SignalR without authentication - nginx

I'm using Nginx as a reverse proxy for my services.
I use the following config:
location = /order-service/hubs {
proxy_pass http://order-service/hubs;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration for WebSockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
# Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
proxy_read_timeout 100s;
}
location /order-service/ {
proxy_pass http://order-service/;
proxy_http_version 1.1;
proxy_redirect off;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration for WebSockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_cache_bypass $http_upgrade;
auth_basic "Permitted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
As you see the lower part requires basic authentication.
But if I want to establish a signalR connection to /order-service/hubs it also asks for authentication.
As I understand the documentation the location match with = stops if something matches, so why it asks for authentication?

Related

Configuring Keyloak 18 with HTTP

Where am I wrong? I want to run keycloak 18.0.0 server with HTTP public ip using Nginx but the page is incompletely loaded.
My keycloak configuration:
Nginx:
# .NET Core
location /api/ {
proxy_pass http://localhost:5001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /auth
{
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
Obs.: I'm uploading the project from a zipped keycloak file.
You are using context path /auth. That was default context path for Keycloak until version 16.x. You need to configure context path explicitly for Keycloak 17+. Configure hostname-path + proxy pass to http://localhost:8080/auth/.
Doc: https://www.keycloak.org/server/all-config

How to pass this configuration from Nginx to Apache2?

Hello i would like to pass all of this config to apache2, i'am just not sure how to do it i actually need every line of nginx to apache2? if someone could spare two minutes to write.
server {
server_name app.my.com;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
}

Ngnix: Multiple Websites Using a Shared IP on a Server with Multiple IP Adress

I am deploying multiple websites to an Ubuntu server equipped with Nginx. I also use the proxy_pass feature to pass the traffic to the service.
The problem is whichever websites is set on Nginx first, all incoming traffics are rerouted to.
I created 3 different .conf files in /etc/nginx/conf and here is the details for each:
subdomain1.conf
server {
listen <the second ip>:80;
server_name subdomain1.mydomain.com;
location / {
proxy_pass http://127.0.0.1:11111;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
subdomain2.conf
server {
listen <the second ip>:80;
server_name subdomain2.mydomain.com;
location / {
proxy_pass http://127.0.0.1:22222;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
subdomain3.conf
server {
listen <the second ip>:80;
server_name subdomain3.mydomain.com;
location / {
proxy_pass http://127.0.0.1:33333;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Finally, I reload Nginx using the following command line:
sudo nginx -s reload
However, all incoming traffics for other subdomains (subdomain2 and subdomain3) are somehow passed to subdomain1. What I have noted so far is whichever set first, all incoming traffics are bound to it.

How to proxy pass two applications running on / on two different ports

this is my nginx configuration file
server {
listen 80;
server_name 0.0.0.0;
client_max_body_size 10000M;
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/apache2/.htpasswd;
proxy_pass http://localhost:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-Scheme $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 120s;
proxy_next_upstream error;
}
location /source {
auth_basic "Restricted Content";
auth_basic_user_file /etc/apache2/.htpasswd;
proxy_pass http://localhost:5050/source;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-Scheme $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 120s;
proxy_next_upstream error;
}
}
I am able to route first application running on port 8888 but for second application running on port 5050 i am not able to route through nginx. i am using /source as a prefix but it's not working. Second application also starts with / in our application. Please request guidance in this on the above issue.
/ matches before /source so you never reach /source and therefore can't be routed. switching the order of the location directive should be enough.

can we place proxy_set_header X-Forwarded-For after proxy_pass

I have a nginx as a reverse proxy in a containerised application. I have an issues in which when I add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; my deployment does not work.
here is the part of location block in my nginx.conf file.
location #app {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Real-IP $remote_addr;
}
but when i replace $proxy_add_x_forwarded_for with http_x_forwarded_for the deployment works but i am unable to pass the real client ip.
Can anyone please confirm if this is syntactically correct & we can add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; after proxy_pass?
I can confirm that
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
is correct.
I have a running location block:
location / {
proxy_pass http://127.0.0.1:3333;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}

Resources