Nginx listening on various ports - nginx

i have a small issue, i configured various server block with listen directive like below
but i can access toto1.com on port 444 and toto2.com on port 443, but I would prefer if it's was not possible, the listen directive is not only for the server block?
server {
listen 443 ssl http2;
server_name toto1.com;
include /etc/nginx/snippets/ssl.conf;
location /
{
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://x.x.x.x;
}
}
server {
listen 444 ssl http2;
server_name toto2.com;
include /etc/nginx/snippets/ssl.conf;
location /
{
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://x.x.x.x;
}
}
thanks

i found my answer here
https://www.computerworld.com/article/2987967/why-your-nginx-server-is-responding-with-content-from-the-wrong-site.html
you need to create a conf server like that and place it at the begining
server {
include /etc/nginx/snippets/ssl.conf;
server_name titi.com;
listen 444;
listen 443;
return 404 ;
access_log /var/log/nginx/default.access.log main;
error_log /var/log/nginx/default.error.log;
}

Related

How to remove port number in nginx when redirecting

This is my domain.conf file in nginx:
server {
listen 80;
listen 8080;
server_name EXAMPLE.COM www.EXAMPLE.COM;
return 301 https://EXAMPLE.COM$request_uri;
}
server {
listen 443 ssl;
root /home/path;
ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Now when I type http://EXAMPLE.COM:8080 or http://EXAMPLE.COM:8080/some_folder/, my website over the port number 8080 works, but I want to remove this port number.
But what I want is:
--> Whenever I type http://EXAMPLE.COM:8080/folder, it redirects to https://EXAMPLE.COM/folder
I think the answer of what you are looking for is in proxy_redirect option, after proxy_pass.
This nginx configuration sample can be useful: (Take a look on proxy redirect line)
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect http://upstream:port/two/ /one/;
I think adding this should do the trick:
proxy_redirect http://127.0.0.1:8000 /blog;
You can find full documentation and examples in the nginx documentation.
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect

Configure varnish for my app that has already proxy_pass in nginx

I'm trying to figure out how to configure my website to pass thru varnish. I'm using Ubuntu 18.04. I've tried some methods I already found online, but I can only make it work for HTTP, not for HTTPS. Here is my actual nginx.conf. My website is built in React and as you can see I already have a proxy_pass in my Nginx.
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-params.conf;
client_max_body_size 15M;
ssl_certificate_key /srv/www/dev.site.com/ssl/dev.key;
ssl_certificate /srv/www/dev.site.com/ssl/dev.chain.crt;
access_log /srv/www/dev.site.com/logs/temp_access.log;
error_log /srv/www/dev.site.com/logs/temp_error.log;
error_page 502 /502.html;
location = /502.html {
root /usr/share/nginx/html/;
allow all;
internal;
}
# root /srv/www/dev.site.com/html;
# index index.php index.html;
server_name www.dev.site.com dev.site.com;
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png|json)$") {
expires 30d;
access_log off;
add_header Pragma public;
add_header Cache-Control "public";
break;
}
}
Thanks
HTTP/1.1
For regular HTTP/1.1 requests, this one should do the trick:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
}
Please make sure you include the right certificates, and proxy through to the right hostname/port.
HTTP/2
For HTTP/2 requests, you can use the following Nginx config:
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
}
And for Varnish, you need to make sure the -p feature=+http2 runtime flag is added to the varnishd process. So the varnishd process could look like this:
varnishd -a:80 -f /etc/varnish/default.vcl -s malloc,2g -p feature=+http2

Can't redirect Http to Https nginx

I'v set up a server that run with nginx as reverse proxy for an express app. I want the server to run on https, but when I access it via http, it doesn't redirect to https. Here is my config:
server {
listen 80;
server_name *.site.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
server_name *.site.com;
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
access_log /var/log/nginx/access.log;
location / {
proxy_pass http://57.52.110.112:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
}
I can't find out why this isn't redirecting me to https. How can I make it work? thanks.

Nginx redirect forum.example.com to example.com

in amazon route53 for example.com and forum.example.com I have records A with ip address to my server.
Nginx config:
server {
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name example.com;
client_max_body_size 50M;
# RSA
ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/private.key;
# ECDSA
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /ads.txt {
root /var/www/nodebb/public/;
}
location /loaderio-a92c8d2496979eca3c119f44e27ee2f6.txt {
root /var/www/nodebb/public/;
}
}
How can I redirect forum.example.com to example.com ? So that url in browser will be example.com.
I tried to add
server {
listen 443;
server_name forum.example.com;
return 301 https://example.com$request_uri;
}
but then nothing works ;) probably port blocked or smth.
Ok I see,
I saw error logs from nginx and realized that I am missing certs for this redirection

How to setup secure websockets with nginx

I have a webserver running on port 9000 I want to make it available on port 80, and also I want to make a websocket connection available on port 9021. If i run this over http everything works fine. But when I go to https the websocket cannot be connected.
Here's my nginx config: this gives the warning:
nginx: [warn] conflicting server name "oyun.net" on 0.0.0.0:443, ignored
server {
listen 443 ssl;
server_name oyun.net;
ssl_certificate /etc/key.pem
ssl_certificate_key /etc/key2.pem
listen 80;
location / {
proxy_pass http://localhost:9000
}
}
server {
listen 443 ssl;
server_name oyun.net;
ssl_certificate /etc/key.pem
ssl_certificate_key /etc/key2.pem
listen 9021;
location / {
proxy_pass http://localhost:9000;
proxy_http_version 1.1;
proxy_set_header upgrade $http_upgrade;
proxy_set_header connection "upgrade";
proxy_set_header x-real-ip $remote_addr;
proxy_set_header host $host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
Here's the browser error:
WebSocket connection to 'wss://oyun.net:9021/socket/v1?sri=tcylqwzjnl' failed:
Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
I've created a new certification for socket.oyun.net and this config helped
server {
listen 80;
server_name oyun.net;
return 301 https://oyun.net$request_uri;
}
server {
listen 443 ssl;
server_name oyun.net;
ssl_certificate /etc/letsencrypt/live/oyun.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oyun.net/privkey.pem;
location / {
proxy_pass http://localhost:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 9021 ssl;
server_name socket.oyun.net;
ssl_certificate /etc/letsencrypt/live/socket.oyun.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/socket.oyun.net/privkey.pem;
location / {
proxy_pass http://localhost:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Resources