I recently successfully deployed a ShinyProxy + app using SSL with nginx and certbot in the following manner:
Dockerize ShinyProxy + app and launch on port 127.0.0.1:5001.
Create Nginx config and proxy_pass to 127.0.0.1:5001.
Secure using certbot.
This is the successful nginx.conf location section:
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 90s;
proxy_pass http://127.0.0.1:5001;
}
This nicely redirects me to https://app.myweb.com/login as I have set up a CNAME. Important to note, {ShinyProxy} redirects to the login at the end automatically. On successful login the url redirects to https://app.myweb.com/app/website.
What I really struggle with is the following: adding a location block or as I understand it, include my upstream block into my downstream (correct my terms if I am wrong). So, have my url go from https://app.myweb.com/login to https://app.myweb.com/dashboard/login using the following configuration in nginx:
location /dashboard/ { # THIS IS WHAT I WANT TO ADD
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 90s;
proxy_pass http://127.0.0.1:5001;
}
All that happens is, if I type https://app.myweb.com/dashboard/ it doesn't go to https://app.myweb.com/dashboard/login as I would expect, but redirects back to https://app.myweb.com/login which 404's.
Any advice on what I am doing wrong?
Related
I have installed influxdb2 from their website and setup nginx according to this amazing guide from digitalocean. I am trying to set a reverse proxy in order to query and post data to the db. I have my own URL and have set A records and a wildcard. I can access https:www.mydomain.com and mydomain.com .
problem 1.
when I run influxd I get the following error:
Error: listen tcp :8086: bind: address already in use
If I stop the service with sudo systemctl stop influxdb, I can then start the db. I cannot access it though...
problem 2.
the proxy is not working. Do you have any idea why?
My /etc/nginx/sites-enabled/mydomain.com.conf:
# reverse proxy
location /infuxdb {
proxy_pass http://127.0.0.1:8086;
proxy_set_header Host $host;
include nginxconfig.io/proxy.conf;
}
and the contents of /etc/nginx/nginxconfig.io/proxy.conf:
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Proxy SSL
proxy_ssl_server_name on;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Proxy timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
I have a Docker app running on an Nginx webserver, that works fine connecting directly to the webserver. However, the webserver is behind a separate Nginx reverse proxy server (functioning as WAF, load balancer, and in some cases directs path specific requests to different servers - as in this specific case).
The internal server config, which works if I connect directly to this server, look like:
# redirect without the trailing slash because the author did not include the full path in the Docker app
location /apppath/editor {
return 302 /apppath/editor/;
}
location /apppath/editor/ {
proxy_redirect off;
proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://0.0.0.0:8501/editor/;
}
location /apppath {
alias /var/www/dockerapp;
try_files $uri $uri/ =404;
}
I could not find examples of multiple levels of reverse proxy for a websocket app, so I have tried countless variations, but the public (LB/WAF) config currently looks like:
location /apppath {
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_headers_hash_bucket_size 128;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_set_header Host $host;
proxy_http_version 1.1;
#proxy_buffering off;
#proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$scheme";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#proxy_set_header Referer $http_referer;
proxy_pass https://10.0.6.13:443;
}
From the public location, requests to /apppath/pages.html work fine, but when I attempt to hit /apppath/editor/ I see only "Please wait..." with the "Made with Streamlit" tag at the bottom.
My browser shows repeated requests for /apppath/editor/healthz and the console is full of:
WebsocketConnection WebSocket onerror
Uncaught Error: Unsupported state transition
State: PINGING_SERVER
Event: CONNECTION_TIMED_OUT
...
I want to use Nginx create a gateway to receive requests and pass them along to a network of microservices.
What I need Nginx to do is just act as a proxy server, taking the requests, passing them along to whatever service, and returning the response without any changes.
This is my configuration for my local setup:
server {
listen 8080;
location /api/register/ {
proxy_pass http://micro_auth_backend:8082;
}
location /api/location/ {
proxy_pass http://localhost:8088;
}
}
It works correctly for GET requests, but when doing a POST call, the server will always receive a GET response.
I have tried adding some more configs inside the location, such as this example below, but so far nothing has worked:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Any suggestions would be appreciated.
Thank you
Just removed the trailing slash on location:
location /api/register {
proxy_pass http://micro_auth_backend:8082;
}
Now it works.
you can add this code to your nginx.conf file. It works for me.
location /api/register/ {
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/location/ {
proxy_pass http://localhost:8088;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
I'm trying to deploy a Bokeh Server application that requires an input parameter ("Part") in the form:
(1) http://127.0.0.1:5100/myapp?Part=1234-567
I want to use rewrite so that when a user hits the below URL
(2) http://<my_hostname>/myappRenamed/Part=1234-567
Nginx reverse proxies to URL (1)
Right now, my config file is similar to below.
location /myappRenamed/ {
proxy_pass http://127.0.0.1:5100;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
This works when I hit
http://<my_hostname>/myappRenamed/myapp?Part=1234-567
Except I want the URL to be
http://<my_hostname>/myappRenamed/Part=1234-567
You should rewrite the URL first, making it URL friendly using nginx rewrite capabilities and the proxy it:
location /myappRenamed/ {
rewrite ^/myapp(.*) /$1 break;
proxy_pass http://127.0.0.1:5100;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
I do not have your ENV so I can't really test the rule but you got the concept.
I'm trying to get a reverse proxy (nginx) to work with juypterhub. I want the service available at myurl.com/jhub/. I placed the following in the config:
location /jhub/ {
proxy_pass http://127.0.0.1:8000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
#WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
However, when I try the url after restarting the proxy jupyterhub is not available and I get a '404' Not Found error. I've tried every combination of ports and address with no luck. The same approach works just fine for RStudio server.... What am I missing?