Strange HTTP 401 response with nginx in combination with WildFly - nginx

I installed a WildFly 26.0.1 together with nginx as a reverse proxy.
Everything seems to work correctly.
Also the deployment of small WebApp war files within WildFlys admin console works.
But there is a problem when deploying large war files.
I have already set client_max_body_size to 100M!
The effect is the following:
While deploying the nginx access.log there shows up an endless loop
POST /management-upload HTTP/1.1" 401 77
Again and again
On the client side the request hangs.
The WildFly Log shows no start of deployment.
While with small war files it says:
POST /management-upload HTTP/1.1" 200 68
btw: When accessing the WildFly directly (not via the nginx proxy) the deployment works
also with large war files
This is my nginx config:
(Replacing my domain with example.com)
server {
server_name www.example.com example.com;
listen 80;
listen [::]:80;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 90s;
}
location /console {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9990/console;
proxy_read_timeout 90s;
}
location /management {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9990/management;
proxy_read_timeout 90s;
}
}

Related

Nginx reverse proxy not working for location /dashboard

I have following nginx reverse proxy configuration:
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /application {
proxy_pass https://my.url:9443/application;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /dashboard {
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
my location "/" got proxied to my npm dev server, which is working great.
my location "/aplication" got proxied to my application I publish, which is working great, too!
so why does my location "/dashboard" does not work, when proxied to my other npm dev server, which listens on port 3001? What makes my concerns even stronger is the fact, that when I change the port from my default location "/" to 3001, my react app is getting accessed.
my output from sudo netstat -lntp:
tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN 3677/node

Nginx Reverse Proxy and ZAP

i'm trying to configure Nginx as reverse Proxy for my sec-tool (ZAP). I'm not sure about the configuration part. I think it should be something like that:
server {
listen 443;
server_name ZAP.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_redirect http://localhost:8080 https://ZAP.domain.com;
}
}
As long as i know, ZAP operates with the port 8080, but i'm not sure what I've to insert in the "domain" part.
Does anyone have some clues here?
Thank you

Keycloak redirects to the keycloak URI instead of redirect_uri provided

We are trying to authenticate an application using keycloak. Both the applications are hosted behind nginx and the nginx configuration seems fine (shown below)
The issue we are having is that the redirect_url we specify is something like https://website.com/myapplication/auth but keycloak redirects to its own domain at https://auth.website.com/myapplication/auth
We tried to debug this issue but cannot figure out what could be the issue. any pointers would be appreciated.
nginx configuration
server{
listen 443;
server_name auth.website.com;
... certificates
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
}
}
This issue was fixed by changing the nginx configuration to the following
server{
listen 443;
server_name auth.website.com;
... certificates
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 64k;
proxy_pass http://127.0.0.1:9090;
}
}

Reverse proxy configuration for keycloak (Nginx)

I have a spring boot application (with keycloak adapter) running on port 8000 and keycloak running on 8080
I have edited my /etc/hosts file to route requests coming on my test-domain (foo.bar.com) to route to 127.0.0.1
I am not interested in SSL as of now.
My sample nginx configuration:
server {
listen 80;
server_name foo.bar.com;
location /myapp {
proxy_set_header Host $host/myapp;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://localhost:8000/;
}
location /auth {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
}
}
Question:
Will this sample nginx conf be sufficient? I had some infinite redirects happening. Logs from keycloak adapter in my spring application say:
No State Cookie
If I do not use proxy server and instead configure the app and keycloak talk directly to each other it works. I wonder why proxy server is creating issues.
Did you configure Keycloak so that it knows it's behind a proxy?
E.g. for docker it's the option -e PROXY_ADDRESS_FORWARDING=true

ghost dosen't work in subdomain

i have VPS server work in digitalocean with nginx and ubuntu 12.4 LTS 64bit, i try to make ghost blog work in my subdomain blog.csbukhari.com but it dose not work.
this is my conf file in nginx
server {
listen 80;
server_name blog.csbukhari.com;
location / {
expires 8d;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_read_timeout 5m;
proxy_connect_timeout 5m;
proxy_pass http://127.0.0.1:2368;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
and i add the subdomain blog in dns as A record
You can see my example conf file here but yours looks right.
I assume you have restarted nginx and you have Ghost started and listing on port 2368?

Resources