I'm trying to serve a Node application through Nginx on my Mac, and I've run into a problem.
On Ubuntu, I always change the config file to this
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
but when I do the same on my Mac, I get this error when I'm running the server:
nginx: [emerg] "server" directive is not allowed here in
/usr/local/etc/nginx/nginx.conf:1
Any suggestions on why this is happening would be appreciated.
According to nginx's page http is the outer block. So it should work be adding a http block before the server block.
By doing that i get host not found in "$PORT" of the "listen" directive
http {
server {
listen $PORT;
server_name test-rpc.test.com;
location / {
proxy_ssl_server_name on;
proxy_pass http://test-rpc;
}
}
upstream test-rpc {
server localhost:2000 max_fails=3 fail_timeout=10s;
server localhost:2001 max_fails=3 fail_timeout=10s;
}
}
Related
I have trouble configuring SSL with reverse proxy.
What I have: Proxmox installed with 3 containers - 2 containers are with websites and 3rd is a reverse proxy.
Container 1
domain1.com
domain2.com
Container 2
domain3.com
domain4.com
Public IP points to Container 3 (which is a reverse proxy).
How and "where" (on containers, on the reverse proxy, or on both) should I issue an SSL certificate? I want all of the domains to work only via HTTPS.
Reverse proxy has the following configuration:
server {
listen 80;
server_name domain1.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.100:80;# Container 1
}
}
server {
listen 80;
server_name domain2.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.100:80;# Container 1
}
}
server {
listen 80;
server_name domain3.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.200:80;# Container 2
}
}
server {
listen 80;
server_name domain4.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.200:80;# Container 2
}
}
Update: I am able to issue a domain certificate but to make everything work I have to put these certificates on BOTH containers: for reverse proxy and container with domain/website itself. I believe it's kind of dirty and hard to maintain. Please advise
I would just add the SSL certificates to the reverse Proxy and use http to the internal web servers (containers)
I have recently setup JFrog Artifactory OSS and I have it running behind a nginx reverse proxy with a Lets Encrypt SSL certificate.
I can access the site fine (without inputting the port etc). However; when I click the "Set me up" button on a repository; it has the port in the <url> field. It's displaying like this;
https://sub.domain.net:443/artifactory/maven-releases/
I have set Artifactorys base URL to https://sub.domain.net/
I have included my configuration for nginx.
server {
server_name www.sub.domain.net sub.domain.net;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://xxx.xx.xxx.xx:8082;
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://xxx.xx.xxx.xx:8081;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.domain.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub.domain.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.sub.domain.net) {
return 301 https://$host$request_uri;
}
if ($host = sub.domain.net) {
return 301 https://$host$request_uri;
}
listen 80 ;
server_name www.sub.domain.net sub.domain.net;
return 404;
}
Any help you can provide will be greatly appreciated. Thanks.
I setup my Laravel project in Nginx using reverse-proxy.
Here is my reverse-proxy.conf for the project
server {
listen 8090;
listen [::]:8090;
access_log /var/log/nginx/localhost.laravel-access.log;
error_log /var/log/nginx/locahost.laravel-error.log error;
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ^~ / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_pass http://XXX.XX.X.X:8082/;
}
}
currently the setup is listening to port 8090. so when I access the project, it is on
XXX.XXX.X.XXX:8090/login
the problem here is, after inputting the login credentials to my project, the port 8090 loses, and I am redirected into the
XXX.XXX.X.XXX
IP address only.
Thank you
if you can set APP_URL in env file
APP_URL=http://localhost:8090
Or set url in config/app.php
'url' => env('APP_URL', 'http://localhost:8090'),
then
php artisan config:clear
I have multiple Sinatra apps on unicorn + nginx and I want to proxy the second Sinatra app to be on a /app path.
root
root/app
Here is my nginx configuration file:
upstream root {
# Path to Unicorn SOCK file, as defined previously
server unix:/tmp/unicorn.root.com.sock fail_timeout=0;
}
upstream app {
# Path to Unicorn SOCK file, as defined previously
server unix:/tmp/unicorn.app.io.sock fail_timeout=0;
}
server {
listen 80;
# Set the server name, similar to Apache's settings
server_name root.com www.root.com;
# 301 redirect http://root.com$requesturi;
# Application root, as defined previously
root /var/www/root.com/public;
try_files $uri/index.html $uri #root;
location #root {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://root;
}
location /app {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://app;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
access_log off;
}
Using the configuration above I get a 404 from the app application.
How can I achieve that?
I have an app running on a service, behind a nginx server, using unicorn.
If I access http://server.com I get the app, up and running...But I still can access app on port 8080, like http://server.com:8080 but this time, without assets (which are beign served by nginx)
How do I block direct access to port 8080 on my prod. server?
The server is an Ubuntu 12.04
nginx.conf
upstream unicorn {
server 127.0.0.1:8080;
}
server {
listen 80 default deferred;
# server_name example.com;
root /home/deploy/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Make unicorn and nginx use a domain socket. For nginx:
upstream unicorn {
server unix:/path/to/socket fail_timeout=0;
}
Then pass '-l /path/to/socket' to unicorn, or alter your unicorn config file:
listen '/path/to/socket'