I want to configure nginx on my ubuntu 20 for the main domain and subdomain.
server {
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl ipv6only=on ;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/maindomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maindomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host =maindomain) {
return 301 https://$host$request_uri;
}
listen 80 ;
listen [::]:80 ;
server_name maindomain.com
return 404;
}
And this domain works, but I want to launch another subdomain here, and here I already ran into a lot of problems (including cerbor 443 port, etc.) .
Both projects are located in the folder home/webdev/main domain and home/webdav/subdomain. Both projects are on next js . The database of the first project and the decker hung on port 3000, 5432:5432 and 8080:8080. Subdomain 3001 is the port I want , "5433:5433" and 8081:8081. I 'm new to nginx , tried it like this.
server {
location /subdomain {
root home/webDev;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Or
server {
# Binds the TCP port 80.
listen 81;
# Defines the domain or subdomain name.
# If no server_name is defined in a server block then
# Nginx uses the 'empty' name
server_name maindomain/subdomain.com;
# Redirect the traffic to the corresponding
# HTTPS server block with status code 301
return 301 https://$host$request_uri;
}
Related
I am currently developing a web study for my research using Strapi for my backend on a virtual machine. Although all have been running smoothly, now that I am going for full deployment, I ran into a minor issue that I cannot seem to get my head around.
The frontend is already online, running on Nginx (v.1.18.0) For security and best practice, I generated an SSL certificate for my domain and rerouted all HTTP requests to HTTPS which worked fine.
However, Strapi is still running on localhost:1337 without HTTPS, understandably causing for browsers to refuse to connect. In response to that, I followed Strapi's documentation to set up a proxy (Nginx Proxying) but when trying to curl the proxy, I get an unresolved host error.
I am quite new to Ngnix and Strapi. When I test nginx -t, it responses successfully. Yet, the proxy is not working.
Below, my files:
My ./config/env/production/server.js is still quite basic and looks as follows:
module.exports = ({ env }) => ({
host: env('HOST', '127.0.0.1'),
port: env.int('PORT', 1337),
url: 'https://api.my-domain.com',
app: {
keys: env.array('APP_KEYS'),
},
});
/etc/nginx/conf.d/upstream.conf
# Strapi server
upstream strapi {
server 127.0.0.1:1337;
}
My /etc/nginx/sites-available/strapi.conf (within location, i added the return 200 'OK' for testing..)
server {
# Listen HTTP
listen 80;
server_name api.my-domain.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
# Listen HTTPS
listen 443 ssl;
server_name api.my-domain.com;
# SSL config
ssl_certificate path/to/certificate/fullchain.pem
ssl_certificate_key path/to/certificate/privkey.pem
# Proxy Config
location / {
proxy_pass http://strapi/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
return 200 "OK";
}
}
I changed the default domain to a custom file - gonna keep calling it default here thoguh:
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
root /var/www/my-domain/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name my-domain.com www.my-domain.com;
location / {
# First attempt to serve request as file, then
try_files $uri $uri/ =404;
}
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
root /var/www/my-domain.com/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name my-domain.com; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
ssl_certificate path/to/certificate/fullchain.pem
ssl_certificate_key path/to/certificate/privkey.pem
}
Thanks in advance!
Strapi Version: 4.4.3
Operating System: Ubuntu 20.04.5 LTS
Database: MySQL
Node Version: v18.10.0
NPM Version: 8.19.2
Yarn Version: 1.22.19
Turns out, following multiple guides can quickly turn any Nginx config into a mess. I went through it all and cleaned my files. The resulting one works like a charm:
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-params.conf;
ssl_certificate /etc/letsencrypt/live/certificate/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/certificate/privkey.pem;
root /var/www/my-domain/html;
index index.html index.htm index.nginx-debian.html;
server_name my-domain.com www.my-domain.de;
# Proxy Config
location /strapi/ {
rewrite ^/strapi/?(.*)$ /$1 break;
proxy_pass http://strapi/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
return 200 "OK";
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
I've read similar questions with same error, but nothing matches my problem, because my upstream servers have local IPs.
The server is a proxmox machine with some different vms.
One is for nginx reverse gateway/proxy, the other are vms with several docker containers.
I want to setup a fallback (backup) for one container.
The config of the nginx reverse gateway/proxy containing these machines is:
server {
listen 80;
server_name my-web.page;
return 301 http://www.my-web.page$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name www.my-web.page;
location / {
return 301 https://www.my-web.page$request_uri;
}
}
server {
listen 443 ssl;
server_name my-web.page;
return 301 https://www.my-web.page$request_uri;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
}
upstream backend {
server 192.168.200.210:8030 max_fails=1 fail_timeout=600s;
server 192.168.200.211:8031 backup;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
server_name www.my-web.page;
location ~ ^/$ {
# rewrite only the root page, other urls see next rule
return 301 https://www.my-web-page-microsite.de/;
}
location / {
resolver 127.0.0.1 valid=30s;
# pass to backend-client, failover to second container for the next 5 minutes
proxy_pass http://backend;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Server-Address $server_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
If something is wrong with my backend-client-servers, nginx won't start.
Isn't there a possibilty to override the check on starting/restarting nginx?
I am trying configuring nginx (based on bitname/nginx:latest) as equivalent of Synology reverse proxy. This is due to missing wild-card redirect at Synology. While doing so, I face many issues; therfore I am requesting help for proper nginx configuration.
requirements
HTTPS upgrade
Redirect any wild-card subdomain (443) to a port 30'000
Hide the redirect port from user visibility
WebSockets must be supported (At Synology following header: Upgrade $http_upgrade AND Connection $connection_upgrade)
Example
Browser calls http://app1.my-example.com/
re-direct to https://app1.my-example.com:30000/
Browser displays: https://app1.my-example.com/, resolving via Port 30000
Current Code (not working so far)
# Test
server {
listen 8080;
server_name ~^(.*)\.my\-example.com$;
access_log /opt/bitnami/nginx/logs/yourapp_access.log;
error_log /opt/bitnami/nginx/logs/yourapp_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://$host:30000$request_uri/;
proxy_redirect off;
}
}
# Catch malicious requests
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
return 444;
}
I was able to solve my issue and would like to share the results. The only thing I do not get is, why redirect.my-example is OK as proxy_pass. It would hit the very same route (probably an endless-loop). Feedback/Improvement would be apreciated!
# custom code for hop by hop headers
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upgrade connection
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# Redirect Subdomains (incl. Web-Socket)
server {
listen 8443 ssl;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name my-example.de portal.my-example.de;
access_log /opt/bitnami/nginx/logs/yourapp_access.log;
error_log /opt/bitnami/nginx/logs/yourapp_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://redirect.my-example.de:30000;
proxy_redirect off;
}
}
# Catch malicious requests
server {
listen 8443 default_server;
listen [::]:8443 default_server;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name _;
return 444;
}
My website is pretty messed up: it shows up as https://31.220.108.250/ in the google search results (https, not http). I want to redirect this to my domain (mosachi.ga), but when I couldn't figure out how to redirect https to my domain (I could only figure out how to redirect http). Here is my current nginx config file:
# Catchall configuration - redir to the domain for bare and invalid domain requests
server {
listen 80 default_server;
server_name _;
return 301 https://mosachi.ga$request_uri;
}
# HTTP handler to redirect to HTTPS for mosachi.ga
server {
listen 80;
server_name mosachi.ga;
return 301 https://mosachi.ga$request_uri;
}
# HTTPS for mosachi.ga
server {
listen 443 ssl;
server_name mosachi.ga;
ssl_certificate /etc/letsencrypt/live/mosachi.ga/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mosachi.ga/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Can you please change your nginx file formate as below! and check whether it is working or not?
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root your_root_folder_path;
ssl on;
ssl_certificate /etc/letsencrypt/live/mosachi.ga/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mosachi.ga/privkey.pem;
server_name mosachi.ga www.mosachi.ga;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name mosachi.ga;
return 301 https://mosachi.ga$request_uri;
}
I have Nextcloud server running fine with ip 192.168.0.1
Installed collabora online server on another machine with IP 192.168.0.2
I have one public IP and two separate domains for those servers pointing at the same piblic IP
what I try to do is use nginx to distribute the traffic accordingly.
The configuration for the Nextcloud is working fine:
upstream php-handler {
server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name first.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name first.domain.com;
...
now I am putting second config for collabora server:
server {
listen 80;
listen [::]:80;
server_name second.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://second.domain.com;
}
}
I have added 192.168.0.2 second.domain.com to the hosts file
this server also has nginx running:
server {
listen 443 ssl;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
the collabora window opens blank in nextcloud when i open a file
nginx on the nextcloud server gives response 400.
"GET /lool/https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v%3Faccess_token%3DOObPuPjPgz7ycgmvNAklYGo1clIANWXU%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v&compat=/ws HTTP/1.1" 400 0
So somehow I am not doing the redirection right. I need help with the nginx configurations. I know collabora server works because when I set second.domain.com 192.168.0.2 in the hosts file of the client and no redirection from nginx then it works fine