I am new to Nginx.
My requirement is I need to make a service call but along with proxy passing that request, I need to make call to another service/servlet. For this I decided to use Echo module to use the echo_subrequest_async option.
However the subrequest is not working and even simple echo print is not working. Where does echo "hello" supposed to go? to the client side (my guess)
Below is my configuration (some notes):
Both the servers are java servers which are running on my local box
my os is mac osx version 10.9.5
3, I compile nginx 1.6.2 from source and with modules pcre and http echo
nginx version: nginx/1.6.2
built by clang 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
configure arguments: --with-pcre=/Users/xxxx/project/pcre-8.35 --add-module=/Users/xxxx/project/echo-nginx-module-0.57 --with-cc-opt=-Wno-deprecated-declarations
nginx config I have used is as follows
http {
server {
listen 80;
server_name localhost;
# this will handle the initial request
location /messaging-service {
default_type "text/plain";
echo "in the messaging service call";
echo_flush;
echo_subrequest_async GET '/mywebapp/second';
proxy_pass http://localhost:8090/messaging-service/;
}
# this is where the sub request should go,note its different service
location /mywebapp/second {
echo "Going to make another call on different server !!";
echo_flush;
proxy_pass http://localhost:8080/mywebapp/second/;
}
}
}
Related
It was a project with a base of springboot + thymeleaf.
I want to use the web server by using nginx to place the resource files of thymeleaf on the web server.
Running nginx and spring boot project (WAS) with docker container.
nginx uses a port number of 8003:80 and WAS 8002:8080.
At this time, I want to know the settings of nginx.conf and the settings of the application.yml file of WAS.
In the linux environment, there is a situation where mapping is not working properly depending on whether or not thymeleaf is "/", so I want to solve this.
The settings for nginx.conf are as follows.
server {
listen 80;
location / {
proxy_pass http://ipaddr:8002;
...
}
location /templates {
root /usr/resources/templates;
}
location /css/ {
alias /usr/resources/static;
}
}
The application.yml setting for WAS is as follows.
thymeleaf:
prefix: /usr/resources/templates/
suffix: .html
Some are omitted, but by default, they refer to the directory in the same way as above.
When you run each server, the was server and nginx seem to be calling normally, but they don't seem to map the screen that will eventually be displayed properly.
[TemplatesInputException: Error resolving template [common/pagename], template might not exist or might not be accessible by any of the configured Template Resolves]
An error is occurring. Please Help me.
I tried to modify the nginx.conf file in nginx and the application.yml file in was server in many ways.
I have tried to Proxy Auto Configuration that like follows on Windows10.
But it does not seems like be enabled.
I would like to decrypt HTTPS from specific IP address with mitmproxy but it does not pass through the proxy.
Why?
This Proxy Auto Configuration (PAC) file hosted by a HTTP server on LAN.
As a probability, some of applications does not follow this configuration if the applications adopt there own HTTPS library instead of windows builtin one?
My pac file:
function FindProxyForURL(url, host) {
if (host.indexOf("125.29.56.129") >= 0 || url.indexOf("125.29.56.129")) {
return "HTTPS 192.168.1.16:11161; DIRECT";
} else {
return "DIRECT";
}
}
I am following the elasticsearch nginx integration tutorial for windows. I have generated the password using openssl.
The question is what should be the extension for the passwords file and where should it be placed.
I keep getting this error message but it is very unclear to me what exactly the issue is
C:\Program Files\nginx-1.12.1\nginx-1.12.1>nginx -s reload nginx:
[error] OpenEvent("Global\ngx_reload_4428") failed (2: The system
cannot find the file specified)
Currently, the file is present inside the configs directory
events {
worker_connections 1024;
}
http {
upstream elasticsearch {
server 127.0.0.1:9200;
}
server {
listen 8080;
auth_basic "Protected Elasticsearch";
auth_basic_user_file passwords;
location / {
proxy_pass http://elasticsearch;
proxy_redirect off;
}
}
}
You have to specify full path for the password file location:
location / {
auth_basic "Secure Area (or whatever description you want)";
auth_basic_user_file /etc/nginx/auth/nginx.passwd;
... (other settings)
}
The example above works on Unix/Linux servers running nginx. Since you're running Windows I suppose you have to specify full path like C:\Program Files\nginx-1.12.1\nginx-1.12.1\nginx.passwd
Depending what exactly you want to restrict you might need to place the rule inside or outside of the location / {} block. Supposing you need to allow full access to your server/site and only restrict let's say /private then you will add the basic auth in:
location /private {
...
}
I'm trying to set up Nginx on my Windows development environment. I can't find how to create something similar to "sites-enabled" on Linux where Nginx would look for (links to) active virtual host configurations.
Is there a way to do something similar with a directory with shortcuts to the actual configuration files and Nginx scanning that directory? Or is there another way to hook up a virtual host configuration other than copying the host configuration to nginx.conf?
In windows you have to give full path of the directory where the config files are located. There are two files to update: nginx.conf, which tells nginx where to find web sites, and localhost.conf, which is the configuration for a web site.
It is assumed that nginx is installed in C:\nginx. If the installation directory is at another path, you will have to update that path accordingly, wherever it appears in the following two configuration files.
nginx.conf
Location: C:\nginx\conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#to read external configuration.
include "C:/nginx/conf/sites-enabled/*.conf";
}
localhost.conf
Location: C:\nginx\conf\sites-enabled
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
The "sites-enabled" approach as used by some Linux packages of nginx utilize include directive, which understands shell wildcards, see http://nginx.org/r/include. You may use it in your own config as well, e.g.
http {
...
include /path/to/sites/*.conf;
}
Note though that such approach might be very confusing (in particular, it would be hard to tell which server{} is the default one unless you use default_server explicitly).
The following worked for me but only AFTER I moved my main nginx exe folder from c:/Program Files (x86)/nginx-1.7.0 to c:/nginx-1.7.0 (because I think it doesn't handle spaces in file paths well):
http {
...
include "f:/code/mysite/dev-ops/nginx/dev/mysite.conf";
}
Till the time of writing this answer (7 Jan 2022) non of the other answers fully answer this question.
Wildcards (include a/*.b) just include a list of vhosts which cannot be disabled/enabled. sites-enabled and sites-available is about being able to disable a vhost without deleting the corresponding config file.
Nginx has only one config file (nginx.conf), which in turn includes other files. The ability to include files is what led to enabled/available design.
So the directory structure goes as follows:
conf // or whatever
|__nginx.conf
|__sites-enabled
|____default // symlink to sites-available/default.conf
|__sites-available
|____default.conf // You can omit the extension but I just like it
|____whatever.conf
|____some vhost.conf
|____another vhost.conf
|____disabled vhost.conf
|____other config files ...
# nginx.conf
http {
# ...
include path/to/sites-enabled/*; # include the enabled ones
}
In windows (cmd) you do:
mklink Link Target
# for example
mklink default X:/path/to/nginx/conf/sites-available/default.conf
Many think that windows doesn't have symlinks, it does :-)
I use a slightly more complex config directory structure, for development:
conf/
|__nginx.conf
|__sites-enabled/
|____some-site // sites-available/some-site/{env} where {env} is either dev or prod
|__sites-available/
|____some-site/
|______prod.conf
|______dev.conf
|______dev/
|________www.conf // vhost (server {}) for the www subdomain
|________api.conf // same as above but for the api subdomain
|________root.conf // vhost for the top level domain (e.g example.com without any subdomain prefix)
|______prod/
|________www.conf
|________api.conf
|________root.conf
|______snippets/
|________http.conf // listen on ipv4 80/ipv6 80 and redirect http to https
|________https.conf // listen on ipv4 443 ssl/ipv6 443 ssl and `include`s ssl.conf
|________ssl.conf // ssl config, pay attention to permission
You can include your config with a relative path in your nginx.config (the relative path is just the path of the config file itself in contrast to the logs path for example):
http {
include mime.types;
default_type application/octet-stream;
include ../sites-enabled/*.conf;
...
}
I couldn't find any way to disable Passenger's X-Powered-By header:
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.11
Is it possible to do that without modifying its sources and removing headers on the HTTP server level?
On Apache you can unset headers:
# Hide/Remove the Passenger Headers
Header always unset "X-Powered-By"
Header always unset "X-Runtime"
It will not remove all names (since services such as Plesk will still append their name), but Passenger can be removed this way.
Kudos to John Trupiano:
https://groups.google.com/forum/?fromgroups=#!topic/phusion-passenger/LKAKH0PEyW0
Short answer: YES.
update: 2018
Use proxy_hide_header if downstream, or use more_clear_headers
Original Answer
I leave the fact that I use nginx+passenger .. but you can completely remove them with
remove_header X-Header-Name-To-Remove;
So you can remove both by
server {
...
remove_header X-Powered-By;
remove_header X-Runtime;
...
}
This removes all the headers, it can also be in a location directive instead of server.
..
Here are my common directives, as I leave 'apache prod' equiv on mine.
server {
...
remove_header X-Runtime;
server_tokens off;
passenger_show_version_in_header off;
...
}
Provides a service header like..
Server:nginx + Phusion Passenger
X-Powered-By:Phusion Passenger
This is the closest equiv of apache2 ServerTokens Prod directive that I can do.
Short answer: no.
There is no configuration option in passenger to disable the X-Powered-by, so you need to do one of
filter
edit source
monkeypatch
passenger code:
#RequestHandler::process_request
headers_output = [
STATUS, status.to_i.to_s, CRLF,
X_POWERED_BY, #passenger_header, CRLF
]
#AbstractRequestHandler::initialize
#passenger_header = determine_passenger_header
#AbstractRequestHandler::determine_passenger_header
def determine_passenger_header
header = "Phusion Passenger (mod_rails/mod_rack)"
if #options["show_version_in_header"]
header << " #{VERSION_STRING}"
end
if File.exist?("#{SOURCE_ROOT}/enterprisey.txt") ||
File.exist?("/etc/passenger_enterprisey.txt")
header << ", Enterprise Edition"
end
return header
end
more_clear_headers 'Server' 'X-Powered-By' 'X-Runtime'; works for me as mentioned in http://www.michaelrigart.be/en/blog/nginx-and-passenger-install-in-production-environment.html.
To completely remove X-Powered-By and Server headers from Nginx+Passenger and not just hide versions, add this to your http block in nginx.conf:
server_tokens off;
more_clear_headers Server;
more_clear_headers X-Powered-By;
You could also set your own:
more_set_headers "Server: ACME";
This will work even if passenger_show_version_in_header off; is not set, but it might be smart to add it as well in case.
Remember to restart the server for these to take affect. You should test your config before restart though: sudo nginx -t.
Information via calvin.my