I want to use Pocketbase behind Ngnix as a reverse proxy on my Ubuntu-VPS. I followed the documentation on https://pocketbase.io/docs/going-to-production/.
I wanted to put pocketbase to /api/. When i try to connect to the pocketbase admin panel the browser shows some 404 and a ContentSecurityPolicy Error. It looks like this:
It also seems to be that some HTML is loaded from Pocketbase.
This is my current ngnix config (i replaced my domain with test.com)
server {
listen 80;
listen 443 ssl;
server_name test.com;
ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem;
location / {
try_files $uri $uri/ /index.html;
root /var/www/html;
index index.html;
}
location /api/ {
# check http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
proxy_set_header Connection '';
proxy_http_version 1.1;
proxy_read_timeout 360s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8090;
}
}
Pocketbase is started with the default localhost settings on the VPS.
I can even access pocketbase over http://127.0.0.1:8090/api/ when i'm connected via SSH in VS Code and see the requests in the log. (i am surprised that this is even possible. At first i tought i had pocketbase running on my local machine but when i killed the backend on my vps i couldn't access it anymore)
I hope that somebody can help me out as i can't find much about this in the internet.
Problem solved. It works when append a / to the address at the proxy_pass directive
proxy_pass http://127.0.0.1:8090/;
Related
I installed Appwrite on an debian-server.
The https-port for Appwrite is 444 (443 was already used). Nginx redirects my subdomain to this port.
I have a custom SSL-certificate which is working for this domain and subdomains. I can open the appwrite via the subdomain but when I click "Sign Up" to create a root account for appwrite, I get the following Error:
Invalid Origin. Register your new client (appwrite.domain.de) as a
new Web platform on your project console dashboard
First I thought I have to set proxy_set_header Host $host; in the server-config, but then I am not able to open Appwrite... instead I get the Error
{"message":"Error: Server Error","code":500,"version":"1.0.1"}
Does someone has another idea or already fixed the same problem?
This is my Server-configuration in Nginx:
server {
server_name appwrite.domain.de;
location / {
proxy_pass https://localhost:444;
}
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
}
server {
listen 80;
server_name domain.de
www.domain.de
;
return 301 https://$host$request_uri;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name domain.de
www.domain.de
;
location / {
try_files $uri $uri/ =404;
}
Thanks for the help ;)
You're right, you need to include the proxy_set_header Host $host; directive. You might also want to include the following under server:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
and the following under location:
add_header X-Served-By $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port$request_uri;
If you're seeing a 500 error, it would be best to check the docker logs for the appwrite container to see what the problem is.
On a side note, if you're looking for an easier way to manage Nginx, I highly recommend Nginx Proxy Manager (NPM). I use NPM in front of my Appwrite.
My website is only accessible on a certain ip address so i only can have access to it if i'm in that machine or a connection towards it
I tried adding Nginx allow all to the config but it's still not working
server {
listen 80;
server_name domain;
#Specify a charset
charset utf-8;
location /api {
satisfy any;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.226.264:8080;
proxy_read_timeout 90;
allow all;
}
location / {
root /Users/administrator/Documents
try_files $uri /index.html;
}
}
I get this :
This site can’t be reached.
domain’s server IP address could not be found
What do i need to add to make the website accessible by all ip addresses
Try whether you domain is getting resolved using "whois" command from the terminal where you have installed the nginx server :
whois domainname
You have mentioned a "server_name domain" , is that domain resolvable from your terminal ?
I want to use reverse proxy with nginx to redirect/translate IP and port to some other IP and port. I was able to do that using the following code snippet inside http block of nginx.conf:
server {
listen 80;
server_name 13.88.1.1;
location / {
proxy_pass http://13.68.1.1:8888/;
index index.html index.htm;
} # end location
} # end server
Now the problem is that this is only usable for http requests. I have a scenario where I need to run an executable like 'uw.exe 13.88.1.1:80'. This is getting translated to 'uw.exe http://13.68.1.1:8888' but I want it to get translated to 'uw.exe 13.68.1.1:8888'. That is without the http because my app won't work with http. Does anybody know any simple solution to do that, preferably with nginx itself?
Update: This is no longer needed and cannot test it anymore. Thanks guys for chiming in. :)
Try this nginx configuration:
server {
listen 80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection '';
proxy_redirect off;
proxy_pass http://13.88.1.1:8888/;
}
}
I have a nginx reverse proxy setup for apache wordpress which works fine. However based on location need to redirect to an external url which fails. Please check the below config. Is this a valid setup ?
https://platform.com/ - this works - also any subsequent wp pages also works
https://platform.com/pen - this needs to redirect to https://abcdef.com - this doesn't work - 404 page load error Any help ?
server {
listen 443 ssl default_server;
listen [::]:443 default_server;
server_name platform.com;
server_tokens off;
root /var/www/html/def/public/;
index index.php;
ssl on;
ssl_certificate /tmp/fgh.crt;
ssl_certificate_key /tmp/fgh.pem;
access_log /var/log/nginx/access2.log;
error_log /var/log/nginx/error2.log;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri #apache;
}
location #apache {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~[^?]*/$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location /pen {
proxy_pass https://abcdef.com;
}
}
After changing the server name (wordpress site) from http prefix to www prefix, proxy pass re directions worked. Had to redirect all http https server blocks to www server block in nginx config
What you are doing is a proxy_pass to https://abcdef.com , not a redirect. if you meant a redirect the code is :
location /pen {
return 301 https://abcdef.com;
}
If it's not a definitive redirect, use 302 instead of 301, so is not cached (for tests is much better).
The reason the 404 is given is because you are accessing the https://abcdef.com with a request with the host/url https://platform.com/pen
If the destiny server is not prepared to recive this whole url, it returns 404, as /pen is not found.
I am trying to use nginx to reverse proxy through two proxies I have a server that handles all https traffic and a separate server runs Confluence and Jira. I have the first nginx proxy configured like
ssl on;
ssl_certificate /etc/letsencrypt/live/mydomain.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
access_log /var/log/nginx/nginx.mydomain.com.access.log;
error_log /var/log/nginx/nginx.mydomain.com.error.log;
server_name mydomain.com www.mydomain.com;
root /var/www/mydomain.com/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://jira.home.mydomain.com;
}
The second nginx proxy is configured as
listen jira.home.mydomain.com:80;
server_name jira.home.mydomain.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
If I go to the second proxy directly JIRA works fine. But trying to go from external to Jira(through the first and second proxy) it doesn't load the css or images.
I am trying to use mydomain.com/JIRA to access JIRA at jira.home.mydomain.com
What am I doing wrong?
As per the official troubleshooting guide, try disabling gzip on nginx since the traffic is already encoded.
Worked for me on jira + ssl + nginx reverse proxy
Seeing other posts the following line may cause the issue:
try_files $uri $uri/ =404;