I have two seperate server one for domain.com and another for sub.domain.com, and I store sessions using flask-session and following configuration:
SERVER_NAME = 'domain.com'
SESSION_COOKIE_DOMAIN = ".domain.com"
# Flask-Session
SESSION_TYPE = 'redis'
SESSION_REDIS = Redis(host='192.168.10.10', port=6379, db=0)
further more I am using reverse proxy using nginx and:
proxy_set_header Host $host;
When I login on domain.com everything is ok but when I refresh sub.domain.com, user logs out on domain.com(sub.domain.com creates another session and overrides the one which is created by domain.com). Authentication is done by flask-login and it's on domain.com (sub.domain.com only should get them).
I don't know what's going wrong and I appreciate any help.
Update:
I tried to run flask without uwsgi and it works as it should, but when I uwsgi and nginx the problem persists. I think something is wrong with my uwsgi or nginx config.
# uwsgi.ini
[uwsgi]
master = true
enable-threads = true
process = 3
plugin = python
socket = /tmp/name.sock
base = /var/www/app
chdir = %(base)
wsgi-file = %(base)/manage.py
callable = app
# nginx.conf
server {
listen 8001;
location / {
include uwsgi_params;
uwsgi_pass unix:///tmp/name.sock;
}
}
By mistake I thought it has nothing to do with my reverse proxy or uwsgi. Actually it was problem with reverse proxy and I could solve my problem by adding following rules to nginx:
proxy_cookie_domain media.$host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
Related
I have trouble configuring SSL with reverse proxy.
What I have: Proxmox installed with 3 containers - 2 containers are with websites and 3rd is a reverse proxy.
Container 1
domain1.com
domain2.com
Container 2
domain3.com
domain4.com
Public IP points to Container 3 (which is a reverse proxy).
How and "where" (on containers, on the reverse proxy, or on both) should I issue an SSL certificate? I want all of the domains to work only via HTTPS.
Reverse proxy has the following configuration:
server {
listen 80;
server_name domain1.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.100:80;# Container 1
}
}
server {
listen 80;
server_name domain2.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.100:80;# Container 1
}
}
server {
listen 80;
server_name domain3.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.200:80;# Container 2
}
}
server {
listen 80;
server_name domain4.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.4.200:80;# Container 2
}
}
Update: I am able to issue a domain certificate but to make everything work I have to put these certificates on BOTH containers: for reverse proxy and container with domain/website itself. I believe it's kind of dirty and hard to maintain. Please advise
I would just add the SSL certificates to the reverse Proxy and use http to the internal web servers (containers)
I setup my Laravel project in Nginx using reverse-proxy.
Here is my reverse-proxy.conf for the project
server {
listen 8090;
listen [::]:8090;
access_log /var/log/nginx/localhost.laravel-access.log;
error_log /var/log/nginx/locahost.laravel-error.log error;
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ^~ / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_pass http://XXX.XX.X.X:8082/;
}
}
currently the setup is listening to port 8090. so when I access the project, it is on
XXX.XXX.X.XXX:8090/login
the problem here is, after inputting the login credentials to my project, the port 8090 loses, and I am redirected into the
XXX.XXX.X.XXX
IP address only.
Thank you
if you can set APP_URL in env file
APP_URL=http://localhost:8090
Or set url in config/app.php
'url' => env('APP_URL', 'http://localhost:8090'),
then
php artisan config:clear
I have used subdomain for my website eg login.xyz.comand it should be pointing toward xyz.com/login. This thing works fine but the issue is this login.xyz.com works me for every page. Even if i am logged in inside the webste the login.xyz.com becomes login.xyz.com/abc. How can i resolve this issue.
This is the below code which I have used :
server {
listen 80 default_server;
server_name login.xyz.com.com;
location / {
proxy_pass http://localhost.com/login;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
I've not used Varnish before but I need to install it on our Magento site to help speed things up.
I've found lots of articles on how to set up Varnish on Centos 7, PHP-FPM etc but none that runs with CentOS7, Nginx, PHP-FPM AND SSL.
As I understand it, Varnish doesn't natievly work with SSL so you need to do some Nginx jiggery-pokery to get things working.
This is also a multi-store Magento site so that adds another layer of complication.
Does anybody have any information to help with this?
I will show you my own Nginx config files to make this works. This is Debian 9 not Centos 7, but Nginx should works in the same way.
If someone have a better configuration, or advices, i will listen carfully... I am a Magento dev not a system admin. I have a lot to learn about Nginx & Varnish.
Here, Varnish is listening port 6081.
I created a Varnish Proxy to redirect HTTPS requests to HTTP varnish. In /etc/nginx/sites-available/proxy.website.com :
## HTTPS termination & Varnish proxy
server {
server_name en.website.com fr.website.com es.website.com de.website.com;
listen 443 ssl http2;
access_log /var/www/log/varnish-proxy.log;
error_log /var/www/log/varnish-proxy.error.log;
include /etc/nginx/conf/ssl.conf;
keepalive_timeout 300s;
location / {
#BYPASS VARNISH
#proxy_pass http://127.0.0.1:611;
#VARNISH ENABLED
proxy_pass http://127.0.0.1:6081;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Secure on;
proxy_set_header X-Magento-Debug 1;
}
}
Then, my vhost in /etc/nginx/sites-available/website.com :
upstream fastcgi_backend { # USE YOUR OWN CONFIG HERE
# use tcp connection
# server 127.0.0.1:9000;
# or socket
server unix:/var/run/php7.1-fpm.sock;
}
map $http_host $MAGE_RUN_CODE_GLOBAL { # USE YOUR OWN CONFIG HERE
en.website.com en;
fr.website.com fr;
es.website.com es;
de.website.com de;
}
# Redirect to https
server {
server_name en.website.com fr.website.com es.website.com de.website.com;
listen 80;
location ~ /.well-known {
allow all;
}
return 301 https://$http_host$request_uri;
}
# Redirect to https
server {
server_name _;
listen 611;
set $MAGE_ROOT /var/www/magento;
set $MAGE_MODE developer;
set $MAGE_RUN_TYPE store;
set $MAGE_RUN_CODE $MAGE_RUN_CODE_GLOBAL;
set $HTTPS_FORWARD on;
set $FPM_USER www-data;
access_log /var/www/log/website.com.access.log;
error_log /var/www/log/website.com.error.log error;
include /var/www/magento/nginx.conf.sample;
}
Enable your vhosts
sudo ln -s /etc/nginx/sites-available/proxy.website.com /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/website.com /etc/nginx/sites-enabled/
Restart nginx. -t will test your configuration files, -s reload will reload Nginx config without interupting the service :
nginx -t && nginx -s reload
EDIT :
Edit Varnish startup config :
CentOS 6: /etc/sysconfig/varnish
CentOS 7: /etc/varnish/varnish.params
Debian/Ubuntu: /etc/default/varnish
...
## Alternative 2, Configuration with VCL
DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,1024m \
-p workspace_backend=256 \
-p http_resp_hdr_len=42000"
...
In Magento admin :
set Stores > Configuration > Advanced > System > Full Page Cache > Caching Application to Varnish Cache
Now clic on the new "Varnish Configuration" Filed
Set Access list and Backend host to localhost. I don't know what are the other options.
Save configuration changes
Clic Export VCL according to your Varnish's version
Upload the Magento VCL
Backup the default varnish VCL /etc/varnish/default.vcl to /etc/varnish/default.vcl.bkp
Put the magento VCL in a new /etc/varnish/default.vcl file.
Edit the first lines :
vcl 4.0; import std;
backend default {
.host = "127.0.0.1";
.port = "404";
}
backend mywebsite {
.host = "127.0.0.1";
.port = "611";
}
acl purge {
"localhost";
}
sub vcl_recv {
if (req.http.host ~ "website.com") {
set req.backend_hint = mywebsite;
} else {
set req.backend_hint = default;
}
...
Sometimes, you will have to handle special cases like disabling Varnish for some URLs.
Go to your /etc/varnish/default.vcl and edit this like you need. It's quite obscur the first time you see the VCL, but in the end it's not that hard to understand.
Or edit your varnish proxy that way :
## HTTPS termination & Varnish proxy
server {
...
location ^~ /sitemap {
#BYPASS VARNISH
proxy_pass http://127.0.0.1:611;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Secure on;
}
...
}
I'm trying to host multiple Node JS servers proxied through Nginx, which is working correctly. One server is hosted at '/', with another hosted at, for example, '/one'. The relevant Nginx config for this setup is below.
upstream host_com {
server 127.0.0.1:3000;
keepalive 8;
}
upstream one_host_com {
server 127.0.0.1:3010;
keepalive 8;
}
server {
listen 80;
access_log /var/log/nginx/host.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://host_com/;
proxy_redirect off;
}
location /one {
rewrite ^(/one)+/(.*)$ /$2 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $proxy_host; #$http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://one_host_com/;
proxy_redirect off;
}
}
However, when I do an AJAX call from the '/one' testbed, like below:
$.getJSON( '/get_stuff', function(data) { .. });
The post goes to '/get_stuff' when I want it to go to '/one/get_stuff'. How can I get Nginx to direct to NodeJS but still maintain the location? Is there a better way to implement this?
Try removing the leading slash in your JavaScript, e.g. $.getJSON( 'get_stuff', function(data) { .. });. By including the leading slash you are asking for a path at the root of the domain but I think you want the path relative to the url you are presently at.