Symfony nginx reverse proxy on folder - symfony

I have a simple Symfony application, using Webpack Encore.
I also have a nginx server, with this below configuration to access to my Symfony app:
server {
listen 8080;
server_name localhost;
root D:/Projects/SampleApp/public;
location / {
root D:/Projects/SampleApp/;
try_files /public/$uri /public/$uri /assets/$uri /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php_farm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
}
When I access to http://localhost:8080, my Symfony app works well.
I would like to add another nginx as a reverse proxy, that point http://localhost/SampleApp to http://localhost:8080.
I create this nginx configuration file :
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate D:/Projects/certificate.crt;
ssl_certificate_key D:/Projects/certificate.key;
server_name localhost;
location /SampleApp/ {
rewrite ^/SampleApp(/.*)$ $1 break;
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
When I access to http://localhost/SampleApp/login, my Symfony login page works. But :
Assets are not loaded because the base doesn't contains the "SampleApp" prefix (it call http://localhost/assets/app.css instead of http://localhost/SampleApp/assets/app.css)
Links and redirections doesn't works too for the same problem
Do you have any ideas to resolve this problem please ?
Thanks

Related

ratchet, wss & nginx configuration

my current nginx conf file:
server {
listen 443 ssl default_server;
listen [::]:80 ipv6only=on;
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
root /var/www/domain/public;
index index.php index.html index.htm;
server_name domain;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM Configuration Nginx
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I want to be able to run 2 secure WebSocket servers (wss://) - one running over 8443 port and the other over 8444.
I tried many configuration suggestions but none of them seems to work (connection timeout).
UPDATE:
I want to be able to connect to the WebSocket server like this:
conn = new ab.Session('wss://domain:8443',....)
Is it possible? or should I change the connection URI?
Any advice?
After lots of digging, I managed to solve my problem:
I already tried the settings below from the beginning, but in my case all of my problem was firewall settings.. and yes, it's pretty dumb
First - the cause of time out problem was the firewall
So, in order to enable your tcp port, use (Centos 7):
firewall-cmd --zone=public --add-port=80/tcp --permanent
then,
firewall-cmd --reload
great guide: http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
My settings:
upstream websocket{
server 127.0.0.1:8443;
}
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 443 ssl default_server;
listen [::]:443 default_server ssl http2 ipv6only=on;
ssl on;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
if ($request_uri ~ "^[^?]*//") {
rewrite "(.*)" $scheme://$host$1 permanent;
}
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
root /var/www/domain/public;
index index.php index.html index.htm;
server_name domain
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM Configuration Nginx
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /ws/ {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
keepalive_timeout 86400s;
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
reset_timedout_connection on;
}
}
Hope it will help others :)

Two applications within one server block

I'm not sure if this is possible or not, but the goal is to serve two applications within one server block. The primary application is NodeJS, but I would like to have a "/blog" that would point to a Wordpress install on the server. I am currently able to serve the blog on a subdomain.
The nginx config currently looks like this:
server {
listen 80;
listen [::]:80 ipv6only=on;
root /var/www/html;
index index.php index.html index.htm;
server_name blog.example.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/xyz.conf;
include snippets/zyx.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Is there a way for me to serve the blog to "/blog" inside of the second server block in a similar fashion as the first?

nginx reverse proxy multidomain

i have some problem with my nginx configuration. I am new with nginx by the way ..
I want to host multiple websites on one single server. Ubuntu 16.04 installed.
Example:
www.myDomain.com - should point to a normal webroot equ: /var/www/html
wiki.myDomain.com - should reverse-proxy to my confluence application at localhost:8090
blog.myDomain.com - should point to another webroot equ: /var/www/blog
I tried to configure the base url = www.myDomain.com and the wiki reverse proxy.
My files look like this:
default:
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name myDomain.com www.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name myDomain.com www.myDomain.com
include snippets/ssl-www.myDomain.com.conf;
include snippets/ssl-params.conf;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name myDomain.com www.myDomain.com;
location / {
allow all;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
}
my wiki.myDomain.com witht the reverse proxy:
server {
listen 80;
# listen [::]:80;
server_name wiki.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen wiki.myDomain.com:443 ssl;
# listen [::]:443;
add_header Strict-Transport-Security "max-age=31536000";
include snippets/ssl-wiki.myDomain.com.conf;
include snippets/ssl-params.conf;
# root /var/www/wiki.myDomain.com;
location /.well-known {
root /var/www/wiki.myDomain.com/;
# default_type text/plain;
}
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
So here my problem:
Wiki.myDomain.com is working fine !
www.eida.at is allways auto forwarding to https://wiki.myDomain.com for some reason
with www.myDomain.com i want to have a separate website - no forward to the wiki. Seems that the reverse proxy part is used any time - doesnt matter which url i choose.
Thanks for help !

Nginx configuration behind nginx reverse proxy

I have an Nginx with Docker for my development environment with HTTP and HTTPS, here's the configuration:
listen 80;
listen 443 ssl;
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Real-IP;
real_ip_recursive on;
location / {
try_files $uri #rewriteapp;
}
location #rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/(app|app_dev|app_test|config)\.php(/|$) {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $https;
}
I want to test HTTP and HTTPS in my local environment but in production, I have an Nginx reverse proxy in front with:
upstream app_upstream {
server app:80;
}
server {
server_name $APP_DOMAIN;
listen 443 ssl;
ssl_certificate /run/secrets/app_cert.pem;
ssl_certificate_key /run/secrets/app_key.pem;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://app_upstream;
}
}
I want the reverse proxy to accept the only HTTPS and forward to the application nginx but my PHP application behind is receiving $_SERVER['HTTPS'] = ""
I also want to keep the SSL certificate only on the reverse proxy, how do I pass HTTPS from reverse proxy to Nginx to PHP?
The HTTPS variable is set to $https (which is set according to the connection to the backend server, which will always be HTTP), but you want it to be set according to the forwarded connection.
You can use the X-Forwarded-Proto header to set the HTTPS variable using a map. For example:
map $http_x_forwarded_proto $https_flag {
default off;
https on;
}
server {
...
location ~ ^/(app|app_dev|app_test|config)\.php(/|$) {
...
fastcgi_param HTTPS $https_flag;
...
}
}
See this document for more.

Nginx php site and node app on different port

I have installed nginx and configured php and mysql in my vps. My home page exist at /var/www/html. and it is working correctly when I access it form any computer.
Now I installed nodejs and set a simple hello world accoring to this link
my nginx defauls file is
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
root /var/www/html;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ = 404 $uri.html $uri/index.html #app;
#proxy_pass http://localhost:3000;
}
location #app {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
My problem is either my php files are served or node files are served, while I want, http://ipaddress:80 whould serve my php files, and http://ipaddress:3000 should serve my nodejs app.
I am using pm2 node module.
I am very-2 new to nginx.
Thanks
like this
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php5-fpm.sock;
try_files $uri =404;
}
}
server {
listen 3000;
listen [::]:3000;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Resources