I set up two upstream servers as failover in my nginx
upstream backend {
server 10.0.0.10 fail_timeout=48h max_fails=1;
server 10.0.0.20 backup;
keepalive 25;
}
server {
listen 80;
server_name _;
client_body_buffer_size 500M;
client_max_body_size 500M;
location / {
proxy_http_version 1.1;
proxy_pass http://backend;
proxy_next_upstream timeout invalid_header http_500 http_403;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "";
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
From what I understand the main server works until it becomes unavailable. If it is not available, the backup server will be used. The main server will be used only after 48h according to the configuration. So much for theory.
Everything was fine until the main server was unavailable for a few seconds. Unfortunately, according to logs, backup is used but sometimes the main as well.
I'll try to modify fail_timeout and max_fails variables but no luck.
Ideally, after switching to backup, all requests would be executed there. Only after the time set in fail_timeout elapsed, it returned to the main server.
The process performed by the my API is multi-stage and must be started and completed on the same server.
Related
Okay so I've set up a nginx server that proxies to another 2 servers with load balancing. The only thing now missing are the cookies.
I've been searching numerous forums and questions regarding the rewriting of cookies. Can anyone please give me insight as to how to fix this issue?
The web application deployed to the 2 servers are written with Vaadin.
The 2 servers are running TomEE on port 8080 and 8081 for example.
I'm rewriting through nginx from easy.io to server1:8080 and server2:8080.
Refer to image below: when navigating to server1:8080/myapplication all my cookies are available.
https://ibb.co/X86pvCq
https://ibb.co/0M0GjCt
Refer to image below: when navigating to http://worksvdnui.io/ my cookies are not available.
https://ibb.co/qBkBRqb
I've tried using proxy_cookie_path, proxy_set_header Cookie $http_cookie but to no avail.
Here's the code:
upstream worksvdnuiio {
# ip_hash; sticky sessions!
ip_hash;
# server localhost:8080;
server hades:9090;
server loki:9090;
}
server {
listen 80;
listen [::]:80;
server_name worksvdnui.io;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /PUSH {
proxy_pass "http://worksvdnuiio/test.qa.gen/PUSH";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 84600s;
proxy_send_timeout 84600s;
break;
}
location / {
proxy_pass "http://worksvdnuiio/test.qa.gen/";
proxy_cookie_path /test.qa.gen/ /;
proxy_set_header Cookie $http_cookie;
proxy_pass_request_headers on;
}
}
Any insight would be VALUABLE!
Thanks in advance.
I am trying to route requests such that those requiring websockets will route to a long-lived nginx process, and all others will go to the general reverse-proxy which handles all other traffic. These nginx processes exist in our AWS cloud behind an ELB that has been configured to use Proxy Protocol. Note that all of this works correctly with our current setup which uses only one nginx process that is configured to use proxy_protocol.
The change to this setup is as follows:
The first nginx server handling all ingress uses proxy_protocol and forwards requests to either the websocket or non-websocket nginx servers locally:
server {
listen 8080 proxy_protocol;
real_ip_header proxy_protocol;
charset utf-8;
client_max_body_size 20M;
#send to websocket process
location /client {
proxy_pass http://localhost:8084;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Proxy-Scheme $scheme;
proxy_set_header X-Proxy-Port $proxy_port;
proxy_set_header X-ELB-Proxy-Scheme "https";
proxy_set_header X-ELB-Proxy-Port "443";
# Always support web socket connection upgrades
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#send to non-websocket process
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Proxy-Scheme $scheme;
proxy_set_header X-Proxy-Port $proxy_port;
proxy_set_header X-ELB-Proxy-Scheme "https";
proxy_set_header X-ELB-Proxy-Port "443";
# Always support web socket connection upgrades
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
When any non-websocket request is sent to localhost:8082, I get an empty reply. If I remove proxy_protocol from the first server, I get a response as expected. Obviously, I need proxy_protocol to support the ingress from our ELB, so removing it is not an option. However, I would like to know what pieces I am missing to route traffic correctly -- and I would also like to know why proxying a request locally from a proxy_protocol enabled server to another nginx process (regardless of this second process using proxy_protocol or not) fails.
For reference, the basic configuration of this secondary nginx process is below:
upstream console {
server localhost:3000 max_fails=3 fail_timeout=60 weight=1;
}
server {
listen 8082;
client_max_body_size 20M;
location /console {
proxy_pass http://console
}
.
.
.
}
Turns out the non-websocket proxy block should not set the various proxy and upgrade headers:
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
}
I'm using node,socket.io,nginx for socket connections for a http based simple application. below is my nginx.conf where i configured the websockets, my socket io is present in socket/socket.io. Strange thing is that the same config works perfectly when I run the node application in localhost and nginx with port 80. Not sure why it is failing in linux which real IP addresses.
http {
upstream io_nodes {
ip_hash;
server IP:PORT; --> My application's IP and port
server IP:PORT;
}
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 1000;
# HTTP Server
server {
listen 80;
server_name IP;
server_tokens off;
#proxy_ssl_verify off;
# prevents 502 bad gateway error
large_client_header_buffers 8 32k;
location /dummy/ {
root html;
index dummy/index.html;
}
location /socket/socket.io {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_pass http://io_nodes/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
#location /socket.io/ {
# proxy_pass http://io_nodes/socket.io/;
#}
location /assistlog/socket.io {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_pass http://10.73.52.187:4444/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
}
and this is the console error in chrome
WebSocket connection to 'ws://IP/socket/socket.io/?pathName=%2FDEMOUI%2Findex.html&EIO=3&transport=websocket' failed: Error during WebSocket handshake: Unexpected response code: 502
Please suggest a solution.
Check list:
First check whether your browser is supporting web sockets using https://websocket.org/echo.html
Then, if you are under organisation proxy, then you need to by pass proxy for local addresses.
Let us say, your organisation proxy IP is some x.x.x.x. You need to by pass some addresses(from the application where you need wss/ws connecctions) to NOT to use your org proxy.
Example in Mac, Chrome: Settings, search for proxy, and there you can see "bypass proxy settings for these hosts&domains". Add your application IP there
I have a simple HTTP server written in Go.
In development It works fine but for production, where this server has to handle 100 requests at a time I need a proper web server like nginx.
How can I put it behind nginx?
I'm guessing you need a simple reverse proxy config.
Lets say your go http server is listening on http://example.com:8080 :
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://example.com:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
I need to resolve some Cross Domain Policy issues for our team's project setup (Converse.js,
XMPP, BOSH, ...) by setting up a nginx reverse proxy configuration.
I want to archieve exactly these bindings:
nginx to local gunicorn HTTP server
http://my.nginx.server.com/ should proxy http://localhost:8000/
nginx to remote HTTP-server for BOSH
http://my.nginx.server.com/http-bind should proxy http://some.very.remote.server:5280/http-bind
Currently, only the first binding works. The second one doesn't. nginx delivers every request to the local gunicorn HTTP server and not to the remote server.
This is my nginx.conf:
...
server {
listen 80;
server_name localhost;
# Reverse proxy for remote HTTP server
location ~ ^/http-bind/ {
proxy_pass http://some.very.remote.server:5280;
}
# Reverse proxy for local gunicorn HTTP server
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://$server_name http://$server_name:8000;
}
...
}
I have found this working configuration:
location /http-bind {
proxy_pass http://sapbot.mo.sap.corp:5280/http-bind;
proxy_set_header Host $host;
proxy_buffering off;
tcp_nodelay on;
}
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://$server_name http://$server_name:8000;
}