Can someone explain why it can take a page 30 seconds to timeout? According to Chrome's debugger it is pending on a 404.
And that I don't get. If it is a 404, why doesn't it return page not found right away then?
The nginx config in question looks like this
# redirect http to https
server {
listen ${API_PORT} default_server;
listen [::]:${API_PORT} default_server;
server_name example-api.${SITE_SUFFIX};
return 301 https://$host$request_uri;
}
server {
set $indexhtml 'index.html';
# port to example on. Can also be set to an IP:PORT
listen 8443 ssl;
# sets the domain[s] that this vhost server requests for
server_name example.${SITE_SUFFIX};
ssl_certificate /certs/example.${SITE_SUFFIX}/fullchain.pem;
ssl_certificate_key /certs/example.${SITE_SUFFIX}/privkey.pem;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 4G;
keepalive_timeout 10;
if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
return 405;
}
root /var/www/frontend/public;
error_page 404 #404;
include conf.d/sites/content.conf;
# error page location redirect 302
location #404 {
return 302 /404;
}
}
server {
# port to example on. Can also be set to an IP:PORT
listen 8443 ssl;
# sets the domain[s] that this vhost server requests for
server_name sl.example.${SITE_SUFFIX};
ssl_certificate /certs/sl.example.${SITE_SUFFIX}/fullchain.pem;
ssl_certificate_key /certs/sl.example.${SITE_SUFFIX}/privkey.pem;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 4G;
keepalive_timeout 10;
if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
return 405;
}
error_page 404 #404;
include conf.d/sites/sh.conf;
# error page location redirect 302
location #404 {
return 302 /404;
}
}
Update
This is how it looks after the timeout.
Related
I'm running a nginx on my local machine (macOS) and I want to use it as a reverse proxy. Calling my.local should serve me http://192.168.178.60:8000.
But it looks like as there is a syntax error in my config file. Is it wrong to use two server blocks? If I remove the second one, I can call localhost:8080 and see the default output. If I add the custom server block, I cannot call localhost:8080.
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen my.local:80;
server_name my.local;
location / {
proxy_pass http://192.168.178.60:8000;
}
}
include servers/*;
}
I am working on a Spring Boot app that servers content for 3 types of users. All three users "live" in the same application. I want to configure NGINX to 1) redirect all http to https and 2) redirect traffic as follows:
http to https://www.example.com
http://b2b.example.com to https://b2b.example.com/b2b (Ideally not showing the "/b2b". Here all the b2b spring boot endpoints are listening)
So far this is my NGINX conf:
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name example.com www.example.com;
ssl on;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_session_cache shared:SSL:10m;
access_log ...;
error_log ...;
location / {
proxy_pass http://localhost:5050;
proxy_set_header Host $host;
# re-write redirects to http as to https, example: /home
proxy_redirect http:// https://;
}
}
server {
listen 443;
server_name b2b.example.com;
ssl on;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_session_cache shared:SSL:10m;
access_log ...;
error_log ...;
location / {
proxy_pass http://localhost:5050/b2b;
proxy_set_header Host $host;
# re-write redirects to http as to https, example: /home
proxy_redirect http:// https://;
}
}
On Sring Boot side, all B2B endpoints are listening to a pattern starting with "B2B". So for example the login page for these users is .../B2B/login. Right now if I go to b2b.example.com I get redirected to b2b.example.com/B2B/login. What I want is the browser to show "B2B.example.com/login" and to display the "/B2B/login" page. All the B2B sites omitting the "/B2B" part in the URL.
I am posting the question because the previous attempts have proved to be futile.
I have a rails server using nginx, and I am trying to redirect all http traffic to https.
Here is my nginx.conf file:
upstream backend {
server unix:PROJECT_PATH/tmp/thin1.sock;
server unix:PROJECT_PATH/tmp/thin2.sock;
server unix:PROJECT_PATH/tmp/thin3.sock;
server unix:PROJECT_PATH/tmp/thin4.sock;
server unix:PROJECT_PATH/tmp/thin5.sock;
server unix:PROJECT_PATH/tmp/thin6.sock;
server unix:PROJECT_PATH/tmp/thin7.sock;
server unix:PROJECT_PATH/tmp/thin8.sock;
}
server {
listen 80 default_server;
listen 443 default_server ssl;
server_name app_name;
ssl_certificate path_to_certificate_file.crt;
ssl_certificate_key path_to_certificatefile.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
root PATH_TO_PUBLIC_FOLDER;
access_log path_to_project/log/access.log;
error_log path_to_project/log/error.log;
client_max_body_size 10m;
large_client_header_buffers 4 16k;
location /ping {
echo "pong"
return 200;
}
# Cache static content
location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|swf|wav)$ {
expires max;
log_not_found off;
}
# Status, local only (accessed via ssh+wget)
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
# double slash removal
set $test_uri $host$request_uri;
if ($test_uri != $host$uri$is_args$args) {
rewrite ^/(.*)$ /$1 break;
}
location / {
if ($http_x_forwarded_proto = 'http') {
return 301 https://$server_name$request_uri;
}
try_files $uri #proxy;
}
location #proxy {
proxy_redirect off;
# Inform we are on SSL
proxy_set_header X-Forwarded-Proto https;
# force timeouts if one of backend is died
proxy_next_upstream error timeout invalid_header http_502 http_503;
# Set headers
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend;
}
error_page 500 502 503 504 /500.html;
}
The current configuration causes:
400 Bad Request The plain HTTP request was sent to HTTPS port
You may notice the /ping location. That's because I have the servers behind a GCE balancer that performs a health check, and this is THE ONLY one I do not want to redirect. Everything else should be redirected to HTTPS.
Previous attempts:
server {
listen 80;
server_name app_name;
location /ping {
echo "pong";
return 200;
}
location / {
return 301 https://$server_name$request_uri;
}
}
With the https server part like the current config (with listen 80 default_server commented). This causes a too many redirections error.
I tried to simply redirect ALL traffic to https, including the health check. GCE expects a 200 response and instead it gets a 301, thus marking the machine as unhealthy and rendering the application useless.
I also tried the ssl on; on the https server config, same result (400)
I also tried to toggle the config.force_ssl = true in the rails project to no avail. Every other solution I try fails too.
Did anyone stumble on this also?
It seems the problem was not the Nginx config, but the certificates.
Putting a valid certificate led me to create an https backend and health check. Everything is working fine now.
Below URLs and their header status code. Please note that redirection is happening. But in some cases I see 301 in header and some cases I am not able to see.
https://www.oldsite.com -> 301 found in header
https://oldsite.com -> 301 found in header
http://www.oldsite.com -> No 301 found in header
http://oldsite.com -> No 301 found in header
https://www.newsite.com - Target site
https://newsite.com -> 302 found in header
http://www.newsite.com -> No 301 found in header
http://newsite.com -> No 301 found in header
I have four configuration stated below. Is there anything wrong with any of these configurations. Please note that this is a magento site.
oldsite.com.nginx.conf
server {
listen ipaddress:80;
server_name oldsite.com www.oldsite.com;
root /home/oldsite/web/oldsite.com/public_html;
index index.php index.html index.htm;
location / {
return 301 https://www.newsite.com$request_uri;
}
include /home/oldsite/conf/web/nginx.oldsite.com.conf*;
}
oldsite.com.nginx.ssl.conf
server {
listen ipaddress:443;
server_name oldsite.com www.oldsite.com;
root /home/oldsite/web/oldsite.com/public_html;
index index.php index.html index.htm;
ssl on;
ssl_certificate /home/oldsite/conf/web/ssl.oldsite.com.pem;
ssl_certificate_key /home/oldsite/conf/web/ssl.oldsite.com.key;
location / {
return 301 https://www.newsite.com$request_uri;
}
newsite.com.nginx.conf
server {
listen ipaddress:80;
return 301 https://www.newsite.com$request_uri;
server_name newsite.com www.newsite.com;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
}
newsite.com.nginx.ssl.conf
server {
listen ipaddress:443 http2;
server_name newsite.com www.newsite.com;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
ssl on;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
}
To handle example.com and www.example.com differently, you should split your existing server block into two, and place the desired return statement into one of them.
For example:
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
return 301 https://www.newsite.com$request_uri;
}
server {
listen 443 ssl http2;
server_name www.example.com;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
...
...
...
}
I have a Rails app up and running on my server and now I'd like to add another one.
I want Nginx to check what the request is for and split traffic based on domain name
Both sites have their own nginx.conf symlinked into sites-enabled, but I get an error starting nginx Starting nginx: nginx: [emerg] duplicate listen options for 0.0.0.0:80 in /etc/nginx/sites-enabled/bubbles:6
They are both listening on 80 but for different things.
Site #1
upstream blog_unicorn {
server unix:/tmp/unicorn.blog.sock fail_timeout=0;
}
server {
listen 80 default deferred;
server_name walrus.com www.walrus.com;
root /home/deployer/apps/blog/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #blog_unicorn;
location #blog_unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://blog_unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Site two:
upstream bubbles_unicorn {
server unix:/tmp/unicorn.bubbles.sock fail_timeout=0;
}
server {
listen 80 default deferred;
server_name bubbles.com www.bubbles.com;
root /home/deployer/apps/bubbles/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #bubbles_unicorn;
location #bubbles_unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://bubbles_unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
The documentation says:
The default_server parameter, if present, will cause the server to become the default server for the specified address:port pair.
It's also obvious, there can be only one default server.
And it is also says:
A listen directive can have several additional parameters specific to socket-related system calls. They can be specified in any listen directive, but only once for the given address:port pair.
So, you should remove default and deferred from one of the listen 80 directives. And same applies to ipv6only=on directive as well.
Just hit this same issue, but the duplicate default_server directive was not the only cause of this message.
You can only use the backlog parameter on one of the server_name directives.
Example
site 1:
server {
listen 80 default_server backlog=2048;
server_name www.example.com;
location / {
proxy_pass http://www_server;
}
site 2:
server {
listen 80; ## NOT NOT DUPLICATE THESE SETTINGS 'default_server backlog=2048;'
server_name blogs.example.com;
location / {
proxy_pass http://blog_server;
}
I was having the same issue. I fixed it by modifying my /etc/nginx/sites-available/example2.com file. I changed the server block to
server {
listen 443 ssl; # modified: was listen 80;
listen [::]:443; #modified: was listen [::]:80;
. . .
}
And in /etc/nginx/sites-available/example1.com I commented out listen 80 and listen [::]:80 because the server block had already been configured for 443.