Good afternoon,
I have a Magento installation with Nginx running on an Auto Scaling Group on AWS with a standard 3 instances. To redirect traffic I use a load balancer with SSL causing my structure looks as follows:
User> Load Balancer (Port 443)> Instance (Port 80)
I changed into my database in the table mg_core_config_data the URLs to use https.
The problem I think is happening is the following:
Every time I access my URL, Load Balancer attempts to fetch the bodies content to send me the information I am requesting, in this way, as I am using port 80, when the Load Balancer reaches my instance and attempts to load the Magento, the base_url that is in the database redirects to https. With this redirection, the process is repeated again because I'm redirected back to https: // and try to get the instance information on port 80 again. I think that every problem is among this base_url and I can not return the magento information with port 80.
Follow my nginx configuration:
server {
listen 80 DEFAULT_SERVER;
server_name _;
root /home/ubuntu/www/mysite;
index index.php index.html index.htm;
location / {
try_files $ uri $ uri / /index.php$is_args$args;
}
location ~ \ .php $ {
try_files $ uri /index.php = 404;
fastcgi_pass unix: /run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name;
fastcgi_params include;
fastcgi_cache CACHE;
fastcgi_cache_methods GET HEAD;
fastcgi_cache_valid 200 1m;
fastcgi_cache_bypass $ no_cache;
fastcgi_no_cache $ no_cache;
}
...
}
The error I'm getting accessing my load balancer via https:
Anyone have any suggestions or have been through this?
Thank you.
Looking at your description, the problem is that your instances believe they're accessed over HTTP (not HTTPS) and are redirecting to HTTPS.
This is not an ELB problem, the ELB just forwards the HTTP requests. It's also not an EC2 problem since EC2 doesn't operate on HTTP level.
The redirects are either caused by
- your nginx server
- your magento installation
Typically, ssl redirect behaviour is configured on web server level.
There are no redirects present in the nginx config snippet you shared. You didn't share the entire config file, so look for redirects or 301's or 302's in your nginx config file. Also investige other nginx config files and .htaccess files in your magento installation folder.
I'm not familiar with Magento, but Magento could also cause the http(s) redirects.
Make sure you set the 'outside' url (the one that is mapped to the ELB) as your base url, as this will be the base url from the end users' point of view.
On https://www.siteground.com/tutorials/magento/magento_ssl.htm, you can find instructions for configuring Magento for SSL. It might be worth the try to set the base URL to http:// and activate the 'secure urls' options.
Related
I have an existing Laravel API application running on Beanstalk. It's been lagging in updates on EBS, so currently I'm in the process of upgrading the platforms and CI/CD for this app. There one remaining problem I'm running into, which leaves me scratching my head at the 'but it should work'-level.
What I want
All URLs containing https://example.com/index.php/endpoint to be redirected to https://example.com/endpoint and show the same content as https://example.com/index.php/endpoint would (incl. subsequent the URL's slugs)
How I'm trying to do this
Due to this wonderful answer by cnst, I have the configuration below that seems to work for many (incl. some other online sources).
server{
index index.php;
if ($request_uri ~* "^(.*/)index\.php/*(.*)$") {
return 301 $1$2;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
# Remove from everywhere index.php
if ($request_uri ~* "^(.*/)index\.php(/?)(.*)") {
return 301 $1$3;
}
}
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
if ($request_uri ~* "\/\/") {
rewrite ^/(.*) /$1 permanent;
}
}
I'm putting this configuration in a file located at my_project/.platform/nginx/conf.d/proxy.conf, which according to AWS' documentation, should upload with the project and extend the nginx configuration. As far as I can tell, it does pick it up, since any typo will result in an error after eb deploy. I can also see on the server it has been added to /etc/nginx/conf.d/proxy.conf.
The Problem
Even though the extending proxy.conf is being deployed and the configuration in it seems to be picked up, the application won't pick up the rewrite and leave the application URLs running with the index.php instead of the rewrite.
https://example.com/index.php/endpoint → works
https://example.com/endpoint → results in a server generated 404
Nginx logs show 2021/02/12 14:23:24 [error] 7523#0: *35 open() "/var/www/html/public/api" failed (2: No such file or directory) which tells me it has searched for a file and never tried running it through index.php.
The Questions
What am I missing in my configuration?
Or is it something about EBS that I overlooked or misunderstood?
Is the index.php angry since I'm trying to hide its face from public view?
Solution moved from the question to an answer:
I gave it a weekend to see if anyone would know and went back to work.
First thing, I did is see if Beanstalk was picking up any
configuration, so I put an invalid variable in and see if that would
break the server. It didn't...
Second, I checked if my Beanstalk instance was actually using Nginx
(default) or got switch to Apache (httpd) for some reason (it includes
both). Via its GUI config I could easily tell it's Nginx.
Third, I viewed the nginx.conf on the server and checked how other
.conf files were being included. Part of it is seen here;
http {
[...]
include conf.d/*.conf;
map $http_upgrade $connection_upgrade {
[...]
}
server {
listen 80 default_server;
access_log /var/log/nginx/access.log main;
[...]
# Include the Elastic Beanstalk generated locations
include conf.d/elasticbeanstalk/*.conf;
}
}
Here lays the problem; I was including a file at the conf.d/*.conf
level with a second nginx server configuration block, which is
effectively overwritten with the standard server configuration block
by Beanstalks own config.
So there's two solutions here;
override the entire nginx.conf by including a new .platform/nginx/nginx.conf in your project, where you extend the
server block with your own config
or, in my opinion more gracefully, add .platform/nginx/elasticbeanstalk/proxy.conf to your project,
extending the server block specifically (but remove any server
blocks from your own config)
Solution 2 will gard that AWS can always update its default nginx.conf
without you having to watch out for it (unless they change the
location of the elasticbeanstalk configs).
I did try putting my configuration in
.platform/nginx/elasticbeanstalk/proxy.conf before, but that would
break the server, since I was including a server block, causing it
to double nest.
Lesson here;
add .platform/nginx/nginx.conf to override your entire Beanstalk Nginx configuration
add .platform/nginx/conf.d/your_conf.conf for any extensions to the http block
add .platform/nginx/conf.d/elasticbeanstalk/your_conf.conf for any extensions to the server block (or nesting within)
I wasn't sure whether to put this in Serverfault or on Stackoverflow; it doesn't seem to be a server issue so I though here would be best.
I am currently working on a university website, and for some reason Firefox refuses to load the site unless you use www (ex www.university.edu). Every other browser accepts university.edu and simply redirects to www.university.edu as nginx is setup to do. My nginx config:
server {
listen 80;
server_name university.edu www;
rewritei ^http://www.university.edu$request_uri? permanent;
}
server {
listen 80;
server_name www.university.edu static.university.edu m.university.edu www.university.com;
.
.
.
}
So what should happen is when a request comes in and is www.university.edu, the second block catches it and everything runs normally, but if a request comes in and is university.edu the first block catches it and redirects it to the second block. But for some reason Firefox is not doing this.
Any idea's what could be causing this issue?
Update 1:
rewritei is not mispelled. The university's nginx was changed before it was compiled to enable regex case insensitivity, and was placed under the function "rewritei". Also after playing around with the site I found figured out that if you visit the site at www.university.edu first, then try university.edu it will load, but if you clear the cache and try to visit university.edu it will not load until you visit www.university.edu.
You have a typo; "rewrite" and try removing the www.
server {
listen 80;
server_name university.edu;
return 301 http://www.university.edu$request_uri;
}
Also take a look at the pitfalls on rewrite - http://wiki.nginx.org/Pitfalls#Taxing_Rewrites
I'm trying to configure http and https redirects from an old site to a new one.
According to the rewrite directive docs:
If the replacement string begins with http:// then the client will
be redirected, and any further rewrite directives are terminated.
And I'm trying to achieve the same with https to no avail.
This is my server config:
listen 80;
listen 443 ssl;
server_name mydomain.com
rewrite ^/path/resource(.*)$ $scheme://newdomain.com/newpath/resource$1 permanent;
...
return 301 http://newdomain.com/newpath/;
Using http I get what I'm looking for: if I access mydomain.com/path/resource I'm redirected to newdomain.com/newpath/resource.
However, the same with https redirects me to http://newdomain.com/newpath/.
I have rewrite_log on and in both cases the rewrite rule is matched but the https protocol does not stop further rules processing.
I have the feeling that either I'm missing something really obvious or I'm not approaching this problem properly. I wouldn't mind doing this in any different way at all if it works.
Have any of you out there any idea on how to achieve the http redirect with https too?
I usually like to use return instead of rewrite for redirects, try matching the path with a location block
location ~ /path/resource(.*) {
return 301 $scheme://newdomain.com/newpath/resource$1;
}
I think this way you know for sure there will be no further processing, because it's only 1 line, try it and tell me how it goes.
PS: This will maintain the $scheme of the request, requests to http:// will be redirected to a http:// and https:// will be redirected to https://
Is there a way to proxy external images with nginx without downloading and storing them locally ? I.e. passing image's URI to my proxy server like this :
`http://myproxydomain.com/http://example.com/image.jpg`
And including this URI in the src attribute for images on my site.
Yes -- this is possible:
merge_slashes off;
location ~ /(?<r>http://.*) {
resolver 127.0.0.1;
proxy_pass $r;
}
Whether you should do it is another matter. Having merge_slashes off may not be a good idea.
I'm curious if nginx can be configured so the cache is saved out in some manner that would make the data user-friendly? While all my options might fall short of anything anyone would consider "human friendly" I'm in general interested in how people configure it to meet their specific needs. The documentation may be complete but I am very much a learn by example type guy.
My current configuration is from an example I ran accross and if it were to be used woud is not much more than proof to me that nginx correctly proxy caches/the data
http {
# unrelated stuff...
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m;
proxy_temp_path /var/www/cache/tmp;
server {
server_name g.sente.cc;
location /stu/ {
proxy_pass http://sente.cc;
proxy_cache my-cache;
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
}
}
Nginx has two methods to cache content:
proxy_store is when Nginx builds a mirror. That is, it will store the file preserving the same path, while proxying from the upstream. After that Nginx will serve the mirrored file for all the subsequent requests to the same URI. The downside is that Nginx does not control expiration, however you are able to remove (and add) files at your will.
proxy_cache is when Nginx manages a cache, checking expiration, cache size, etc.