For some reason the "auth_request" directive is not found. I am using the heroku-buildpack-nginx with that change only to include the --with-http_auth_request_module in the build_nginx script.
nginx: [emerg] unknown directive "auth_request" in ./config/nginx.conf
My nginx.conf:
daemon off;
# Heroku dynos have at least 4 cores.
worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;
events {
use epoll;
accept_mutex on;
worker_connections <%= ENV['NGINX_WORKER_CONNECTIONS'] || 1024 %>;
}
http {
gzip on;
gzip_comp_level 2;
gzip_min_length 512;
server_tokens off;
log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id';
access_log <%= ENV['NGINX_ACCESS_LOG_PATH'] || 'logs/nginx/access.log' %> l2met;
error_log <%= ENV['NGINX_ERROR_LOG_PATH'] || 'logs/nginx/error.log' %>;
include mime.types;
default_type application/octet-stream;
sendfile on;
# Must read the body in 5 seconds.
client_body_timeout 5;
upstream app_server {
server unix:/tmp/nginx.socket fail_timeout=0;
}
server {
listen <%= ENV["PORT"] %>;
server_name _;
keepalive_timeout 5;
location / {
auth_request /_oauth2_token_introspection;
proxy_pass https://my-backend;
}
location = /_oauth2_token_introspection {
internal;
proxy_method GET;
proxy_set_header Authorization "Bearer $token";
proxy_set_header Content-Type "application/json";
proxy_pass https://{myIDP};
}
}
}
And I've added the model to ./configure --with-http_auth_request_module:
# This will build `nginx`
(
cd nginx-${NGINX_VERSION}
./configure \
--with-pcre=pcre-${PCRE_VERSION} \
--with-zlib=zlib-${ZLIB_VERSION} \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_ssl_module \
--with-http_auth_request_module \
--prefix=/tmp/nginx \
--add-module=${temp_dir}/nginx-${NGINX_VERSION}/headers-more-nginx-module-${HEADERS_MORE_VERSION} \
--add-module=${temp_dir}/nginx-${NGINX_VERSION}/nginx-uuid4-module-${UUID4_VERSION}
make install
)
Using NGINX_VERSION-1.18.0. Could you help me understand why this module is not found?
Related
I am trying to run a Larevel project on this Nginx server. When I access project/public file via the web browser I get
403 Forbidden
nginx/1.16.1
Inside my public file, files look like this
How can I fix this?
PS: Just for the curiosity I renamed index.php file to index.html and accessed project/public via web browser. Then it shows me the code instead of giving 403 Error.
Here is the Nginx conf file.
user daemon daemon;
worker_processes auto;
error_log "/opt/bitnami/nginx/logs/error.log";
pid "/opt/bitnami/nginx/logs/nginx.pid";
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
access_log "/opt/bitnami/nginx/logs/access.log";
sendfile on;
keepalive_timeout 65;
client_max_body_size 80M;
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain
text/xml
text/css
text/javascript
application/json
application/javascript
application/x-javascript
application/ecmascript
application/xml
application/rss+xml
application/atom+xml
application/rdf+xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/atom_xml;
gzip_buffers 16 8k;
add_header X-Frame-Options SAMEORIGIN;
ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain
text/xml
text/css
text/javascript
application/json
application/javascript
application/x-javascript
application/ecmascript
application/xml
application/rss+xml
application/atom+xml
application/rdf+xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/atom_xml;
gzip_buffers 16 8k;
add_header X-Frame-Options SAMEORIGIN;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
include "/opt/bitnami/nginx/conf/bitnami/bitnami.conf";
}
This is the nginx.conf.default file
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
location ~ \.php$ {
proxy_pass http://127.0.0.1;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
You're declaring to pass .php files to Apache, then you're declaring to use a fastcgi service on 127.0.0.1:9000:
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
location ~ \.php$ {
proxy_pass http://127.0.0.1;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
First, you probably want to remove the Apache reference. Then you need to check your fastcgi backend configuration, as your nginx are "passing" all the php request to it.
You're declaring also fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; and this mean that your php scripts are searched in /scripts folder. Is this right? If you want to keep your PHP files in html folder you nedd to change this line with fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;. Check also what's inside file fastcgi_params, as this file is included and so you're loading pieces of configuration from it.
I suppose you're using php-fpm, I can suggest also to change the configuration in order to use a socket file instead of a TCP connection:
fastcgi_pass unix:/var/run/php5-fpm.sock;
And change listen = 127.0.0.1:9000 with listen = /var/run/php5-fpm.sock in your php-fpm configuration.
The problem has been solved !
i check error.log in nginx
2019/04/16 17:29:39 [crit] 12060#12060: *261 open() "/var/lib/nginx/fastcgi/6/05/0000000056" failed (13: Permission denied) while reading upstream, client: 118.70.67.64, server: govangtam.org, request: "GET /download HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.2-fpm.sock:", host: "govangtam.org"
i'm change chown var/lib/nginx/fastcgi with user run PHP-FPM
sudo chown -R forge:forge /var/lib/nginx/fastcgi
------------------Question--------------------
I can't download file in storage laravel 5.7, nginx, php7.2
I have not found the cause yet, I use code on another server that is still working normally.
when downloading error Failed - Network error or Failed - File incomplete. i use nginx version nginx/1.14.2, Ubuntu 16.04
url: http://govangtam.org/download
router web.php
Route::get('download', function () {
$file = storage_path('app').'/abc.mp3';
return response()->download($file);
});
nginx domain.conf
server {
listen 80;
listen [::]:80;
root /home/forge/govangtam.org/public;
index index.php index.html index.htm;
server_name govangtam.org www.govangtam.org;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
proxy_cache_revalidate on;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
}
nginx.conf
user forge;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
client_max_body_size 20M;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# SSL Settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
# Logging Settings
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip Settings
gzip on;
gzip_disable "msie6";
# Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
proxy_read_timeout 950s;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
}
My reversed proxy server crashes when it is accessed by safari for some reason... It didnt crash for a while but after adding SSL it and modifying a few things on the Laravel website that is proxied, it seems to have stopped functioning. It crashes the whole VM
Config:
server {
listen 80;
server_name abkie.com;
return 301 https://abkie.com/$uri$is_args$args;
#location / {
#proxy_pass http://192.168.1.7:8080/$uri$is_args$args;
#proxy_set_header Host $host:$server_port;
#}
}
server{
listen 443 ssl;
server_name abkie.com;
include snippets/ssl-abkie.com.conf;
include snippets/ssl-params.conf;
access_log /var/log/nginx/testepito.access.log;
error_log /var/log/nginx/testepito.error.log debug;
location / {
error_log /var/log/nginx/testepitos.error.log debug;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://192.168.1.7:8080;
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
send_timeout 3600s;
client_max_body_size 0;
proxy_redirect http://192.168.1.7:8080 https://abkie.com;
}
}
ssl-abkie.com.conf:
ssl_certificate /etc/letsencrypt/live/api.abkie.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/api.abkie.com/privkey.pem;
ssl-params.conf:
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains;";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
nginx -v
nginx version: nginx/1.10.3
Error logs are basicly empty, (litteraly)...
SSL is from lets encrypt
Thanks!
I'm using nginx to separate the static and dynamic content,
this is my nginx config:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
error_log /usr/local/var/logs/nginx/error.log notice;
#error_log logs/error.log info;
pid /usr/local/var/logs/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr:$remote_port - [$request_method] [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
access_log /usr/local/var/logs/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
upstream tomcat_backend {
server localhost:8090;
}
server {
listen 9797;
server_name localhost;
server_name_in_redirect off;
access_log /usr/local/var/logs/nginx/test.access.log main;
error_log /usr/local/var/logs/nginx/test-error.access.log debug;
location ~ \.(jpg|png|js|ico|html|gif|css|map)$ {
root /path/to/static;
}
location ^~ /api/ {
access_log /usr/local/var/logs/nginx/nginx-location.access.log main;
error_log /usr/local/var/logs/nginx/nginx-location-error.access.log debug;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Request-Time $msec;
proxy_redirect off;
proxy_set_header Host $host;
proxy_pass http://tomcat_backend;
#proxy_set_header X-Request-Id $request_id;
}
location / {
root /path/to/static;
index index.html;
if (!-e $request_filename) {
rewrite ^/(.*) /index.html last;
}
}
}
include servers/*;
}
sometimes tomcat can get the request and response it correctly, sometimes nginx just return 405 directly, not event forward to tomcat
this is the console of chrome, it always follow that pattern, 405, 401, 405, 401..., it shows 401 is because I input wrong password in purpose, that mean the request has been forward to tomcat:
I found that if I use node.js as backend(just a proxy server), everything is ok, no 405 anymore.
OK, finally I found the reason.
there is another process is monitoring the same port.
but it's wired that two process are using the same port
I installed the Nginx on a dedicated server using the below codes:
cd /usr/local/src
wget http://nginxcp.com/latest/nginxadmin.tar
tar xf nginxadmin.tar
cd publicnginx
./nginxinstaller install
Nginx service status is up in Nginx Admin panel in WHM (please see the below image).
Below is also the configuration file as in Configuration Editor:
user nobody;
# no need for more workers in the proxy mode
worker_processes 2;
error_log /var/log/nginx/error.log info;
worker_rlimit_nofile 20480;
events {
worker_connections 5120; # increase for busier servers
use epoll; # you should use epoll here for Linux kernels 2.6.x
}
http {
server_name_in_redirect off;
server_names_hash_max_size 10240;
server_names_hash_bucket_size 1024;
include mime.types;
default_type application/octet-stream;
server_tokens off;
# remove/commentout disable_symlinks if_not_owner;if you get Permission denied error
# disable_symlinks if_not_owner;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 5;
gzip on;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_http_version 1.0;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_buffers 16 8k;
# You can remove image/png image/x-icon image/gif image/jpeg if you have slow CPU
gzip_types text/plain text/xml text/css application/x-javascript application/xml application/javascript application/xml+rss text/javascript application/atom+xml;
ignore_invalid_headers on;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
reset_timedout_connection on;
connection_pool_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
client_max_body_size 200M;
client_body_buffer_size 128k;
request_pool_size 32k;
output_buffers 4 32k;
postpone_output 1460;
proxy_temp_path /tmp/nginx_proxy/;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:5m max_size=1000m;
client_body_in_file_only on;
log_format bytes_log "$msec $bytes_sent .";
log_format custom_microcache '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" nocache:$no_cache';
include "/etc/nginx/vhosts/*";
}
My images are located in http://images.domain.com, so my question is how to add the Nginx proxy cache configuration that can cache the images on my images sub-domain for two hours?
By nginx static files are serves perfectly.
My configuration for images.domain.com.
server {
listen 80;
server_name images.domain.com;
set $path /home/images.domain.com;
set $webroot $path/public_html;
location ~* ^.+\.(jpg|jpeg|gif|png|zip|tgz|gz|rar|bz2|tar|wav|bmp|wmv|avi|3gp|mp3|mp4|css|js|ico)$ {
access_log /var/log/nginx/imgages.domain.com.log main;
root $webroot;
expires 2h;
}
}