I am trying to implement leverage browser caching for my flask project nginx. But when i insert the code inside conf file static files are not served by nginx showing 403 permission denied error.
This is my conf file for site in site-enabled
server {
listen 80;
server_name site.in;
root /root/site-demo/;
access_log /var/log/site/access_log;
error_log /var/log/site/error_log;
location / {
proxy_pass http://127.0.0.1:4000/;
proxy_redirect http://127.0.0.1:4000 http://site.in;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
}
When i remove the cache expire part everything works fine. I tried similar question's answers and put root specification. But still error remains same. User specified in nginx.conf is www-data. Do i have to change user?
Related
We use Laravel Forge on a Load Balancer to handle a lot of sites on there. We always had one of the sites as a default/catch-all when a domain is pointed at us with no site conf set. Recently, that site's SSL expired. Took us a little bit but we got it back. Ever since then though, it has stopped being the catch-all. So if a site isn't pointing right, the invalid domain gets redirected to the first site in the list.
Here's a nginx conf for a site that redirects to the first server in the list.
FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.accuproadvisors.com/before/*;
# FORGE CONFIG (DO NOT REMOVE!)
include upstreams/www.accuproadvisors.com;
server {
listen 80;
listen [::]:80;
server_name www.accuproadvisors.com accuproaccounting.com;
server_tokens off;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate
# ssl_certificate_key
ssl_protocols TLSv1.2;
charset utf-8;
access_log off;
error_log /var/log/nginx/www.accuproadvisors.com-error.log error;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.accuproadvisors.com/server/*;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://1127640_app/;
proxy_redirect off;
# Handle Web Socket Connections
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.accuproadvisors.com/after/*;
We have a 000-catch-all file and it contains:
server {
listen 80;
server_name _;
root /home/forge/catch-all;
index index.html index.htm;
error_page 404 /404.html;
location / { }
# return 404;
}
The folder /home/forge/catch-all contains the default index.html that was always the default until the SSL expired. Anyone have any tips? Anything is appreciated. Thanks!
I'm new to Nginx and EC2 and trying to add some simple authentication as below. It's a one page app and i want to secure the access to the page but not the tile server. With no authentication all works well. With authentication as the below I get back an error saying;
http://map.domain.org.uk is requesting your username and password. The site says: “GeoServer Realm”
I think this is because I've set authentication for any location and the tiles sit under that. How would I set up to just require authentication for the equivalent of a landing page?
server {
listen 80;
listen [::]:80;
root /var/www/domain.org.uk/public_html;
index index.html;
server_name domain.org.uk www.domain.org.uk map.domain.org.uk;
access_log /var/log/nginx/domain.org.uk.access.log;
error_log /var/log/nginx/domain.org.uk.error.log;
# auth_basic "Server level Password required to proceed";
# auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
location /geoserver/gwc/service/wmts {
auth_basic off;
#also tested without auth_basic off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/geoserver/gwc/service/wmts;
}
location / {
try_files $uri $uri/ =404;
auth_basic "Location level Password required to proceed";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
}
}
Try running http://localhost:8080/geoserver/wms?request=GetCapabilities
Also, I think This is useful for you in this case.
This uses curl utility to issue HTTP requests that test authentication. Install curl before proceeding.
Also, check /etc/nginx/sites-available/example.com Here on Linode.
Example
upstream appcluster{
server linode.example.com:8801;
server linode.example.com:8802 weight=1;
}
I have a springboot application running on an Nginx server reverse proxy, inside of the nginx WWW root i have a forums directory i want to access via url/forums. So i am trying to setup a proxy for nginx so when someone goes to the website url/forums it will redirect to the nginx forums directory where i will have my PHP forums.
server {
listen 443 ssl; # Monitor port
server_name realmlands.com www.realmlands.com; # Domain name configuration, can be multiple
ssl_certificate /etc/letsencrypt/live/realmlands.com-0002/fullchain.pem; # Certificate address
ssl_certificate_key /etc/letsencrypt/live/realmlands.com-0002/privkey.pem; # Certificate address
# Fixed Writing
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
# Projects with reverse proxy configuration here
location /forums {
proxy_pass https://localhost:8080/forums;
# Fixed Writing
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
location / {
proxy_pass https://localhost:8443;
# Fixed Writing
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
But what happens when i go to url/forums it seems to redirect the browser to localhost/forums and shows the "This can't be reached".
How can i make it redirect to the nginx forums directory?
I'm want to create move our front end setup on CloudFront and s3.
I got an application with a static web site with an nginx that proxy_pass the host header to another port on the same machine (as seen in the code below).
location /api {
proxy_pass http://my_app:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
client_max_body_size 1000M;
server_tokens off;
After I uploaded my frontend to s3 and configured CloudFront origin to go to the s3 static web server how do I configure the Origin Settings & Cache Behavior Settings to send the header to the ec2 instance as shown in the current Nginx config?
I've got an Nginx/Gunicorn/Django server deployed on a Centos 6 machine with only the SSL port (443) visible to the outside world. So unless the server is called with the https://, you won't get any response. If you call it with an http://domain:443, you'll merely get a 400 Bad Request message. Port 443 is the only way to hit the server.
I'm using Nginx to serve my static files (CSS, etc.) and all other requests are handled by Gunicorn, which is running Django at http://localhost:8000. So, navigating to https://domain.com works just fine, as do links within the admin site, but when I submit a form in the Django admin, the https is lost on the redirect and I'm sent to http://domain.com/request_uri which fails to reach the server. The POST action does work properly even so and the database is updated.
My configuration file is listed below. The location location / section is where I feel like the solution should be found. But it doesn't seem like the proxy_set_header X-* directives have any effect. Am I missing a module or something? I'm running nginx/1.0.15.
Everything I can find on the internet points to the X-Forwarded-Protocol https like it should do something, but I get no change. I'm also unable to get the debugging working on the remote server, though my next step may have to be compiling locally with debugging enabled to get some more clues. The last resort is to expose port 80 and redirect everything...but that requires some paperwork.
[http://pastebin.com/Rcg3p6vQ](My nginx configure arguments)
server {
listen 443 ssl;
ssl on;
ssl_certificate /path/to/cert.crt;
ssl_certificate_key /path/to/key.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name example.com;
root /home/gunicorn/project/app;
access_log /home/gunicorn/logs/access.log;
error_log /home/gunicorn/logs/error.log debug;
location /static/ {
autoindex on;
root /home/gunicorn;
}
location / {
proxy_pass http://localhost:8000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol https;
}
}
Haven't had time yet to understand exactly what these two lines do, but removing them solved my problems:
proxy_redirect off;
proxy_set_header Host $host;