I'm trying to configure the site to work with Nginx and Apache. When I try to reach the site, I get a 403 error.
In the file /etc/httpd/conf/httpd.conf I set the default port 8089 (since 8080 is already busy):
Listen 127.0.0.1:8089
Next, I create a config for Apache (/etc/httpd/conf.d/site.conf):
<VirtualHost 127.0.0.1:8089>
ServerName site.com
ServerAlias www.site.com
DocumentRoot "/usr/share/site/public"
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
<Directory "/usr/share/site/public">
Require all granted
AllowOverride all
</Directory>
</VirtualHost>
Finally, I create a config for Nginx (/etc/nginx/conf.d/site.conf):
server {
listen 80;
server_name site.com www.site.com;
root /usr/share/site/public;
charset utf-8;
gzip on;
gzip_types
text/css
application/javascript
text/javascript
application/x-javascript
image/svg+xml
text/plain
text/xsd
text/xsl
text/xml
image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php {
proxy_pass http://localhost:8089;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\.ht {
deny all;
}
}
What could be the problem?
Good Day!
try this original config by laravel ref link https://laravel.com/docs/7.x/deployment
server {
listen 80;
server_name site.com www.site.com;
root /usr/share/site/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
gzip on;
gzip_types
text/css
application/javascript
text/javascript
application/x-javascript
image/svg+xml
text/plain
text/xsd
text/xsl
text/xml
image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
NOTE: fastcgi_pass u need to change php{version}-fpm.sock; based on your version
I want to deploy my laravel application in my server with nginx as reverse proxy with apache, i have a problem with URLs and page links that start with index.php. I tried the url without index.php and it works, but all links in page are with index.php. This is my configuration :
Nginx :
server {
listen 80;
server_name dev.exemple.com;
root /var/www/laravel-app/public/;
index index.php index.htm index.html;
location / {
try_files $uri $uri/ /index.php$uri;
}
location ~ \.php {
proxy_pass http://MY-SERVER-IP-ADDRESS:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\. {
deny all;
}
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
log_not_found off;
}
}
Apache
<VirtualHost *:8080>
ServerName dev.exemple.com
DocumentRoot /var/www/laravel-app/public/
<Directory /var/www/laravel-app/>
AllowOverride All
</Directory>
</VirtualHost>
Hello check this solution from https://laravel.io/forum/10-25-2014-configuration-for-running-laravel-with-nginx-and-apache
server {
listen 80;
access_log /var/www/site.com/logs/nginx.access.log;
error_log /var/www/site.com/logs/nginx.error.log;
root /var/www/site.com/public_html/public;
index index.php index.html;
server_name site.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~* ^.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~ /\.(ht|git) {
deny all;
}
}
I have a problem with connecting to the socket server.
WebSocket connection to <URL> failed: Error during WebSocket handshake: Unexpected response code: 521
I have two different cloud server (1) for a client project and (2) for a socket server.
(1) Client Project:
var token = "{{ csrf_token() }}";
window.Echo = new Echo({
broadcaster: 'socket.io',
host: "{{env('SOCKET_SERVER_HOST')}}",
origin: '*',
transports: ['websocket', 'polling', 'flashsocket', 'ws', 'wss'],
auth: {
headers: {
'X-CSRF-TOKEN' : token,
}
},
csrfToken:token,
port:"6001",
});
(2) Socket Server
1. nginx
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mydomain.com;
error_log /var/log/nginx/proxy-error.log error;
ssl on;
ssl_certificate /etc/nginx/certs/mydomain.com.pem;
ssl_certificate_key /etc/nginx/certs/mydomain.com.key;
ssl_session_timeout 3m;
ssl_session_cache shared:SSL:50m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ecdh_curve secp384r1;
location /socket.io {
proxy_pass http://mydomaincom:6001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-VerifiedViaNginx yes;
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
}
laravel-echo-server.json
The below is laravel-echo-server configuration.
{
"authHost": "https://mydomaincom",
"authEndpoint": "/broadcasting/auth",
"clients": [
{
"appId": "xxxxxxxxxx",
"key": "yyyyyyyyyyyyyyyyyyyyyyyy"
}
],
"database": "redis",
"databaseConfig": {
"redis": {},
"sqlite": {
"databasePath": "/database/laravel-echo-server.sqlite"
}
},
"devMode": true,
"host": null,
"port": "6001",
"protocol": "https",
"socketio": {},
"secureOptions": 67108864,
"sslCertPath": "/etc/nginx/certs/mydomain.com.pem",
"sslKeyPath": "/etc/nginx/certs/mydomain.com.key",
"sslCertChainPath": "",
"sslPassphrase": "",
"subscribers": {
"http": true,
"redis": true
},
"apiOriginAllow": {
"allowCors": true,
"allowOrigin": "*",
"allowMethods": "GET, POST",
"allowHeaders": "Origin, Content-Type, X-Auth-Token, X-Requested-With, Accept, Authorization, X-CSRF-TOKEN, X-Socket-Id"
}
}
Supervisor
Here is the supervisor configuration.
[program:echo-worker]
directory=/home/user/apps/epanel
process_name=%(program_name)s_%(process_num)02d
command=laravel-echo-server start --config="ehealth-echo-server.json"
autostart=true
autorestart=true
user=user
numprocs=1
redirect_stderr=true
stdout_logfile=/home/user/apps/epanel/echo.log
2. Laravel Echo Server
Note: I use redis and laravel-echo-server and it's work very fine.
Does anyone have a solution?
This document is for those who use laravel echo server & nginx & socket.io & redis-server with separated server between client project and redis-server.
1) Edit /etc/redis/redis.conf
bind 127.0.0.1
supervised no
To
bind 0.0.0.0
supervised systemd
2) Update /etc/systemd/system/redis.service under [Service]
Type=notify
ExecStart=/usr/bin/redis-server /etc/redis/redis.conf --supervised systemd
3) Nginx /etc/nginx/sites-enabled/reverse-proxy.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mysitecom;
error_log /var/log/nginx/proxy-error.log error;
# Start the SSL configurations
ssl on;
ssl_certificate /etc/nginx/certs/mysitecom.pem;
ssl_certificate_key /etc/nginx/certs/mysitecom.key;
ssl_session_timeout 3m;
ssl_session_cache shared:SSL:50m;
ssl_protocols TLSv1.1 TLSv1.2;
# Diffie-Hellman performance improvements
ssl_ecdh_curve secp384r1;
location /socket.io {
proxy_pass http://mysitecom:2096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffers 16 4k;
proxy_buffer_size 2k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-VerifiedViaNginx yes;
proxy_read_timeout 2h;
proxy_connect_timeout 2h;
proxy_redirect off;
}
}
4) laravel-echo-server.json
{
"authHost": "https://mysitecom",
"authEndpoint": "/broadcasting/auth",
"clients": [
{
"appId": "e45c056ec8ca8bd7",
"key": "88d316b5cccafbc5e905aa9ee13e63f7"
}
],
"database": "redis",
"databaseConfig": {
"redis": {
"host": "0.0.0.0",
"port": "6379"
},
"sqlite": {
"databasePath": "/database/laravel-echo-server.sqlite"
}
},
"devMode": true,
"host": null,
"port": "2096",
"protocol": "https",
"socketio": {},
"secureOptions": 67108864,
"sslCertPath": "/etc/nginx/certs/mysitecom.pem",
"sslKeyPath": "/etc/nginx/certs/mysitecom.key",
"sslCertChainPath": "",
"sslPassphrase": "",
"subscribers": {
"http": true,
"redis": true
},
"apiOriginAllow": {
"allowCors": true,
"allowOrigin": "*",
"allowMethods": "GET, POST",
"allowHeaders": "Origin, Content-Type, X-Auth-Token, X-Requested-With, Accept, Authorization, X-CSRF-TOKEN, X-Socket-Id"
}
}
Note: for someone who connects DNS with cloudflare please change default socket.io port 6001 to the following here.
i've an nginx container, on port 9200, that acts as load balancer. This is config file:
proxy_ignore_headers Set-Cookie;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
upstream backend {
server 192.168.99.103:9500 weight=3;
server 192.168.99.104:9500;
server 192.168.99.105:9500;
}
server {
listen 80;
server_name 172.17.0.1;
location = /LynyrdSkynyrdFreebirdAudio.mp4 {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
proxy_pass http://backend/;
add_header X-Upstream $upstream_addr;
}
location = /LynyrdSkynyrdFreebirdVideo.mp4 {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
proxy_pass http://backend;
add_header X-Upstream $upstream_addr;
}
}
This container load balance requests in the following way: when arrives a request localhost:9200/LynyrdSkynyrdFreebirdVideo.mp4 or localhost:9200/LynyrdSkynyrdFreebirdAudio.mp4, it balances requests across 3 servers.
These 3 servers are 3 nginx containers that acts as cache.
This is config file of nginx caches:
proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:10m inactive=60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_cache_methods GET HEAD POST;
proxy_cache_valid 200 206 100m;
proxy_ignore_headers Set-Cookie;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Headers' 'Range';
server {
listen 80;
server_name 172.17.0.1;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
location /demo/ {
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8700/shaka-player-master/demo/index1.html ;
}
location /media {
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8700/shaka-player-master/media/example-av.mpd ;
}
location = /example-av1.mpd {
add_header 'Access-Control-Allow-Origin' '*';
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.99.103:9600/shaka-player/media/example-av1.mpd;
}
location = /LynyrdSkynyrdFreebirdVideo.mp4 {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.99.103:9600/shaka-player/media/LynyrdSkynyrdFreebirdVideo.mp4 ;
}
location = /LynyrdSkynyrdFreebirdAudio.mp4 {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.99.103:9600/shaka-player/media/LynyrdSkynyrdFreebirdAudio.mp4;
}
}
If i point to load balancer, i.e. localhost:9200/LynyrdSkynyrdFreebirdVideo.mp4 or localhost:9200/LynyrdSkynyrdFreebirdAudio.mp4, there is 404 not found. I expect that, if i point to this URL, load balancer balances request to 192.168.99.103(or 104, or 105):9500/LynyrdSkynyrdFreebirdVideo.mp4 or 192.168.99.103(or 104, or 105):9500/LynyrdSkynyrdFreebirdAudio.mp4.
But in the upstream block i don't know if in server directive i can add a path.
In fact, this is, i think, the very problem: in fact, if i point to 192.168.99.103(or104, or105):9500/LynyrdSkynyrdFreebirdAudio(or Video).mp4, i get the content correctly.
Can anyone helps me?
Solved:
i have added path to http://backend, like:
proxy_pass http://backend/LynyrdSkynyrdFreebirdVideo.mp4;
I'm using spring-boot:1.3.3, spring-hateoas:0.19.0 and spring-data-rest-core:2.4.4.
{
"_embedded" : {
"projects" : [ {
"status" : "ACTIVE",
"storageRegion" : "US",
"dataSize" : 96850,
"freemiumUnits" : 1,
"_links" : {
"self" : {
"href" : "http://example.com/x-region-us/api/data/projects/2c9f93b755359a4a015535c19b1f0006"
},
"project" : {
"href" : "http://example.com/x-region-us/api/data/projects/2c9f93b755359a4a015535c19b1f0006"
},
This is example of content served by spring-hateoas. After a while I switched my application to SSL.
Problem comes when using traverson.js to jump(hop) through "_links". Error occures:
traverson.min.js:2 Mixed Content: The page at
'https://example.com/project-new' was loaded over HTTPS, but requested
an insecure XMLHttpRequest endpoint
'http://example.com/x-region-us/api/data/submittalActions'. This
request has been blocked; the content must be served over HTTPS.
Is there a way to force spring to generate HTTPS links over HTTP in "_links" part of json?
If you use Apache Http Server, you need add in the config file this line:
RequestHeader set X-Forwarded-Proto "https"
Add the below headers to NginX
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Prefix $http_x_forwarded_prefix;
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Protocol https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Url-Scheme https;
proxy_http_version 1.1;