I'm using 'Oracle Cloud'.
I created a VM(Computer instance) on Oracle Cloud with CentOS 8. And I installed NginX, and it works well when I test it with 'http://mydeal.servername.com'.
To make NginX service with HTTPS, I also installed certbot(Let's Encrypt) and created certificate, using the following command.
sudo certbot --standalone -d mydeal.servername.com certonly
Result files were like below.
Cert : /etc/letsencrypt/live/mydeal.servername.com/fullchain.pem;
Key : /etc/letsencrypt/live/mydeal.servername.com/privkey.pem;
I added http and https to firewall service list like below.
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
And I created test index.html like below.
sudo -i
mkdir /var/www
mkdir /var/www/mydeal
echo "MyDeal at Oracle Cloud" > /var/www/mydeal/index.html
And I created https settings, including http redirection, in /etc/nginx/conf.d/my.conf file.
server {
listen 80;
server_name my.servername.com;
location / {
root /var/www/mydeal;
index index.html;
try_files $uri /index.html;
}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mydeal.servername.com;
ssl_certificate /etc/letsencrypt/live/mydeal.servername.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydeal.servername.com/privkey.pem;
location / {
root /var/www/mydeal;
index index.html;
try_files $uri /index.html;
}
}
Finally, when I start nginx server with the following command, it works well.
sudo -i
sudo nginx
But, when I start nginx server with the following command, it gives error "500 Internal Server Error" on the browser screen.
sudo systemctl enable nginx
sudo systemctl start nginx
I can not find any differences b/w 2 start procedures.
How I can debug this problem?
Related
My aqueduct server is working on ubuntu 18.04 (http://127.0.0.1:8888). I install nginx from nginx.org. Currently I don't use any block for my aqueduct on nginx. I modified default config such as I add my domain name into it. And separately both my aqueduct server and nginx server is working.
My problem is that how to configure my nginx so I can use reverse proxy option so I don't connect to my aqueduct server directly. Any help please?
PS. I use fake domain and ip to show my config settings.
my nginx config is:
# Default server configuration
# My domain (mobile.niyazitoros.com) ip: 5.5.5.5 // TEST IP
# ------ http://mobile.niyazitoros.com and http://5.5.5.5 is working.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mobile.niyazitoros.com;
# root /var/www/example.com;
# index index.html;
location / {
# My aqueduct server works on 127.0.0.1:8888
proxy_pass http://127.0.0.1:8888/;
}
}
Ok. I found it. to I use default.conf in sites-available and sites-enabled. this was wrong place to modify default.conf. Correct path is modify default.conf in conf.d dir.
1) install nginx
2) run:
nginx -v
(nginx version: nginx/1.15.5)
3) sudo nano /etc/nginx/conf.d/default.conf
server {
listen 80;
listen [::]:80;
error_log /var/log/nginx/your_domain_name.error.log debug;
rewrite_log on;
server_name your_domain_name;
location / {
proxy_pass http://127.0.0.1:8888/;
}
}
4) sudo systemctl reload nginx
5) sudo systemctl restart nginx
6) sudo nginx -t
7) curl http://your_domain_name/
I got strange situation with Nginx in the Docker.
I have 3 containers that run as a services in the Docker swarm.
Docker version is: 17.03.1-ce, build c6d412e.
Docker command to run swarm is: docker deploy -c docker-compose.yml synergy
Docker compose file is here: https://raw.githubusercontent.com/sodrian/synergy/master/docker-compose.yml
The strange thing is as follows:
If I use 80 port nginx server directives similar to this ones, everything is ok:
server {
listen 80;
server_name SOME_NAME.com;
location / {
uwsgi_pass synergy_uwsgi:8001;
include uwsgi_params;
}
}
If 443 directives are used I keep getting the error:
server {
listen 443 ssl;
server_name SOME_NAME.com;
ssl_certificate SOME_PATH;
ssl_certificate_key SOME_OTHER_PATH;
location / {
uwsgi_pass synergy_uwsgi:8001;
include uwsgi_params;
}
}
The Nginx error: host not found in upstream "synergy_uwsgi"
I had to write the script
https://raw.githubusercontent.com/sodrian/synergy/master/deploy/nginx/synergy_uwsgi_resolve.sh
and change CMD on nginx container to:
CMD sh /etc/nginx/synergy_uwsgi_resolve.sh && nginx -g "daemon off;"
to make it run.
So the question is: why can nslookup resolve synergy_uwsgi host, but nginx can't?
I've been playing around with my site's conf file (nginx) with little success. All I want to do is when people type "example.com" or "http://example.com" in the address bar for it to automatically redirect them to "https://www.example.com".
Try something like this in the nginx config file for your site. If you are on Ubuntu, this file is likely located at something like /etc/nginx/sites-available/example.
server {
listen 80;
listen [::]:80 default_server;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
Once you have update the config file, be sure to test and restart NGINX using sudo nginx -t && sudo service nginx reload
Sorry for noob question, I suck at Ubuntu.
I have just installed nginx in a Ubuntu server with:
sudo apt-get update
sudo apt-get -y install nginx
It successfully built. I'm trying to change the index page, so I have modified my /usr/share/nginx/html/index.html, and then tried all of these:
sudo service nginx stop
sudo service nginx start
sudo service nginx restart
But when I refresh the root page on my browser it still shows the old page.
This is what the index.html looks like:
I have checked my /etc/nginx/nginx.conf, but don't find anything particular there.
What could I be missing?
If you had checked vhost, you knowned, root directory is /var/www/html...
vhost is in /etc/nginx/sites-available and /etc/nginx/sites-enabled (sites-enabled is symlink).
The correct configuration file for NGINX on Debian is :
/var/www/html/index.nginx-debian.html
If you update this file, the changes will be reflected immediately, without a start/stop or restart.
sudo service nginx stop
sudo service nginx start
sudo service nginx restart
I have same problem before, then after updating nginx conf by moving 'root' from 'server/location' to 'server', it works well. Nginx config file :
server {
listen 443 ssl;
server_name localhost;
root /usr/share/nginx/html/rdist;
location /user/ {
proxy_pass http://localhost:9191;
}
location /api/ {
proxy_pass http://localhost:9191;
}
location /auth/ {
proxy_pass http://localhost:9191;
}
location / {
index index.html index.htm;
if (!-e $request_filename){
rewrite ^(.*)$ /index.html break;
}
}
I have trying to add proxy_set_header in my nginx.conf file. When I try to add proxy_pass and invoke the URL it throws 502 Bad Gateway nginx/1.11.1 error.
Not sure how to resolve this error:
upstream app-server {
# connect to this socket
server unix:///tmp/alpasso-wsgi.sock; # for a file socket
}
server {
server_name <name>;
listen 80 default_server;
# Redirect http to https
rewrite ^(.*) https://$host$1 permanent;
}
server {
server_name <name>;
listen 443 ssl default_server;
recursive_error_pages on;
location /azure{
proxy_pass http://app-server;
}
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl_client_certificate /etc/nginx/server.crt;
ssl_verify_client optional;
}
Had similar problem with proxy_pass, if your Linux server is using SELINUX then you may want to try this.
$ setsebool -P httpd_can_network_connect true
Refer to Warren's answer: https://unix.stackexchange.com/questions/196907/proxy-nginx-shows-a-bad-gateway-error
502 is sent when your upstream is not reachable.
Try to switch on error log and you might see failed to connect to upstream,
for this you need to check whether your upstream server is running or not, sudo service upstream status, and try to switch that on.
Nginx proxy with unix socket troubleshooting:
Check nginx conf:
nginx -t
Check socket:
netstat --protocol=unix -nlp | grep alpasso-wsgi.socket
Check is app working:
curl --unix-socket /tmp/alpasso-wsgi.sock http:/your-path-on-app
(Must be html code on screen output)
If not, check your app. If yes:
Check nginx error log
sudo tail -f /var/log/nginx/error.log
In case you get a nginx permissions error, check nginx user rights for socket:
Determine which username nginx use:
ps aux | grep nginx
And, for example, if nginx user is www-data, give to www-data user required rights. Add www-data user to required group:
sudo usermod -a -G your-socket-file-group www-data
and check permissions of a socket file,
or use ACL:
sudo setfacl -R -m u:www-data:rwX /path-to-your-unix-socket
sudo setfacl -Rd -m u:www-data:rwX /path-to-your-unix-socket
Im my opinion, ACL is better for security. Because you give rights to nginx only to one file, not for all files which belongs to group.