I have kartoza/geoserver that I start with this docker-compose:
version: "3.9"
services:
geoserver:
image: kartoza/geoserver
environment:
- GEOSERVER_ADMIN_USER
- GEOSERVER_ADMIN_PASSWORD
- GEOSERVER_CSRF_DISABLED=true
- JAVA_OPTS
#- PROXY_BASE_URL
running behind Nginx with these configurations:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name geos.mydomain.com;
ssl_certificate /etc/nginx/ssl/cert/geoserver/geoserver.crt;
ssl_certificate_key /etc/nginx/ssl/cert/geoserver/geoserver.rsa;
location /geoserver/ {
proxy_pass http://geoserver:8080/geoserver/;
proxy_pass_header Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I can see the geoserver page:
But when I try to login it fails:
Why? How can I solve it?
As mazano said:
Looks like you are running with HTTPS so you need to set the following env variables
HTTP_PROXY_NAME=foo.org HTTP_SCHEME=https
after setting these variables everything works fine!
Related
I am currently developing a web study for my research using Strapi for my backend on a virtual machine. Although all have been running smoothly, now that I am going for full deployment, I ran into a minor issue that I cannot seem to get my head around.
The frontend is already online, running on Nginx (v.1.18.0) For security and best practice, I generated an SSL certificate for my domain and rerouted all HTTP requests to HTTPS which worked fine.
However, Strapi is still running on localhost:1337 without HTTPS, understandably causing for browsers to refuse to connect. In response to that, I followed Strapi's documentation to set up a proxy (Nginx Proxying) but when trying to curl the proxy, I get an unresolved host error.
I am quite new to Ngnix and Strapi. When I test nginx -t, it responses successfully. Yet, the proxy is not working.
Below, my files:
My ./config/env/production/server.js is still quite basic and looks as follows:
module.exports = ({ env }) => ({
host: env('HOST', '127.0.0.1'),
port: env.int('PORT', 1337),
url: 'https://api.my-domain.com',
app: {
keys: env.array('APP_KEYS'),
},
});
/etc/nginx/conf.d/upstream.conf
# Strapi server
upstream strapi {
server 127.0.0.1:1337;
}
My /etc/nginx/sites-available/strapi.conf (within location, i added the return 200 'OK' for testing..)
server {
# Listen HTTP
listen 80;
server_name api.my-domain.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
# Listen HTTPS
listen 443 ssl;
server_name api.my-domain.com;
# SSL config
ssl_certificate path/to/certificate/fullchain.pem
ssl_certificate_key path/to/certificate/privkey.pem
# Proxy Config
location / {
proxy_pass http://strapi/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
return 200 "OK";
}
}
I changed the default domain to a custom file - gonna keep calling it default here thoguh:
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
root /var/www/my-domain/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name my-domain.com www.my-domain.com;
location / {
# First attempt to serve request as file, then
try_files $uri $uri/ =404;
}
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
root /var/www/my-domain.com/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name my-domain.com; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
ssl_certificate path/to/certificate/fullchain.pem
ssl_certificate_key path/to/certificate/privkey.pem
}
Thanks in advance!
Strapi Version: 4.4.3
Operating System: Ubuntu 20.04.5 LTS
Database: MySQL
Node Version: v18.10.0
NPM Version: 8.19.2
Yarn Version: 1.22.19
Turns out, following multiple guides can quickly turn any Nginx config into a mess. I went through it all and cleaned my files. The resulting one works like a charm:
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-params.conf;
ssl_certificate /etc/letsencrypt/live/certificate/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/certificate/privkey.pem;
root /var/www/my-domain/html;
index index.html index.htm index.nginx-debian.html;
server_name my-domain.com www.my-domain.de;
# Proxy Config
location /strapi/ {
rewrite ^/strapi/?(.*)$ /$1 break;
proxy_pass http://strapi/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
return 200 "OK";
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
This is my Nginx config
server {
server_name subdomain.mydomain.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/subdomain.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.mydomain.com/privkey.pem; # managed by Certbot
index index.html index.htm;
location / {
proxy_pass http://localhost:3000/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
When I type subdomain.mydomain.com everything works as expected and i can see grafana (which is hosted on that server)
What I want is to type in subdomain.mydomain.com/mysite and access the website, that is hosted in /var/www/html
What do I need to alter in my config to archive that?
Thanks
I'm trying to find an solution for following problem:
I have an backend working on http://localhost:8080/api.
I want to expose this backend via NGINX.
The backend does not support HTTP but I need to pass the link with HTTPS to OAuth working on it.
So I have two solutions:
Have HTTPS server in NGINX and proxy for location to /api
Redirect from HTTPS URL to HTTP.
Unfortunately, noone of these is working.
I tried
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
location /api {
proxy_pass http://localhost:8080/api;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include /etc/nginx/snippets/self-signed.conf;
include /etc/nginx/snippets/ssl-params.conf;
server_name example.com;
return 301 http://$server_name$request_uri;
}
and
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name 149.156.43.57/p22;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location /api {
proxy_pass http://localhost:8080/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
Setup: Ubuntu 18.04 Nginx Apache Varnish PHP Server
Nginx handles the traffic in the first place.
I have two domains pointing to the same server.
The first Domain works correct, the second one only redirects to the first one.
What is wrong with my configs?
First config which works fine
(Here the nginx works as an reverse proxy for the varnish and Apache.)
upstream varnish {
server 127.0.0.1:6081;
}
upstream apache {
server 127.0.0.1:8080;
}
server {
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 default_server;
server_name domain1.com;
include inc/acme-challenge.conf;
location / {
return 301 https://domain1.com$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
#client_max_body_size 120M;
server_name domain1.com;
location /wp-content/uploads {
alias /var/www/website/wp-content/uploads;
include inc/gzip.conf;
include inc/browser-cache.conf;
}
error_page 502 /502.html;
location = /502.html {
alias /var/www/website/502.html;
}
location / {
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
location ^~ /phpmyadmin {
allow 45.77.141.32; #qundg
allow 87.191.170.222; #qundg
deny all;
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
}
And here ist the second config (this one does not work)
The Domain should only be managed by the nginx without the Apache or Varnish service.
server {
listen 80;
listen [::]:80;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Here ist the default config
server {
server_name _;
listen *:80 default_server deferred;
error_log /var/log/nginx/default_server_error.log;
return 444;
}
You're using a wildcard in the second DNS name, that should be something that's not recognized in your certificate.
To get a wildcard you could follow instruction here https://medium.com/#saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7
I have few case in which I have more than 1 DNS pointing to the same website and for those I created different nginx configuration files, and applied for each che certbot authentication. I noticed that using 3rd level dns (something.mysyte.com) in the same config file brouth certbot to override certificates when I had more than 1.
In your specific case you have 2 dns name in the second configuration and one has a wildcard. If you try to remove the dns with the wildcard and reinstall certificates it should work. You can then setup a new block with each 3rd level domain and get certificate for each one, or follow the guide to get the wildcard certificate.
How do i get nginx to serve assets adjacent to index.html when using proxy_pass?
Context: I have a github repository that serves up content using github pages. When serving from a repository, GHP requires a url path that matches the repository name
rightisleft.github.io/repo_name/
Currently index.html and all subdirectories are working as expected. Loading assets from (css/*, images/*) return 200s.
However, assets like robots.txt and other files in the repository root return 404s.
Here's my domain .conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
location / {
proxy_set_header Host rightisleft.github.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://rightisleft.github.io/redacted/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name www.redacted.com,redacted.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://www.redacted.com$request_uri;
}
}
# subdomains redirect
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
return 301 https://www.redacted.com$request_uri;
}
EDIT
Nginx is used for certificate management to tie together a few different micro services.
Try this as it might work (if your css/assets are in github repo pages) and you do not need to setup many redirect unless you have a lot of domains/subdomains and I have also set redacted.com to server_name:
server {
listen 80 http2;
listen [::]:80 http2;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name redacted.com www.redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://rightisleft.github.io/redacted$request_uri;
proxy_buffering off;
proxy_redirect default; #or off
proxy_intercept_errors on;
# allow GitHub to pass caching headers instead of using your own
expires off;
}
}