I have a Nginx reverse proxy redirecting to a lighttpd server in the same machine. This reverse proxy works on HTTPS so I want to tell to lighttpd that HTTPS is being used as protocol instead of HTTP. Here is my Nginx confuguration.
server {
server_name mydomain.com;
merge_slashes off;
rewrite ^(.*?)//+(.*?)$ $1/$2 permanent;
location / {
proxy_pass http://localhost:8088/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
# SSL settings
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
}
The lighttpd server is running a python application that uses web.py module but the returned value by web.ctx.protocol still is HTTP when it should be HTTPS. It looks like lighttpd ignores the X-Forwarded-Proto header sent by Nginx.
What am I doing wrong? Is there any additional configuration to be done?
Thanks.
You have to configure lighttpd to trust headers from upstream. Use mod_extforward in lighttpd. See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModExtForward
Better than your many headers above, both nginx and lighttpd (via mod_extforward) support RFC 7239 Forwarded header.
https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
Use of the "Forwarded" header should be preferred.
Related
I have a React application running with NGINX which handles traffic on one port (www.domain.com - https) and I also have a back-end Spring Boot application which runs on a different port (www.domain.com:7080 - http).
Now NGINX serves 80, 443 ports and loads up my React application. My react application is hard-coded to send requests to www.domain.com:7080, however all requests fail. In the browser's console I can see the following error:
The page at 'https:// domain.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http:// domain.com:7080/auth/login'. This request has been blocked; the content must be served over HTTPS.
My NGINX configuration:
server {
listen 443 ssl; # managed by Certbot
root /var/www/ui;
server_name www.domain.com domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
index index.html;
}
}
server {
listen 80;
if ($host = domain.com) {
return 301 $host$request_uri;
} # managed by Certbot
server_name www.domain.com domain.com;
return 301 https://$host$request_uri; # managed by Certbot
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
My back-end application is served over http and I'd like to permit the front-end to talk to the back-end service.
I couldn't locate a similar question or tutorial on how I would go about solving this therefore I'm hoping to get some answers here :3
create api endpoint in your domain i.e. www.domain.com/api and configure nginx to pass traffic from that endpoint to your backend with proxy_pass directive. You'll have secure connection from your users and won't need to change anything in your backend server.
I have a springboot application running on an Nginx server reverse proxy, inside of the nginx WWW root i have a forums directory i want to access via url/forums. So i am trying to setup a proxy for nginx so when someone goes to the website url/forums it will redirect to the nginx forums directory where i will have my PHP forums.
server {
listen 443 ssl; # Monitor port
server_name realmlands.com www.realmlands.com; # Domain name configuration, can be multiple
ssl_certificate /etc/letsencrypt/live/realmlands.com-0002/fullchain.pem; # Certificate address
ssl_certificate_key /etc/letsencrypt/live/realmlands.com-0002/privkey.pem; # Certificate address
# Fixed Writing
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
# Projects with reverse proxy configuration here
location /forums {
proxy_pass https://localhost:8080/forums;
# Fixed Writing
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
location / {
proxy_pass https://localhost:8443;
# Fixed Writing
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
But what happens when i go to url/forums it seems to redirect the browser to localhost/forums and shows the "This can't be reached".
How can i make it redirect to the nginx forums directory?
So I'm using Laravel Forge's built-in features to generate and integrate a LetsEncrypt certificate. But I'm having issues with getting my subdomains to work.
Whenever I try to go to www.example.com or https://www.example.com, it redirects me to https://example.com. The same happens when I try to add more subdomains, like foo.example.com redirects to https://example.com
I have my domain hosted with Namecheap and set it up as so:
This is my Nginx configuration file as generated by Forge:
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/before/*;
# FORGE CONFIG (DOT NOT REMOVE!)
include upstreams/example.com;
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/example.com/244866/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/244866/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
charset utf-8;
access_log off;
error_log /var/log/nginx/example.com-error.log error;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/server/*;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://386082_app/;
proxy_redirect off;
# Handle Web Socket Connections
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/after/*;
This is the first time I'm using an Nginx server so I'm not sure how to change that. I've tried playing around with my settings in Namecheap DNS settings, and making sure my SSL is generated with all the subdomains, but I don't the the issue is anywhere but within the nginx configuration. Searching around didn't give me a solid solution as I don't want to ward too far away from the default configuration by Forge, yet still manage to this work my way.
Any and all help will be highly appreciated!
Thank you
Thank you for looking on this.
I have a Magento 2.1.8 website and it will run on the Amazon EC2 with this https://aws.amazon.com/marketplace/pp/B007OUYR4Y Amazon AMI.
I have optimized everything on Magento 2 website but did not get the proper result on this.
I have tried to use the Varnish cache but it is not working with the HTTPS.
anyone have an idea, how can use the varnish with the HTTPS to optimize the website speed.
Varnish Cache does dot speak HTTPS natively. You'll need an SSL terminator such as Hitch, HAProxy, etc. deployed in front of Varnish, ideally using the PROXY protocol.
With my setups I use NGINX as a proxy to handle both http and https requests and then use Varnish as the backend so NGINX handles all the SSL certificates.
Here's an example of my NGINX ssl template:
server {
listen server-ip:443 ssl;
server_name example.com www.example.com;
ssl_certificate /home/user/conf/web/ssl.example.com.pem;
ssl_certificate_key /home/user/conf/web/ssl.example.com.key;
location / {
proxy_pass http://varnish-ip:6081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Nginx on;
proxy_redirect off;
}
location #fallback {
proxy_pass http://varnish-ip:6081;
}
}
I've got an Nginx/Gunicorn/Django server deployed on a Centos 6 machine with only the SSL port (443) visible to the outside world. So unless the server is called with the https://, you won't get any response. If you call it with an http://domain:443, you'll merely get a 400 Bad Request message. Port 443 is the only way to hit the server.
I'm using Nginx to serve my static files (CSS, etc.) and all other requests are handled by Gunicorn, which is running Django at http://localhost:8000. So, navigating to https://domain.com works just fine, as do links within the admin site, but when I submit a form in the Django admin, the https is lost on the redirect and I'm sent to http://domain.com/request_uri which fails to reach the server. The POST action does work properly even so and the database is updated.
My configuration file is listed below. The location location / section is where I feel like the solution should be found. But it doesn't seem like the proxy_set_header X-* directives have any effect. Am I missing a module or something? I'm running nginx/1.0.15.
Everything I can find on the internet points to the X-Forwarded-Protocol https like it should do something, but I get no change. I'm also unable to get the debugging working on the remote server, though my next step may have to be compiling locally with debugging enabled to get some more clues. The last resort is to expose port 80 and redirect everything...but that requires some paperwork.
[http://pastebin.com/Rcg3p6vQ](My nginx configure arguments)
server {
listen 443 ssl;
ssl on;
ssl_certificate /path/to/cert.crt;
ssl_certificate_key /path/to/key.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name example.com;
root /home/gunicorn/project/app;
access_log /home/gunicorn/logs/access.log;
error_log /home/gunicorn/logs/error.log debug;
location /static/ {
autoindex on;
root /home/gunicorn;
}
location / {
proxy_pass http://localhost:8000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol https;
}
}
Haven't had time yet to understand exactly what these two lines do, but removing them solved my problems:
proxy_redirect off;
proxy_set_header Host $host;