Develop Reference

Nginx Bad Gatway error happened when use it as reverse proxy to Grafana

I'm running Nginx on port 3000 and it's running fine and running Grafana on port 8080 and it's running fine.
when I use Nginx as a reverse proxy for Grafana I got bad Gatway below is nginx configuration and the error log
Nginx Configuration File:
server {
listen 3000 ssl;
#root /usr/share/nginx/html;
#index index.html index.htm;
ssl_certificate /etc/grafana/ELK4.crt;
ssl_certificate_key /etc/grafana/ELK4.key;
location / {
proxy_pass https://localhost:8080/;
access_log /var/log/nginx/access_grafana.log;
error_log /var/log/nginx/error_grafana.log;
}
location /api/live {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_pass https://localhost:8080/;
}
}
Error.log File:
connect() failed (111 connection refused) while connecting to upstream client

Change:
proxy_pass https://localhost:8080/;
To:
proxy_pass http://localhost:8080/;

Nginx returns 502 to browsers but works fine with curl

I have a MediaWiki running in a kubernetes cluster. The kubernetes cluster is behind an nginx proxy with the following config:
worker_processes 4;
worker_rlimit_nofile 40000;
events {
worker_connections 1024;
}
http {
upstream rancher {
server 192.168.122.90:80;
}
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 443 ssl http2;
server_name .domain;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rancher;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
proxy_read_timeout 900s;
proxy_connect_timeout 75s;
}
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
}
I can get to the main page of the wiki, but have to log in before using it. When I click to login using OAuth2 I get a 502 status from the nginx proxy server (nginx reports that the upstream ended the connection prematurely). If I do the same request with curl I get a 302 with the location of the authorization endpoint as expected. I really don't understand why it is like that. Not using the proxy and directly accessing the cluster (from the vm host) works just as normally but that isn't what I want.

So the issue was not related to nginx, nor kubernetes. It was an issue with mediawiki, where compression had some funny behaviour. See more here, if anyone encounters anything similar:)

how to redirect my domain to localhost: 3000 using ngnix

I'm new to all of this.
I'm going to put you in context. I bought a domain miweb.pe and an instance in aws. Currently my domain redirects to my aws instance because I have registered the dns servers of my amazon instance in myweb.pe.
I bought an ssl certificate and am trying to install it on my amazon instance, where I also installed nginx. I am unable to make any request to myweb.pe redirect to the aws instance that currently has a nodejs service active under port 3000.
this is my current configuration. What am I doing wrong?
server {
listen 443;
server_name myweb.pe;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/beekey.key;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.myweb.pe;
return 301 https://myweb.pe$request_uri;
}
# Redirige de https://www.tudominio.com a https://tudominio.com
server {
listen 443;
server_name www.miweb.pe;
return 301 $scheme://myweb.pe$request_uri;
}
in summary, I want that when accessing myweb.pe it actually accesses thelocalhost: 3000 which is running on my amazon instance.

So, what is the issue you are facing, I can see one issue in your nginx rule for servername you need to type domain name and not localhost. The other thing is I am assuming your service on port 3000 should already be running.

Nginx Serving Cert For Site Even Though SSL Not On

I have been troubleshooting an obscure nginx problem where we have a site correctly serving a cert and establishing a ssl connection on port 443 even though ssl is not explicitly turned on for the port. Below you can see the configuration for the site, which is listening on port 443 but not using the ssl directive.
server {
listen 443;
port_in_redirect off;
server_name xyz.abcd.com;
# websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1m;
proxy_set_header X-Request-Id $request_id;
proxy_set_header X-Request-Start $msec;
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header Host $host;
location / {
proxy_pass http://xyz-svc;
}
}
Furthermore, our nginx.conf does not explicitly mention port 443 or ssl, but it does include the path to the cert for abcd.com:
http {
..
ssl_certificate /etc/ssl/certs/abcd.pem;
ssl_certificate_key /etc/ssl/private/abcd.key;
..
}
Lastly, if we go to http://abcd.com:443, nginx throws an error saying "The plain HTTP request was sent to HTTPS port." So, clearly it is interpreting port 443 for this site as a ssl port even though we do not explicitly define that in our configuration. This behavior is true for both nginx version 1.7.5 and nginx version 1.13.8.
What are possible reasons nginx would correctly establish a ssl connection on port 443 for a site with the appropriate cert if it is never defined in the configuration to do so?

Load Balancing Websockets on Digital Ocean

I am trying to configure Digital Ocean native Load Balancer for distributing websockets traffic. I set the rule:
While trying to connect over load balancer, I am getting:
VM915:1 WebSocket connection to 'ws://{loadbalancerip}:8443/' failed: Connection closed before receiving a handshake response.
Direct connection works just fine.
So how can I configure load balancer for balancing websockets traffic?

As far as it looks like Digital Ocean Load Balancer doesn't support websockets out of the box, I had to purchase a small instance and configure on it Nginx for balancing incoming traffic between 3 local machines.
Here is possible config for Nginx, which allows you to balance wss traffic forwarded to 8443 port from Cloudflare:
upstream wss {
# Clients with the same IP are redirected to the same backend
# ip_hash;
# Available backend servers
server 228.228.228.1:8443 max_fails=3 fail_timeout=30s;
server 228.228.228.2:8443 max_fails=3 fail_timeout=30s;
server 228.228.228.3:8443 max_fails=3 fail_timeout=30s;
}
server {
listen 8443 ssl default_server;
listen 443 ssl default_server;
listen [::]:8443 ssl default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
underscores_in_headers on;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# switch off logging
access_log off;
try_files $uri $uri/ =404;
# redirect all HTTP traffic to wss
proxy_pass https://wss;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_CF_IPCOUNTRY $http_cf_ipcountry;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Path rewriting
rewrite /wss/(.*) /$1 break;
proxy_redirect off;
}
}