Is there a way around to avoid CORS issue using nginx. My one application is running no netty-server which comes with play framework using joc.lan as domain name and other application is on php web server which i had integrated in my application which uses iframe to load and it uses chat.joc.lan as domain name which is a subdomain of joc.lan.
So,when anyone of my application tries to access any data for other application,the error i get on console is
Uncaught SecurityError: Blocked a frame with origin
"http://chat.joc.lan" from accessing a frame with origin
"http://joc.lan". Protocols, domains, and ports must match.
I had resolved this error by setting document.domain on both application as the main domain name which is joc.lan.
And for ajax requests i am using JSONP.
I had read somewhere it's not supported on firefox and IE.
The first once is for my main application joc.lan
server {
listen 80;
server_name joc.lan;
location / {
proxy_pass http://localhost:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
the second one i am interating inside joc.lan using iframe.
server {
listen 80;
server_name chat.joc.lan;
root /opt/apps/flyhi/chat;
index index.php;
# caching for images and disable access log for images
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml|ttf|eot)$ {
access_log off;
expires 360d;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9007
location ~ \.php {
fastcgi_pass 127.0.0.1:9011;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?r=$request_uri;
}
I am not sure but you can set the parameters in nginx config file for allowing CORS in all browsers.
This link can be a help where there is nginx config file is given to allow CORS
Related
I need to pass/set custom header from Nginx block to server (not response header) to detect the tenant.
I have tried with Nginx proxy but failed: Here is my code:
server {
server_name app.another.com www.app.another.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header tenant-id 1001;
proxy_pass ...domain.com ;
proxy_redirect ...domain.com ....app.another.com;
}
}
Error:
" 786 worker_connections are not enough while connecting to upstream "
I also change worker_connections to 20000 but show
" ... accept4() failed (24: Too many open files) ..."
&
"... socket() failed (24: Too many open files) while connecting to upstream ..."
after fixing this error the again arise previous error.
I also tried without proxy but can not pass custom header to request (not in response).
location / {
add_header tenant-id 10010;
try_files $uri $uri/ /index.php?$query_string;
}
*** It's a Laravel based Application.
Issue Fixed.
-- must pass local host (with port) like: localhost:808 / 127.0.0.1:808 (if same ip)
-- Laravel generates URL with HTTP (not https) because we proxy_pass to http://localhost.
For fixing this issue add URL::forceScheme('https') to AppServiceProvider inside boot method;
I am having issues trying to setup a second set of locations for my Nginx Setup. I currently have 1 working route, that uses reverse proxy to a NodeJS Express server.
I am tryin to setup a second location to serve a laravel project, here is my Nginx config file, I know there are some errors, but after googling I coulnd't find an answer on my own.
Thanks
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name some.server.com
ssl on;
ssl_certificate /etc/letsencrypt/live/some.server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/some.server.com/privkey.pem;
# This doesnt work, its a laravel project
# Theres something wrong with my try_files
location /project2 {
root /home/ubuntu/project2/public/;
try_files $uri $uri/ /index.php?$query_string;
}
# This works, I am reverse proxying to NodeJS Application
location / {
proxy_pass http://localhost:3001;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
You need to add something to the /project2 that tells nginx how to handle php files. a block that will know what to do with
I grabbed the following from here. I updated your location regex, though I haven't tested, so you may need to fix it (everything about nginx is trial and error until it works):
location ~* /project2/(.*\.php)$ {
root /home/ubuntu/project2/public/;
try_files $1 $1/ $1/index.php?$query_string;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
You are serving from /home/ubuntu/project2/public/, but your php urls end with project2, so you need to do a bit of regex magic to extract the proper url.
Of course, if you can make things simpler with your directory structure, you can use a simpler regex.
I'm new to Nginx and EC2 and trying to add some simple authentication as below. It's a one page app and i want to secure the access to the page but not the tile server. With no authentication all works well. With authentication as the below I get back an error saying;
http://map.domain.org.uk is requesting your username and password. The site says: “GeoServer Realm”
I think this is because I've set authentication for any location and the tiles sit under that. How would I set up to just require authentication for the equivalent of a landing page?
server {
listen 80;
listen [::]:80;
root /var/www/domain.org.uk/public_html;
index index.html;
server_name domain.org.uk www.domain.org.uk map.domain.org.uk;
access_log /var/log/nginx/domain.org.uk.access.log;
error_log /var/log/nginx/domain.org.uk.error.log;
# auth_basic "Server level Password required to proceed";
# auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
location /geoserver/gwc/service/wmts {
auth_basic off;
#also tested without auth_basic off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/geoserver/gwc/service/wmts;
}
location / {
try_files $uri $uri/ =404;
auth_basic "Location level Password required to proceed";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
}
}
Try running http://localhost:8080/geoserver/wms?request=GetCapabilities
Also, I think This is useful for you in this case.
This uses curl utility to issue HTTP requests that test authentication. Install curl before proceeding.
Also, check /etc/nginx/sites-available/example.com Here on Linode.
Example
upstream appcluster{
server linode.example.com:8801;
server linode.example.com:8802 weight=1;
}
So I have a web app project on my server with 2 directories:
1) frontend - a nodejs app (next.js) that I start with pm2.
2) api - the laravel backend api
I also the have nginx installed and tried this as my server settings:
server {
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 80;
listen [::]:80;
root /project/api/public;
index index.php index.html index.htm;
location / {
try_files $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Now when i go to my web address the frontend part works so when i go to example.com I see my web app (so the config for the proxy to port 3000 works).
Howvever the backend/api does not work, i think because it does not redirect to the api when i perform a backend task. like
http://example.com:3000/api/auth/login/ should go to my laravel app.
"/api/..." is the backend endpoints.
I think I need to somehow define a location /api {} to go to the laravel app.
Any help to get ths working would be appreciated.
You have 2 "location /" definitions... One is clobbering the other.
Try using the following for your second definition:
location /api {
try_files $uri/ /index.php?$query_string;
}
I'm running Ubuntu Server 14.04. I installed Tomcat 7 as a server and Nginx as a reverse proxy. Then I also installed PhpMyAdmin and got that working. The only problem I now have is that none of the images for PhpMyAdmin is showing. I've done a lot of searching on this issue and have found several ways to fix it but none of them work for particular instance. I set up my Nginx configuration in such a way that any request gets forwarded to my Tomcat server except when it ends in .php, in which case it forwards (correctly) to PhpMyAdmin. Here's (the important parts) of my nginx configuration (etc/nginx/sites-enabled/default):
server {
listen 80 default_server;
server_name 123.123.123.123; # fake Ip address
root /usr/share/nginx/html;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat_server;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I have a very basic knowledge of the above, so excuse me for not knowing how the location closures really work or what their contents do.
What I think I need to do is rewrite those to location closures in such a way that requests containing /phpmyadmin/ + anything here + .png or .jpg, etc gets forwarded to the right directory. Please let me know if this is not the best way of doing it though. Otherwise please let me know how to rewrite my location closures to do what I want it to do. It seems that PhpMyAdmin's images are stored at /usr/share/nginx/html/phpmyadmin/themes/ if that helps. Let me know if I need to supply any additional information.