nginx with reverse-proxy and wildcard-subdomains - nginx

I become desparate... I want to write a configuration for nginx where shell.foo.org use a reverse proxy and *.shell.foo.org use a wildcard subdomain, so e.g. name1.shell.foo.org read /var/www/name1.shell.foo.org and name2.shell.foo.org read /var/www/name2.shell.foo.org. I tried a lot of versions but either the reverse proxy work or the wildcard subdomains.
My nginx-configuration is:
server {
listen 80;
listen [::]:80;
server_name ~^(www\.)(?<subdomain>.+).shell.foo.org$
~^(?<subdomain>.+).shell.foo.org$ ;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
#
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
server_name ~^(www\.)(?<subdomain>.+).shell.foo.org$
~^(?<subdomain>.+).shell.foo.org$ ;
ssl_certificate /etc/letsencrypt/live/shell.foo.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/shell.foo.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
root /var/www/$subdomain;
index index.html index.htm;
location / {
# if I comment this out the wildcard subdomains work;
# in this version, the reverse proxy work
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
}
root /var/www/$subdomain;
index index.html index.htm;
}
Anyone an idea where my mistake is?
Thanks,
bengoshi

Related

Nginx Too Many Redirect - Wordpress Container Reverse Proxy

I am trying to reverse proxy a wordpress containerized app. I've turned off the proxy of cloudflare and make them act as DNS only. here is my nginx conf file:
server {
root /var/www/html;
listen 443 ssl;
listen [::]:443 ssl;
server_name [redacted].us www.[redacted].us;
location / {
proxy_pass http://127.0.0.1:81/;
proxy_redirect off;
#proxy_set_header Host localhost:81;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/[redacted].us/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[redacted].us/privkey.pem;
# managed by Certbot
}
server {
if ($host = www.[redacted].us) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = [redacted].us) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
#listen [::]:80;
server_name [redacted].us www.[redacted].us;
return 404; # managed by Certbot
}
If proxy set header is change to the one that is commented the infinite redirect is resolve but every link inside is broken. I use certbot to auto renew the ssl certificate and I believe i leaving the default configuration file as default. Any work around because I can't even open the Admin panel yet to see how wordpress handle the request

How can i access my webpage with a subfolder path with nginx

This is my Nginx config
server {
server_name subdomain.mydomain.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/subdomain.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.mydomain.com/privkey.pem; # managed by Certbot
index index.html index.htm;
location / {
proxy_pass http://localhost:3000/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
When I type subdomain.mydomain.com everything works as expected and i can see grafana (which is hosted on that server)
What I want is to type in subdomain.mydomain.com/mysite and access the website, that is hosted in /var/www/html
What do I need to alter in my config to archive that?
Thanks

redirect http to https by using Nginx

I have my Nginx configuration like this:
server {
listen 80;
server_name my-domain.co.id;
listen 443 ssl;
return 301 https://$server_name$request_uri;
ssl_certificate /etc/ssl/certs/project_chained2022.crt;
ssl_certificate_key /etc/ssl/private/pkey2022.key;
location / {
proxy_pass http://localhost:54444;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
I tried to redirect using return 301 https://$server_name$request_uri but it doesn't work.
is there any other way to do the redirect?
You need to use two server blocks, for example:
server {
listen 80;
server_name my-domain.co.id;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name my-domain.co.id;
ssl_certificate ...;
ssl_certificate_key ...;
...
}

How to SSL multiple ports on same server for single domain name using nginx

I am using let's encrypt to get SSL certificates and nginx as reverse proxy. Below is my nginx conf file that I am using :
server {
listen 443 http2 ssl;
server_name example.com;
access_log /var/log/nginx/example.com.log;
error_log /var/log/nginx/example.com.log;
location /.well-known/acme-challenge/ {
root /var/www/html/grafana; # Temp for generating letsencrypt
default_type text/plain;
}
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#Fix the “It appears that your reverse proxy set up is broken” error.
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:3000 http://example.com/;
#Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}
============
My requirement here is :
I am running multiple applications on this server such as Jenkins, Gitlab, Grafana. And these applications are listening on different ports. The above file lets me redirect https://example.com to http://example.com:3000. But I would like to redirect my connections like this :
https://example.com:3000 -> http://example.com:3000
https://example.com:8080 -> http://example.com:8080
https://example.com:81 -> http://example.com:81
I have seen an environment doing it. But can't figure out how this was done.

Can't redirect nginx HTTP traffic to HTTPS

here's my nginx.conf:
upstream blah_upstream {
server web:7000;
}
server {
listen 80;
server_name blah.com www.blah.com;
# redict to HTTPS for all requests
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name blah_upstream;
server_tokens off;
# generated with help of certbot
ssl_certificate /etc/letsencrypt/live/blah.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blah.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://blah_upstream;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static/ {
alias /usr/src/app/public/;
}
}
this works for http://www.blah.com -> https://www.blah.com (it redirects fine).
however http://blah.com -> https://blah_upstream which of course absolutely doesn't work.
what am I doing wrong? I don't understand why it would work for the www version and not the other.
I tried switching the server_name order in
server_name blah.com www.blah.com;
but that didn't work either.

Resources