I have running my Nitrogen driven application directly however because i want to use Nginx load-balancing magic i found out that the progress notifier of Nitrogen, the Spinner is not showing at all. I followed the example as at Nitrogen configuration options - bottom of the page. The example code snippet at the link is shown below.
# My config for a site that I only want serving SSL content.
server {
listen 80;
server_name www.mysite.com, mysite.com;
access_log /var/log/nginx/mysite.com.access.log;
# rewrite all requests to be SSL
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name mysite.com www.mysite.com
access_log /var/log/nginx/mysite.ssl.access.log;
ssl on;
ssl_certificate ssl/mysite/mysite.com.crt;
ssl_certificate_key ssl/mysite/mysite.com.key;
ssl_client_certificate ssl/mysite/ca.crt;
location / {
# This installation is running on port 8021, as you can plainly see.
proxy_pass http://127.0.0.1:8000;
}
}
Without Nginx the spinner works fine. I am using Nitrogen over Yaws of release as stated in the RELEASE file [{release,"nitrogen","2.3.0-beta5","5.10.3",[...,...,...,...],permanent}]. I do not what I am not doing right.
Related
I have a spring boot app running on 8080 (not https as I am not sure if this also need https enabled)
There is an nginx server that redirects requests from 80 (or 443/8443) to 8080
The nginx is secured using letsencrypt. I see this domain file in sites-enabled folder
created certificate using
sudo certbot --nginx -d {dom}.co.uk -d www.{dom}.co.uk
server {
root /var/www/{mydomain}.co.uk/html;
index index.html index.htm index.nginx-debian.html;
server_name {mydomain}.co.uk www.{mydomain}.co.uk;
location / {
#try_files $uri $uri/ =404;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/{mydomain}.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/{mydomain}.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.{mydomain}.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = {mydomain}.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name {mydomain}.co.uk www.{mydomain}.co.uk;
return 404; # managed by Certbot
}
OAuth 2 settings
In OAuth Credentials
Authorized Javascript urls (For use with requests from a browser)
https://{dom}.co.uk
Authorized redirect URIs (For use with requests from a web server)
https://{dom}.co.uk/login/oauth2/code/google
Configured redirect URL
private static API_BASE_URL = "https://{dom}.co.uk/";
private static OAUTH2_URL = AppConstants.API_BASE_URL + "oauth2/authorization/";
Question:
How to fix my
Authorisation Error
Error 400: redirect_uri_mismatch
Do I need to make my spring app also https enabled
(OR)
Any config issue nginx or redirect url etc ?
The redirect_uri you send to Google when initiating the flow must match what you put in the console.
Here you have:
https://example.co.uk/oauth2/authorization/ in the code and
https://example.co.uk/login/oauth2/code/google in the console.
Change either one to match the other. I suggest that you change your code to avoid waiting a good 5 minutes for the changes in the console to propagate.
I'm currently working on a project using spring boot and react.
I'm running spring boot on ubuntu nginx and had SSL applied using letsencrypt certbot, so the server seems to be working fine on https. When I enter https://[mydomain].com in the address bar, then it perfectly leads me to "Welcome to nginx" page and I can see that little padlock icon in front of the address bar.
The thing is, when I try to request spring boot apis through react or postman using HTTPS, then I get an ssl protocol error saying Error: write EPROTO 82281352:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../third_party/boringssl/src/ssl/tls_record.cc:242:(postman). The request works fine when I use HTTP protocol.
And when I deploy spring boot and react project, I get this error: Mixed Content: The page at 'https://[mydomain].com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://[mydomain].com:8080/community/posts'. This request has been blocked; the content must be served over HTTPS.
this is my /etc/nginx/sites-available/~ file:
server {
root /home/ubuntu/build;
index index.html index.htm index.php index.nginx-debian.html;
server_name [mydomain].com www.[mydomain].com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/[mydomain].com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/[mydomain].com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
Any idea why this is happening and how to fix it?
I want to allow my nginx server to server multiple subdomains.
Each site is served by a flask + uwsgi, listening to own ports.
All sites have many endpoints with same name, and responses are cached in different zones: I want to serve the correct cache (or correct site) from the proxy server.
I read https://askubuntu.com/questions/766352/multiple-websites-on-nginx-one-ip : in my configuration I keep having domain2 redirected to domain1.
I cannot find proper configuration for listening to uwsgi and have the proxy server serve the correct site.
How to properly set the ports and proxy_cache on the proxy_server to allow nginx serve two flask sites from a single server?
Below is my set current setup:
configuration domain_1
server {
server_name www.domain1.com;
return 301 $scheme://domain1.com$request_uri;
}
server {
listen 8000 default_server;
server_name domain1.com;
root /var/www/example_site_1;
# common locations for all sites
location / {
include uwsgi_params;
uwsgi_pass unix:/var/www/example_site_1/domain1.sock;
}
# API
location /api {
include uwsgi_params;
uwsgi_param UWSGI_SCRIPT wsgi;
uwsgi_pass unix:/var/www/example_site_1/domain1.sock;
}
}
# Set cache directory for site
proxy_cache_path /tmp/nginx/domain1 levels=1:2 keys_zone=my_zone_domain_1:10m max_size=50m inactive=60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
# Virtualhost/server configuration
server {
listen 80 default_server;
server_name domain1;
root /var/www/domain1;
## how to serve proxy_cache if locations of domain_1 and domain_2 are the same ?
location / {
proxy_cache my_zone_domain_1;
add_header X-Proxy-Cache $upstream_cache_status;
include proxy_params;
proxy_pass http://domain1.com:8000;
}
location /api {
add_header X-Proxy-Cache $upstream_cache_status;
proxy_cache my_zone_domain_1;
proxy_pass http://domain1.com:8000/api;
}
}
configuration domain_2
server {
server_name www.domain2.com;
return 301 $scheme://domain2.com$request_uri;
}
server {
listen 3000;
server_name domain2.com;
root /var/www/example_site_2;
# common locations for all sites
location / {
include uwsgi_params;
uwsgi_pass unix:/var/www/example_site_2/domain2.sock;
}
# API
location /api {
include uwsgi_params;
uwsgi_param UWSGI_SCRIPT wsgi;
uwsgi_pass unix:/var/www/example_site_2/domain2.sock;
}
}
# Set cache directory for site
proxy_cache_path /tmp/nginx/domain2 levels=1:2 keys_zone=my_zone_domain_2:10m max_size=50m inactive=60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
# Virtualhost/server configuration
server {
# I tried listening on other ports than 80, but kept having redirects on domain_1
listen 80;
server_name domain2;
root /var/www/domain2;
## how to serve proxy_cache if locations of domain_1 and domain_2 are the same ?
location / {
proxy_cache my_zone_domain_2;
add_header X-Proxy-Cache $upstream_cache_status;
include proxy_params;
proxy_pass http://domain2.com:3000;
}
location /api {
add_header X-Proxy-Cache $upstream_cache_status;
proxy_cache my_zone_domain_2;
proxy_pass http://domain2.com:3000/api;
}
}
Your domain_2 configuration uses proxy_pass http://domain2.com:8000 but there is only domain_1 server listens on the port 8000 so it gets to serve requests directed to domain_2.
I also recommend you to rethink usage of proxy_pass in your configuration, it isn't really necessary.
I found the culprit was Uwsgi : it was loaded from usr/bin folder, and not from virtual environment folder of my app.
Maybe virtualenv folder was corrupted: when I tried to re-install uwsgi (pip install uwsgi), it kept saying requirements satisfied until I noticed that which uwsgi was not loaded from virtualenv.
I had to remove and reinstall virtualenv folder with uwsgi and python modules.
Now applications were running (answer to the question), but proxy_server configuration has to be further adjusted in my case.
The following may be useful for people making use of url_for() directives in flask: url_for() directive routes to an absolute path, which may conflict with the nginx proxy.
Example: nginx proxy server listens on domains2.com on port 80, proxy_pass /path location to http://domain2.com:3000; if flask is redirecting a route to /path (with url_for()), the resulting url will be http://domain2.com:3000/path (because it follows the port specified in absolute path) instead of http://domain2.com/path (the url of the proxy).
Add proxy_set_header Host $http_host; to /path location to allow nginx proxy follow the correct redirect of your flask application.
I have inherited a website that is running Magento & nginx. I know virtually nothing about nginx and know a fair amount about Magento. The site is configured to use the Amazon Cloudfront CDN however all of the images, js & css are returning a 301 redirect to the origin site. I have a development site running Apache with the same Magento, MySQL & Cloudfront setup that is functioning correctly with this setup so I am pretty sure it is a problem with the config file for nginx. There have been some rewrites written in to the file and my assumption is that when the request for an asset at skin.mydomain.com is made it is redirecting to www.mydomain.com instead of serving the file from the CDN. I have CNAME records setup for js.mydomain.com, skin.mydomain.com and cloud.mydomain.com that all point to the same Cloudfront CDN. Here is the portion of the nginx config file that would seem to be applicable:
server {
listen 80;
##127.0.0.1:8080
server_name mydomain.com;
rewrite / $scheme://www.$host$request_uri permanent; ## Forcibly prepend a www
}
server {
listen 80;
##127.0.0.1:8080 default
## SSL directives might go here
listen 443 default ssl;
ssl_certificate /etc/nginx/
ssl_certificate_key /etc/nginx/
server_name www.mydomain.com;
## *.mydomain.com; Domain is here twice so server_name_in_redirect will favour the www
root /var/www/magento;
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ #handler; ## If missing pass the URI to Magento's front handler
expires 30d;
if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)$") {
access_log off;
expires max;
}
port_in_redirect off;
}
Any help would be appreciated as I have been working on this pretty much all day and would like to stop working on it at some point.
Thanks!
It appears the first server directive is forcing a rewrite of the www.
server {
. . .
rewrite / $scheme://www.$host$request_uri permanent; ## Forcibly prepend a www
. . .
}
I'm currently trying to deploy a website in two directories. Despite the lot of documentations on it, I was not able to obtain the behavior that I wish. This is the architecture of the websites :
The main website page is stored in /opt/www/mainsite/index.html
The second webiste (working with CodeIgniter) is stored in /opt/www/apps/myapp/index.php
I wish configure nginx to obtain this behavior :
All requests in http must be redirect to https
www.mydomain.com must point to /opt/www/mainsite/index.html
www.mydomain.com/myapp must point to /opt/www/apps/myapp/index.php
currently, my config file contains :
# redirect http to https
server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
# main webiste
server {
listen 443;
# ssl elements...
root /opt/www/mainsite;
index index.html;
server_name www.mydomain.com;
location / {
try_files $uri $uri/ /index.html;
}
}
On this page I found all the informations to set the config file for CodeIgniter. But I don't know how to create the rules to point mydomain.com/myapp on the CodeIgniter folder and how to configure CodeIgniter in order to set the right configuration.
Is anybody can help me?
thanks in advance
You need http://wiki.nginx.org/HttpFastcgiModule to setup CodeIgniter.
Using 2 server blocks is better than using if block for redirect. See IF is Evil.
Don't use $host because that variable value is obtained from the request's HOST header, and can be easily faked. Always set a server_name directive and use that name instead.
Using "return 301" directive is better than a rewrite. Saving cpu time (regex is slow) and easy to follow. Note that a 302 redirect (rewrite...redirect) has side effect because 302 will turn all POST requests to GET requests, which is not good in your case.
You don't need try_files in the main site because the main site just serves static files. But you can use 'expires' directive to allow browser to cache the static files.
server {
listen 80;
server_name www.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name www.mydomain.com;
# ssl elements...
location / {
root /opt/www/mainsite;
index index.html;
expires max;
}
location /myapp {
root /opt/www/apps/myapp;
# fastcgi module goes here...
}
}
server {
listen 80;
listen 443 ssl;
…
if ($scheme != "https") {
rewrite ^ https://$server_name$request_uri? redirect;
}
root /opt/www/mainsite/;
location /myapp {
root /opt/www/apps/myapp/;
}
}
You'd put whatever configuration that is necessary for your myapp within the location for myapp.
BTW, it is generally a bad idea to host multiple independent apps within a single Host, because of XSS concerns.