I have inherited an nginx instance. I am barely more than a newbie when it comes to nginx.
When I navigate to the IP address of the box "http://192.168.1.10" I get a custom page back created by the previous dev somehow.
The nginx.conf looks like this:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
The conf.d directory is empty.
The sites-enabled directory contains a link default which points to default in sites-enabled. Here is that file:
server {
location / {
proxy_pass http://localhost:3002;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 80;
listen [::]:80;
}
I have looked in /var/www/html and found the default index.nginx-debian.html that is not the one being served.
So, my question is, where is the file I'm getting back being served from? I'm running on a ubuntu server distro.
Related
I am running a QuestDB 6.6.1-server. Now I want to increase the protection of this server and put the web gui behind an NGINX reverse proxy as described in QuestDB blog post where setting up basic authentication is shown.
When I try to open the QuestDB web gui, the login popup is displayed, I can enter name and password without issues. However, after having successfully passed the login popup, I only see a bare text "Not Found" in the browser (Note: but NOT the NGINX 403 Not Found screen, which I now in other cases). Neither nginx.log, nor questdb.log show entries.
It is POSSIBLE to reach the QuestDB web gui via <server.domain>:9000, no issues there.
The "location" settings are defined in a file reverse_proxy.conf:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name server.domain;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_certificate <path>/nginx.crt;
ssl_certificate_key <path>/nginx.key;
root /var/www/server.domain/html;
index index.html index.htm;
server_name server.domain;
location /location1 {
proxy_pass https://localhost:port1;
proxy_set_header Host $host;
}
location /location2 {
proxy_pass http://localhost:port2/location2;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
}
location = /questdb/ {
auth_basic "Restricted QuestDB";
auth_basic_user_file <path>/.htpasswd;
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_read_timeout 300;
proxy_connect_timeout 120;
proxy_send_timeout 300;
proxy_set_header Host $host;
}
}
reverse_proxy.conf is imported into nginx.conf. nginx.conf looks like this:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# For suppression of server version number
server_tokens off;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
##
# Virtual Host Configs
##
map_hash_max_size 262144;
map_hash_bucket_size 262144;
include /etc/nginx/conf.d/*.conf;
}
I see you are using questdb on a directory. You are proxying to http://localhost:9000/questdb, and QuestDB is saying "Not found"
To avoid that, you would need to add a slash at the end of proxy_pass http://localhost:9000; as in proxy_pass http://localhost:9000/;
Problem then is that relative URLs (/assets, /exec...) will not work and you will need to rewrite them on nginx.
It would be probably easier to just use a subdomain rather than a directory.
update: this is the nginx config I use. As explained, relative links are broken
location /questdb/ {
proxy_pass http://localhost:9000/;
index index.html index.htm;
auth_basic "Restricted Content";
auth_basic_user_file /opt/homebrew/etc/nginx.htpasswd;
}
Could you please advice what is wrong with my Nginx configuration?
When I try "curl localhost:80" the response is the start nginx page, so it doesn't proxy traffic. I have checked the nginx documentation but I have no idea about this behavior. Have anybody an idea?
Here are the configuration files:
sites-enabled/default.conf
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
set $ups tst;
proxy_pass http://$ups:8080/;
proxy_set_header Host $http_host;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
daemon off;
events {
worker_connections 768;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
include conf/upstream.conf;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
conf/upstream.conf
upstream tst {
server xxx.xxx.xxx.xxx;
server xxx.xxx.xxx.xxx;
}
Thanks in advance!
I think this is somewhat of an interesting issue, and being new to nginx I'm not sure what configuration I need to look at to resolve this. I am hosting two web applications using the nginx reverse proxy. If a request comes in looking for myapp1.com it will route them to my app hosted at 127.0.0.1:3000, if they request myapp2.com it will route them to my app hosted at 127.0.0.1:3001. The problem is when I try to hit both of them in a relatively short amount of time (IE: hit http://myapp1.com and http://myapp2.com in browser). It will usually serve the first one up and then the request for the other will take too long and fail. Whats going wrong with nginx? Below are my configuration files.
Edit:
After connecting to a VPN this issue does not happen. Is this an issue because I am on the same LAN connection with the host? Is there any way to get around that?
/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" ' 'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
access_log /var/log/nginx/access.log main_ext;
error_log /var/log/nginx/error.log warn;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/default
server {
listen 80;
server_name myapp1.com www.myapp1.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myapp1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myapp1.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name myapp2.com www.myapp2.com;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Hi I am trying to setup a nginx to work as a reverse proxy to an application that I am running on a tomcat server. when I try to access my application through http it works fine, but when I try to access it over https I am getting a 502 error
here follows my nginx config file
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log notice;
gzip on;
gzip_disable "msie6";
rewrite_log on;
server{
ssl on;
listen 80;
listen 443 ssl;
server_name myapp.local;
ssl_certificate max.local.crt;
ssl_certificate_key server.key;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers RC3:HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
keepalive_timeout 60;
error_log /var/log/nginx/hybris.log;
rewrite_log on;
set $my_port 9001;
set $my_protocol "http";
if ($scheme = https){
set $myport 9002;
set $my_protocol "https";
}
location / {
if ( $http_user_agent ~ "Chrome"){
#just a proof of concept
return 301 http://$host/AE/en;
}
if ( $http_user_agent ~ "Firefox"){
#just a proof of concept
return 301 http://google.com/;
}
}
location /AE/en {
proxy_pass $scheme://10.0.2.2:$my_port;
proxy_set_header Host $host;
}
location ~(?:/..)?/_ui/(.*) {
proxy_pass http://10.0.2.2:9001/_ui/$1;
proxy_set_header Host $host;
}
}
}
When using https you are changing the port and also scheme for connecting to the tomcat server - this does not really make sense. You would only use https for a backend server if it is in another datacenter, not within a local network. It should work fine if you remove the $my_port and $my_protocol definitions and change your /AE/en location block to
location /AE/en {
proxy_pass http://10.0.2.2:9001;
proxy_set_header Host $host;
}
I think you need to create two server sections. One for listening on port 80 and the other for listening on port 453 which is for https.
I have 2 servers A and B, on Server A i have nginx installed
below is my config file loacted at /etc/nginx/nginx.conf and configured as below
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
upstream sendforward {
server Server_IP_B:9000;
}
server {
#access_log off;
server_name my_server_name;
listen 443;
large_client_header_buffers 4 16k;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://sendforward;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
}
}
when i send message to Server A on port 443 it writes to 'access_log' file but doesn't forward message to Server B.
I also check by ubuntu command 'nc - l 9000' and wireshark by filtering 'tcp.port==9000'.
I didn't get why it is happening or whether i miss in configuration.
Thanks in advance.
Have you tried defining your upstream before your proxy pass?
i also think you shoud remove the trailing slash of your proxypass
so http://sendforward instead of http://sendforward/