomains, but I don't the the issue is anywhere but within the nginx configuration. Searching around didn't give me a solid solution as I don't want to ward too far away from the default configuration by Forge, yet still manage to this work my way.
Any and all help will be highly appreciated!
Thank you
I am trying to implement leverage browser caching for my flask project nginx. But when i insert the code inside conf file static files are not served by nginx showing 403 permission denied error.
This is my conf file for site in site-enabled
server {
listen 80;
server_name site.in;
root /root/site-demo/;
access_log /var/log/site/access_log;
error_log /var/log/site/error_log;
location / {
proxy_pass http://127.0.0.1:4000/;
proxy_redirect http://127.0.0.1:4000 http://site.in;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
}
When i remove the cache expire part everything works fine. I tried similar question's answers and put root specification. But still error remains same. User specified in nginx.conf is www-data. Do i have to change user?
I've got an Nginx/Gunicorn/Django server deployed on a Centos 6 machine with only the SSL port (443) visible to the outside world. So unless the server is called with the https://, you won't get any response. If you call it with an http://domain:443, you'll merely get a 400 Bad Request message. Port 443 is the only way to hit the server.
I'm using Nginx to serve my static files (CSS, etc.) and all other requests are handled by Gunicorn, which is running Django at http://localhost:8000. So, navigating to https://domain.com works just fine, as do links within the admin site, but when I submit a form in the Django admin, the https is lost on the redirect and I'm sent to http://domain.com/request_uri which fails to reach the server. The POST action does work properly even so and the database is updated.
My configuration file is listed below. The location location / section is where I feel like the solution should be found. But it doesn't seem like the proxy_set_header X-* directives have any effect. Am I missing a module or something? I'm running nginx/1.0.15.
Everything I can find on the internet points to the X-Forwarded-Protocol https like it should do something, but I get no change. I'm also unable to get the debugging working on the remote server, though my next step may have to be compiling locally with debugging enabled to get some more clues. The last resort is to expose port 80 and redirect everything...but that requires some paperwork.
[http://pastebin.com/Rcg3p6vQ](My nginx configure arguments)
server {
listen 443 ssl;
ssl on;
ssl_certificate /path/to/cert.crt;
ssl_certificate_key /path/to/key.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name example.com;
root /home/gunicorn/project/app;
access_log /home/gunicorn/logs/access.log;
error_log /home/gunicorn/logs/error.log debug;
location /static/ {
autoindex on;
root /home/gunicorn;
}
location / {
proxy_pass http://localhost:8000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol https;
}
}
Haven't had time yet to understand exactly what these two lines do, but removing them solved my problems:
proxy_redirect off;
proxy_set_header Host $host;