I have a node server running on port 4000 and postgres running on 5432 on a GCP VM. I want to be able to access the node server at api.mydomain.com and postgres at db.mydomain.com.
I'm able to access the server at the desired subdomain with the SSL cert, but I'm getting a "502 Bad Gateway" for the db endpoint.
To configure the server block for the db, I copied over the one for the server and had certbot generate the necessary ssl certificate.
Here's the config in /etc/nginx/sites-available/default
server {
server_name api.mydomain.com;
location / {
proxy_pass http://localhost:4000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = api.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name api.mydomain.com;
listen 80;
return 404; # managed by Certbot
}
server {
server_name db.mydomain.com;
location / {
proxy_pass http://localhost:5432;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/db.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/db.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = db.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name db.mydomain.com;
listen 80;
return 404; # managed by Certbot
}
Both resources are available
Related
I have a problem with adding some new routes to the current proxy which I have on the server .
The current file is located on :
/etc/nginx/sites-enabled/proxy_nginx
with this content :
# proxy cache
proxy_cache_path /tmp/cache keys_zone=cache:10m levels=1:2 inactive=600s max_size=100m;
# redirect all HTTP to HTTPS
server {
listen 80 default_server;
return 301 https://$host$request_uri;
}
server {
return 301 https://$host$request_uri;
server_name www.api.mysite.org; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.mysite.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.mysite.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.api.mysite.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name www.api.mysite.org;
return 404; # managed by Certbot
}
Now I need to add these lines into it but I'm confused where to put them :
server {
listen 80 default backlog=16384;
listen [::]:80 default backlog=16384;
location /route1{
proxy_set_header Host decide.externalURL.com;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://z.externalURL.com/route1;
}
location /route2 {
proxy_set_header Host api.externalURL.com;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://api.externalURL.com/route2;
}
I know that I shouldn't have a duplicate default-server because I wasn't able to add the above lines into my default nginx.conf file.
So the question is how to mix these lines into the /etc/nginx/sites-enabled/proxy_nginx file.
I configured Nginx as a reverse proxy for a front-end application. The front-end takes an endpoint URL via a .env file. when I change the endpoint's value which is a URL on the .env, Nginx still picks the old value even after restarting Nginx
my Nginx config
upstream App{
ip_hash;
server localhost:3050;
}
server {
server_name app.com www.app.com ;
root /var/www/App;
access_log /var/log/nginx/app-access.log;
error_log /var/log/nginx/app-error.log;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
location / {
proxy_pass http://App/;
}
location /socket.io/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://App/socket.io/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.app.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = app.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name app.com www.app.com ;
return 404; # managed by Certbot
}
My new website's address is foo.pro, when I go my old website bar.pro, it shows the content of the new foo.pro as expected but the URL remains bar.pro.
How to replace bar.pro by foo.pro in my Nginx configuration below ?
upstream foo_upstream {
server 127.0.0.1:3003;
keepalive 64;
}
server {
server_name www.foo.pro;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://foo_upstream;
proxy_redirect off;
proxy_read_timeout 240s;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.foo.pro/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.foo.pro/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.foo.pro) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.foo.pro;
return 404; # managed by Certbot
}
server {
listen 80;
server_name foo.pro;
return 301 https://www.foo.pro;
}
=== EDIT ===
I tried to add this directive in my conf:
server {
listen 80;
server_name bar.pro;
return 301 https://foo.pro;
}
But it's still not renaming the URL to foo.pro.
I am using let's encrypt to get SSL certificates and nginx as reverse proxy. Below is my nginx conf file that I am using :
server {
listen 443 http2 ssl;
server_name example.com;
access_log /var/log/nginx/example.com.log;
error_log /var/log/nginx/example.com.log;
location /.well-known/acme-challenge/ {
root /var/www/html/grafana; # Temp for generating letsencrypt
default_type text/plain;
}
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#Fix the “It appears that your reverse proxy set up is broken” error.
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:3000 http://example.com/;
#Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}
============
My requirement here is :
I am running multiple applications on this server such as Jenkins, Gitlab, Grafana. And these applications are listening on different ports. The above file lets me redirect https://example.com to http://example.com:3000. But I would like to redirect my connections like this :
https://example.com:3000 -> http://example.com:3000
https://example.com:8080 -> http://example.com:8080
https://example.com:81 -> http://example.com:81
I have seen an environment doing it. But can't figure out how this was done.
I'm trying to redirect www to non-www but it doesn't work. I've tried various answers from similar questions but those haven't worked.
I have SSL cert using certbot for 3 domains example.com, www.example.com and admin.example.com.
This is my current config, which works for non-www and admin, however www.example.com doesn't work.
# HTTP - redirect all requests to HTTPS
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# Redirect to non-www
server {
server_name www.example.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
return 301 https://example.com$request_uri;
}
# non-www
server {
server_name example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# CMS
server {
server_name admin.example.com;
location / {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I use DigitalOcean where both admin & non-www points to my droplet and www.example.com has a CNAME record to example.com (non-www).
Firstly, the www.example.com and example.com should be in one server block.
Secondly, you need to add this in your #non-www server configuration blog
if ($host = 'www.example.com') {
return 301 https://example.com$request_uri;
}
Thirdly, to redirect all requests to HTTPS, server_name must be added in your # HTTP - redirect all requests to HTTPS block.
Finally, your NGINX Configuration file will look like this
# HTTP - redirect all requests to HTTPS
server {
server_name example.com www.example.com admin.example.com;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# non-www
server {
server_name example.com www.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
if ($host = 'www.example.com') {
return 301 https://example.com$request_uri;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# CMS
server {
server_name admin.example.com;
location / {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Once you update your NGINX configuration file, restart NGINX:
$ sudo systemctl restart nginx