nginx backup directive in upstream not working - nginx

this is my Nginx config file that is embedded in k8s configMap.
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
upstream backend {
server flask1-service.mohammad-elastic.svc.cluster.local:8080 weight=5;
server flask2-service.mohammad-elastic.svc.cluster.local:8081 backup;
}
upstream test_backend {
server flask2-service.mohammad-elastic.svc.cluster.local:8081;
}
server {
server_name mirroring;
listen 80;
access_log /var/log/nginx/proxy.log;
error_log /var/log/nginx/proxy.error.log info;
location / {
mirror /mirror;
proxy_pass http://backend;
proxy_next_upstream http_404 non_idempotent;
}
location = /mirror {
proxy_pass http://test_backend$request_uri;
}
}
}
when the flask1 ,primary app, is down, flask2 app, as backup, doesn't work.
I mean sometimes the request get result but most of the time it gets 502 bad gateway.

Related

Nginx reverse proxy getting 400 error bad request

I'm trying to set up nginx as reverse proxy to an application.
When I set up the same request over http it works fine
I think I've done everything and I still have the 400 error. Any help will be really nice.
My nginx configuration file :
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
large_client_header_buffers 4 16k;
client_max_body_size 10M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
My site configuration :
server {
listen 80;
server_name example.com;
location /eai {
proxy_pass http://192.168.44.128:8000;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/certificates/myssl.crt;
ssl_certificate_key /etc/nginx/certificates/myssl.key;
server_name example.com;
location /eai {
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://192.168.44.128:8000;
}
}
My python code to call the application behind the proxy :
import requests
url = 'https://example.com/eai/request/import'
file_list = [
('file', ('test.csv', open('test.csv', 'rb'), 'text/html')),
]
r = requests.post(url, files=file_list, proxies={"https":"https://192.168.44.241","http":"http://192.168.44.241"}, verify=False)
The info line in the error.log
client sent invalid request while reading client request line, client: 192.168.44.1, server: example.com, request: "CONNECT example.com:443 HTTP/1.0"
Thanks in advance for any help
Regards
Here is your problem:
proxies={"https":"https://192.168.44.241","http":"http://192.168.44.241"}
Your client connection is not actually going through a proxy, so this should not be present at all. You are just making a normal HTTPS request to a normal HTTPS server.

Heroku + nginx-buildpack

I am trying to host the TensorBoard on a Heroku instance, and to secure it, I have added nginx using the Nginx-Buildpack in front of it.
The idea is that Tensorboard will create the app on port 6006, and Nginx will redirect this port to the external port provided by Heroku $Port.
When I start the app, I have the following error:
TensorBoard attempted to bind to port 6006, but it was already in use
My config files are as follows:
Procfile
web: bin/start-nginx tensorboard --logdir="/app/" --host=http://127.0.0.1 --port=6006
config/nginx.conf.erb
daemon off;
#Heroku dynos have at least 4 cores.
worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;
events {
use epoll;
accept_mutex on;
worker_connections 1024;
}
http {
gzip on;
gzip_comp_level 2;
gzip_min_length 512;
server_tokens off;
log_format l2met 'measure#nginx.service=$request_time
request_id=$http_x_request_id';
access_log logs/nginx/access.log l2met;
error_log logs/nginx/error.log;
include mime.types;
default_type application/octet-stream;
sendfile on;
#Must read the body in 5 seconds.
client_body_timeout 5;
#upstream app_server {
# server unix:/tmp/nginx.socket fail_timeout=0;
#}
server {
listen <%= ENV["PORT"] %>;
server_name http://127.0.0.1;
keepalive_timeout 5;
root /app;
port_in_redirect off;
#index index.html index.htm;
location = / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:6006;
}
}
}

Nginx https reverse proxy another 502

Hi I am trying to setup a nginx to work as a reverse proxy to an application that I am running on a tomcat server. when I try to access my application through http it works fine, but when I try to access it over https I am getting a 502 error
here follows my nginx config file
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log notice;
gzip on;
gzip_disable "msie6";
rewrite_log on;
server{
ssl on;
listen 80;
listen 443 ssl;
server_name myapp.local;
ssl_certificate max.local.crt;
ssl_certificate_key server.key;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers RC3:HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
keepalive_timeout 60;
error_log /var/log/nginx/hybris.log;
rewrite_log on;
set $my_port 9001;
set $my_protocol "http";
if ($scheme = https){
set $myport 9002;
set $my_protocol "https";
}
location / {
if ( $http_user_agent ~ "Chrome"){
#just a proof of concept
return 301 http://$host/AE/en;
}
if ( $http_user_agent ~ "Firefox"){
#just a proof of concept
return 301 http://google.com/;
}
}
location /AE/en {
proxy_pass $scheme://10.0.2.2:$my_port;
proxy_set_header Host $host;
}
location ~(?:/..)?/_ui/(.*) {
proxy_pass http://10.0.2.2:9001/_ui/$1;
proxy_set_header Host $host;
}
}
}
When using https you are changing the port and also scheme for connecting to the tomcat server - this does not really make sense. You would only use https for a backend server if it is in another datacenter, not within a local network. It should work fine if you remove the $my_port and $my_protocol definitions and change your /AE/en location block to
location /AE/en {
proxy_pass http://10.0.2.2:9001;
proxy_set_header Host $host;
}
I think you need to create two server sections. One for listening on port 80 and the other for listening on port 453 which is for https.

Nginx Load balancer not working

I have 2 servers A and B, on Server A i have nginx installed
below is my config file loacted at /etc/nginx/nginx.conf and configured as below
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
upstream sendforward {
server Server_IP_B:9000;
}
server {
#access_log off;
server_name my_server_name;
listen 443;
large_client_header_buffers 4 16k;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://sendforward;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
}
}
when i send message to Server A on port 443 it writes to 'access_log' file but doesn't forward message to Server B.
I also check by ubuntu command 'nc - l 9000' and wireshark by filtering 'tcp.port==9000'.
I didn't get why it is happening or whether i miss in configuration.
Thanks in advance.
Have you tried defining your upstream before your proxy pass?
i also think you shoud remove the trailing slash of your proxypass
so http://sendforward instead of http://sendforward/

How to enable nginx status page?

I need the IP/nginx_status page for my check_nginx_status Nagios plugin. I followed some instructions:
nginx -V | grep --color -o http_stub_status #some HttpStubStatusModule verification
In nginx.conf, I added:
http {
...
server{
location /nginx_status {
stub_status on;
access_log off;
allow MY_IP;
deny all;
}
}
...
}
After nginx reload, the page should be available.
But, I get "The page you were looking for doesn't exist."
I have nginx v1.6.0.
nginx.conf:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
server {
listen 80;
location /nginx_status {
stub_status on;
access_log off;
#allow 107.170.106.199;
#deny all;
}
}
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

Resources