I have a problem with adding some new routes to the current proxy which I have on the server .
The current file is located on :
/etc/nginx/sites-enabled/proxy_nginx
with this content :
# proxy cache
proxy_cache_path /tmp/cache keys_zone=cache:10m levels=1:2 inactive=600s max_size=100m;
# redirect all HTTP to HTTPS
server {
listen 80 default_server;
return 301 https://$host$request_uri;
}
server {
return 301 https://$host$request_uri;
server_name www.api.mysite.org; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.mysite.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.mysite.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.api.mysite.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name www.api.mysite.org;
return 404; # managed by Certbot
}
Now I need to add these lines into it but I'm confused where to put them :
server {
listen 80 default backlog=16384;
listen [::]:80 default backlog=16384;
location /route1{
proxy_set_header Host decide.externalURL.com;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://z.externalURL.com/route1;
}
location /route2 {
proxy_set_header Host api.externalURL.com;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://api.externalURL.com/route2;
}
I know that I shouldn't have a duplicate default-server because I wasn't able to add the above lines into my default nginx.conf file.
So the question is how to mix these lines into the /etc/nginx/sites-enabled/proxy_nginx file.
Related
I am trying to reverse proxy a wordpress containerized app. I've turned off the proxy of cloudflare and make them act as DNS only. here is my nginx conf file:
server {
root /var/www/html;
listen 443 ssl;
listen [::]:443 ssl;
server_name [redacted].us www.[redacted].us;
location / {
proxy_pass http://127.0.0.1:81/;
proxy_redirect off;
#proxy_set_header Host localhost:81;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/[redacted].us/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[redacted].us/privkey.pem;
# managed by Certbot
}
server {
if ($host = www.[redacted].us) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = [redacted].us) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
#listen [::]:80;
server_name [redacted].us www.[redacted].us;
return 404; # managed by Certbot
}
If proxy set header is change to the one that is commented the infinite redirect is resolve but every link inside is broken. I use certbot to auto renew the ssl certificate and I believe i leaving the default configuration file as default. Any work around because I can't even open the Admin panel yet to see how wordpress handle the request
I configured Nginx as a reverse proxy for a front-end application. The front-end takes an endpoint URL via a .env file. when I change the endpoint's value which is a URL on the .env, Nginx still picks the old value even after restarting Nginx
my Nginx config
upstream App{
ip_hash;
server localhost:3050;
}
server {
server_name app.com www.app.com ;
root /var/www/App;
access_log /var/log/nginx/app-access.log;
error_log /var/log/nginx/app-error.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
location / {
proxy_pass http://App/;
}
location /socket.io/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://App/socket.io/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.app.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = app.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name app.com www.app.com ;
return 404; # managed by Certbot
}
My new website's address is foo.pro, when I go my old website bar.pro, it shows the content of the new foo.pro as expected but the URL remains bar.pro.
How to replace bar.pro by foo.pro in my Nginx configuration below ?
upstream foo_upstream {
server 127.0.0.1:3003;
keepalive 64;
}
server {
server_name www.foo.pro;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://foo_upstream;
proxy_redirect off;
proxy_read_timeout 240s;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.foo.pro/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.foo.pro/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.foo.pro) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.foo.pro;
return 404; # managed by Certbot
}
server {
listen 80;
server_name foo.pro;
return 301 https://www.foo.pro;
}
=== EDIT ===
I tried to add this directive in my conf:
server {
listen 80;
server_name bar.pro;
return 301 https://foo.pro;
}
But it's still not renaming the URL to foo.pro.
I am trying to configure Nginx as reverse proxy keeping Uvicorn behind it.
When I try to access "example.com", it returns the home page but gives 404 for all static files.
When I try to access any other endpoint like "example.com/blog", it returns "404 not found" page.
Here is the Nginx config:
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream uvicorn {
server unix:/tmp/uvicorn.sock;
}
What changes should I do to make it work?
As per the suggestion given by #richard-smith in the comment, I tried commenting out this line
location / {
#try_files $uri $uri/ =404; <-- here
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
and it worked fine. It is now able to serve all the endpoints.
I have a website which performs proxy pass and I want to block some sub path access and not sure how can I do this. Following is the nginx conf file snippet:
server {
root /usr/share/nginx/html;
server_name testnginx.com www.testnginx.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testnginx.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testnginx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~* /ng\/f\?p {
return 404;
}
location / {
rewrite ^/$ /ng/testnginx/r/100/home permanent;
}
location /ng/ {
proxy_pass https://127.0.0.1:2000/ng/;
# set Origin to blank to avoid Chrome problems with CORS
proxy_set_header Origin "" ;
# pass along some header variables with the public host name/port/and so on
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I want to redirect all the subpath such as /ng/f?p to /ng/testnginx/r/100/home but it is not working for me.