I need your help for a strange problem :)
I have Geoserver on my server :
it is a standalone daemon (not a WAR deployed in Tomcat)
it is listening on 127.0.0.1:8280
I have a PROXY_BASE_URL configured like this: https://geoserver.example.com/geoserver
the option "Use headers for Proxy URL" is checked at this moment but I tried by unchecking it
I have a Nginx in front of Geoserver to manage the SSL offloading.
The vhost is :
upstream backend-geoserver {
server 127.0.0.1:8280 weight=10 max_fails=3 fail_timeout=15s;
}
server {
server_name geoserver.example.com;
listen 443 ssl;
include snippets/ssl.conf;
access_log /var/log/nginx/access-geoserver.log;
error_log /var/log/nginx/error-geoserver.log;
location / {
rewrite ^ /geoserver;
}
location /geoserver {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://backend-geoserver/geoserver;
}
}
When I reach my server on https://geoserver.example.com it works: I see the home page of Geoserver
Important detail : the port 80 is closed and I can't open it myself: the Nginx server can only answer on 443
When I try to login, I have a connection timeout after X seconds and, at this moment, the URL in my browser (Firefox) is HTTP://geoserver.example.com/geoserver/ <--- please note the protocol is HTTP not HTTPS
If I replace http:// with https:// and press Enter: I reach the page
If I click on a link in Geoserver, same behavior: it switches on http:// and I have to force the URL manually.
Is anyone has an idea please ?!
Thank you very much :)
You really should have to get that port 80 open and configure nginx to redirect unsecure traffic over to https://
Related
I use nginx for reverse proxy with domain name. I've some application publish on IIS and i want to proxy different location name for each application.
For example;
Domain name on nginx :
example.com.tr
application end points for app:
1.1.1.1:10
1.1.1.2:10
upstream for app in nginx.conf:
upstream app_1 {
least_conn;
server 1.1.1.1:10;
server 1.1.1.2:10;
}
server {
listen 443 ssl;
server_name example.com.tr;
proxy_set_header X-Forwarded-Port 443;
ssl_certificate /etc/cert.crt;
ssl_certificate_key /etc/cert.key;
location /app_1/ {
proxy_pass http://app_1/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-REAL-SCHEME $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /etc/nginx/log/access.log;
error_log /etc/nginx/log/error.log;
}
}
When I try to access example.com.tr/app_1/ , I can access application but not all data.
I inspected this site and so many requests of application were failed.
All requests sended to example.com.tr/uri instead of example.com.tr/app_1/uri. How can I fix this ?
thanks,
You need a transparent path proxy setup. Means NGINX should use the requested URI without removing the matched location from it.
proxy_pass http://app_1;
Remove the tailing slash to tell NGINX not to do so. Using an upstream definition is great but make sure you apply keepalive.
English is not my native language, so I use a translator. My questions may be a little difficult to understand, I hope you can understand.
I want to access B.com, but B.com is blocked and I can't access it directly. So I set up a reverse proxy server.
A.com points to my reverse proxy server, while B.com points to the source server.
My reverse proxy server is configured like this.
server
{
listen 80;
listen 443 ssl http2;
server_name A.com;
location /
{
proxy_pass https://B.com;
proxy_set_header Host B.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
*other configurations*
}
However, some of the resources on the page are from www.B.com and are also blocked. So I added the following configuration.
sub_filter "B.com" "A.com";
sub_filter_types *;
sub_filter_once off;
proxy_set_header Accept-Encoding "";
This successfully replaced most of the content, but some of it did not. What should I do? Please help me ;(
I have a CentOS 7 server and nginx running. If I start my next.js app on port 3000 and go to the ip address I see a welcome to nginx page. But If I go to ip_address:3000 I see my actual website.
If I type my server's ip address to chrome xxx.x.xxx.xx I see welcome to nginx page
If I type my server's ip address and my application's port xxx.x.xxx.xx:3000 I see my actual website.
my /etc/nginx/sites-available/default file
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain.com.tr www.mydomain.com.tr;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
After I modify my configuration file I type sudo service nginx restart to apply changes. But nothing changes. How can I access my website with only IP address?
I might be wrong but if you use the server_name directive with only the two domains, you are not able to access the website using the server's ip because it's not matching and therefore the proxy_pass is not used.
You can still access your app using the 3000 port because you don't use the 3000 port in your nginx config.
I have a godaddy A record pointing to my Digital Ocean IP address.
Here's the nginx configuration.
server {
listen 80 default_server;
server_name domain.com www.domain.com;
location / {
proxy_pass 'http://127.0.0.1:3004';
}
}
When I type in the domain.com it goes to the server, but the address bar shows the IP address.
How can it show the domain name?
It's most probably a redirection from proxy_pass. I'm not sure what you are running at backend but you could try to pass hostname.
proxy_set_header Host $host;
Add this line after proxy_pass to tell backend which domain is in the request headers.
The redirection to the IP address is most likely done by your backend in the proxy_pass.
You could try to add some header to help the backend understand the context of the request.
I would recommend as a starter the following configuration :
server {
listen 80 default_server;
server_name domain.com www.domain.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
location / {
proxy_pass 'http://127.0.0.1:3004';
}
}
If using Node.JS, you might need the following line as well :
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
Please also check the configuration of your backend. You may need to setup the access URL, context path, etc.
I want to use reverse proxy with nginx to redirect/translate IP and port to some other IP and port. I was able to do that using the following code snippet inside http block of nginx.conf:
server {
listen 80;
server_name 13.88.1.1;
location / {
proxy_pass http://13.68.1.1:8888/;
index index.html index.htm;
} # end location
} # end server
Now the problem is that this is only usable for http requests. I have a scenario where I need to run an executable like 'uw.exe 13.88.1.1:80'. This is getting translated to 'uw.exe http://13.68.1.1:8888' but I want it to get translated to 'uw.exe 13.68.1.1:8888'. That is without the http because my app won't work with http. Does anybody know any simple solution to do that, preferably with nginx itself?
Update: This is no longer needed and cannot test it anymore. Thanks guys for chiming in. :)
Try this nginx configuration:
server {
listen 80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection '';
proxy_redirect off;
proxy_pass http://13.88.1.1:8888/;
}
}