I have minIO storage with a video folder inside the bucket where all the videos are uploaded.
I have configured Nginx proxy_pass to this folder to access the videos. I use the http://nginx.org/en/docs/http/ngx_http_mp4_module.html module. Everything works fine, I mean videos are available through the link (http://localhost:8888/videos/1.mp4), and playback also works.
The problem is, I want to request some range of the video, but the start-end parameters don't work (for example http://localhost:8888/videos/1.mp4?start=100&end=220), every time it gives me a complete video. Is it possible to use them in my case or for any workaround?
my Nginx configuration
server {
listen 8888;
server_name localhost;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
#charset koi8-r;
#access_log logs/host.access.log main;
# Proxy requests to the bucket "photos" to MinIO server running on port 9000
location /videos {
mp4;
mp4_buffer_size 5m;
mp4_max_buffer_size 10m;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
#add_header Accept-Ranges;
add_header Accept-Ranges bytes;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://127.0.0.1:9000/mybucket/videos;
}
}
Related
I'm in the unfortunate situation that I need to extend my react application with an iframe containing an external application.
My application is hosted by a nginx reverse proxy that handles /api and signalr communication.
Unfortunately it also handles the outbout iframe src url.
in this example my site is on the url https://example.com
The iframe src url is in this case "https://external-site.com/someapp/session?token=1234"
When i see the requests in the browser the url has changed to https://example.com/esternal-site.com/someapp/session?token=1234, which needless to say is not working out of the box.
I've been toying with the nginx configuration but has been unable to just pass the request through without modification.
The iframe/destination works as expected when running locally.
I've attempted with a few different configuations inspired by stackoverflow and medium etc. but they've all returned various error codes.
the server runs on port 80, but https is handled by ingress on azure.
This is what i have currently:
upstream bff_service {
server ${BFF_HOST}:${BFF_PORT};
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 75s;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header Set-Cookie "msal_client_id=${BFF_MSAL_CLIENT_ID};Path=/;Secure";
}
location /api {
proxy_read_timeout 300s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host ${BFF_HOST};
proxy_set_header X-NginX-Proxy true;
proxy_pass ${BFF_PROTOCOL}://bff_service;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
}
location ^~ /external-site.com {
add_header Content-Security-Policy "frame-src 'self' https://external-site.com";
proxy_pass https://external-site.com/$request_uri;
}
}
I've also tried adding the lines below to the location:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
I'm looking for a configuration that allows me to embed an iframe with an external location. Perhaps even avoid nginx proxying it at all?
I am using the following Nginx reverse proxy configuration.
server {
listen 80;
listen [::]:80;
server_name www.test.com;
access_log /var/log/nginx/www.test.com.access.log;
error_log /var/log/nginx/www.test.com.error.log warn;
location / {
proxy_pass http://12.23.45.78:8080;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
By adding the access_log and error_log parameters, it will log the access log.
Now I want to skip some logging, such as not logging favicon.ico and apple-touch-icon.png, so I added the following configuration.
location ~* ^/(?:favicon|apple-touch-icon) {
log_not_found off;
access_log off;
}
But here is the problem, when I do this, http://www.test.com/favicon.ico will not be accessed properly, it prompts "404 Not Found" error.
It seems to indicate that the reverse proxy host is taking over the favicon.ico access without forwarding it to upstream for processing, is this normal Nginx behavior please?
If this is normal behavior, how should I set not to log for a given resource?
Any help is appreciated in advance!
Every request ends up in some location (if not being finished before). Every location uses its own content handler. Unless you specify something explicitly via content handler declaration directive (examples include, bit not limited to proxy_pass, fastcgi_pass, uwsgi_pass, etc.), it will be a static content handler to serve the requested content from local filesystem. Check my ServerFault answers (1, 2) to find out some more details.
In some cases such a task can be solved using the map block, e.g.
map $uri $log {
~^/(?:favicon|apple-touch-icon) off;
default /var/log/nginx/access.log;
}
server {
...
access_log $log;
This approach can work when you need to implement lets say conditional basic auth (example). Unfortunately it won't work with the access_log directive - instead nginx will create the second log file named off for icon requests. So if you want every request to be passed to the 12.23.45.78 upstream, I don't see any other way but to duplicate content handler declaration for both locations. However every other used directive can be moved one level up, thus being inherited by both locations:
server {
listen 80;
listen [::]:80;
server_name www.test.com;
error_log /var/log/nginx/www.test.com.error.log warn;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
location / {
access_log /var/log/nginx/www.test.com.access.log;
proxy_pass http://12.23.45.78:8080;
}
location ~ ^/(?:fav|apple-touch-)icon {
access_log off;
proxy_pass http://12.23.45.78:8080;
}
}
On the other hand, nothing can stop you from serving those two files locally and not passing those requests anywhere. Just put them into some dedicated directory and use a location with a static content handler:
location ~ ^/(?:fav|apple-touch-)icon {
access_log off;
root /full/path/to/folder/with/icons;
}
I have a cluster glassfish instance running in Ubuntu 12.04 server with nginx as the front-end.
I have configured glassfish upstream in nginx conf file and proxy params are all set.
nginx.conf
glassfish_custer ( upstream name )
Now the problem is,
I added a file realm in glassfish with username and password entries to enable basic authentication for one of my applications.
I added necessary login config params in web.xml file, bundled war and deployed in glassfish server and when I fire url,
http://domain.com/application
It falls in redirect loop
https://domain.com/application
It happens only when I enable basic authentication. If I switch off, everything is working as expected.
I think I need to set some proxy header params and change auth settings in glassfish admin console for http listener ?
If anyone experienced this issue before, Please let me know....
In short, How to make basic authentication works in nginx load balancer with glassfish as the upstream
UPDATE 1:
nginx.conf
## http redirects to https ##
server {
#listen [::]:80;
listen 80;
server_name domain.com www.domain.com;
location / {
try_files $uri $uri/ #backend;
}
location #backend {
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header x-forwarded-for $remote_addr;
proxy_pass http://glassfish_servers;
proxy_intercept_errors on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
# Strict Transport Security
# add_header Strict-Transport-Security max-age=2592000;
# rewrite ^/.*$ https://$host$request_uri? permanent;
}
server {
listen 443 ssl;
#listen [::]:443 ssl;
server_name domain.com www.domain.com;
location / {
try_files $uri $uri/ #backend;
}
## default location ##
location #backend {
proxy_buffering off;
proxy_pass http://glassfish_servers;
proxy_intercept_errors on;
#proxy_http_version 1.1;
#proxy_set_header Connection "";
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
# set headers
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
#proxy_redirect off;
}
ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/domain_com.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!$
}
Answering my own question.
Having this xml configuration in web.xml was the root cause of the redirection loop.
Since I added "CONFIDENTIAL" as the authority value, http request were getting redirected to https when request hit backend glassfish instance.
I changed this value to "NONE" and everything worked like charm.
<security-constraint>
<web-resource-collection>
<web-resource-name>wholesale</web-resource-name>
<url-pattern>/acme/wholesale/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>PARTNER</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Make the following changes
Change <transport-guarantee>CONFIDENTIAL</transport-guarantee>
to
<transport-guarantee>NONE</transport-guarantee>
Also, make sure to set proper proxy header values in nginx conf file (or) if you configured sites conf files separately in sites-available folder, pls add the following proxy headers
proxy_set_header x-forwarded-for $remote_addr;
proxy_intercept_errors on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
I have an Nginx proxy server that proxy passes to a variety of backend servers. I have been asked to set up a proxy pass to an Nginx WordPress server that I have no control over.
The issue is: the URL that we're listening on is www.customerdomain.com, but the WordPress server listens on someinternaldomain.host.com.
Is there a way to pass a different host header to the WordPress server without screwing up the www.customerdomain.com in the browser address bar?
My sample config below:
server {
listen *:443 ssl;
server_name www.customerdomain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/somecert.crt;
ssl_certificate_key /etc/nginx/ssl/somecert.key;
include includes/ssl.conf;
index index.html index.htm index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass https://wordpress-upstream;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
}
}
In have the following config file for a nginx server:
server {
listen 80;
root /path/to/public;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.0;
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
This works fine when I access the service using the browser or curl, but isn't working when I try to access from a POS device, the target client for this application. The device access shows up in the access.log file, but not reaches the application (built in rails) and returns http code 400. How I can debug why nginx isn't fowarding requests for the application?