I have this website which i reverse proxied using nginx,
My website has CRUD operations so it uses HTTP PUT and DELETE methods to update and delete records!
I found out that using --http_dav_module solves the issue,
so i added following code into my nginx.conf file,
server {
server_name autoattendance.ml www.autoattendance.ml;
location / {
dav_methods PUT DELETE;
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
but it did not solve the issue,
these request are working fine on my local machine but not on the server!
The console error that i am getting is:
error screenshot
// ps : sorry, i'm not allowed to include images at this point it seems,
The complete nginx.conf file is:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
server_name autoattendance.ml www.autoattendance.ml;
location / {
dav_methods PUT DELETE;
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/autoattendance.ml/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/autoattendance.ml/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
server {
if ($host = www.autoattendance.ml) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = autoattendance.ml) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name autoattendance.ml www.autoattendance.ml;
return 404; # managed by Certbot
}}
Related
Here is my nginx.conf file
What should i change to make it work and how to get certificate;
I need to redirect http to https connection with nginx on rest service and need to test it on postman or soapui.
Is there any difference in configuring nginx for website and for webservice?
user nginx;
worker_processes auto;
error log /var/log/nginx/error.log;
pid /run/nginx.pid;
#Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
server_name hostname_of_virtual_machine http://ipaddress:port;
return 301 https://$ipaddress:port$request_uri;
}
# Settings for a TLS enabled server.
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name hostname_of_virtual_machine;
root /usr/share/nginx/html;
#ssl_certificate "/etc/pki/nginx/server.crt";
#ssl_certificate_key "/etc/pki/nginx/private/server.key";
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 10m;
#ssl_ciphers PROFILE=SYSTEM;
#ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
When i try to test service in postman via http connection post method it still doesn't get any information;
Any idea what should i do?
EDIT
I have SSL Cert but don't know how to use it and where to put it. This is my conf file for now, and after talking with a colleague he told me that i just need a truststore in this file but i don't know how to create it.
So now, i need to edit existing conf file
First of all you need to remove the configuration codes after include /etc/nginx/conf.d/*.conf;
Note: The example below using Ubuntu 20.04 LTS
Go to /etc/nginx/sites-available and create a new file myapp01 and put your configuration there.
cd /etc/nginx/sites-available
sudo vi myapp01
Refer below snippet:
upstream appname-server {
server 127.0.0.1:8080;
}
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name appname.com;
access_log /var/log/nginx/appname-access.log;
error_log /var/log/nginx/appname-error.log;
location / {
proxy_pass http://appname-server;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
}
listen 443 ssl;
ssl_certificate /path/to/your/ssl/cert.pem;
ssl_certificate_key /path/to/your/ssl/cert_key.pem;
}
server {
if ($host = appname.com) {
return 301 https://$host$request_uri;
}
server_name appname.com;
listen 80;
return 404;
}
Don't for get to add include /etc/nginx/sites-enabled/*; in nginx.conf. (Thanks to Drifter104 for notifying)
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Next, go to /etc/nginx/sites-enabled and create symbolic links for myapp01, refer instructions below.
Go to sites-enabled
cd /etc/nginx/sites-enabled/
Create symbolic links for myapp01
ln -s /etc/nginx/sites-available/myapp01 .
After that, test your nginx configuration using sudo nginx -t. If everything is successful, proceed to step 5.
Reload nginx sudo systemctl reload nginx
Hope it helps you, cheers.
I'm trying to run a web application with a SSL certificate on port 443.
To do so, I'm using Nginx as web server and Gunicorn as application server (running a Flask project).
I'm using a socket as proxy pass but I keep getting 502 bad gateway.
Here is my command with which I launch Gunicorn (works fine until I remove the port from the URL):
gunicorn --workers 4 --bind unix:webapp.sock -m 007 --certfile "/etc/ssl/certs/domain.chained.crt" --keyfile "/etc/ssl/certs/domain.key" 'wsgi:app'
And this is my nginx.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 4096;
client_body_timeout 999;
client_header_timeout 999;
keepalive_timeout 999;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 999;
fastcgi_send_timeout 999;
fastcgi_read_timeout 999;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
}
And my web application conf in the sites-available folder:
server {
listen 443 ssl;
server_name domain www.domain;
ssl_certificate /etc/ssl/certs/domain.chained.crt;
ssl_certificate_key /etc/ssl/certs/domain.key;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/path/to/sock/webapp.sock;
}
}
This conf has been symbolically linked.
I have no idea why this is not working, as Nginx is not even logging anything!
I tried multiple things but I keep gateway the 502 error.
Does anyone have any idea? Thanks in advance
I'd like to ask for advice about configuring nginx and https for a Flask server (Centos 7, nginx 1.20.1).
I've defined a RESTful API which works as designed. I'd now like the user to be able to use any of the following addresses when calling the API:
http://mysiteapi.com
http://www.mysiteapi.com
https://mysiteapi.com
https://www.mysiteapi.com
I set up a generic nginx.conf file which worked fine for the first two addresses (http). I then ran sudo certbot --nginx -d mysite.com -d www.mysite.com. The https addresses now work but the http addresses give a 405 error. This nginx.conf file is shown below.
Is there anything obviously wrong about the 301 redirection here? More generally, is there scope to tidy up the file and reduce the number of 'server' blocks? I'm learning my way around nginx and would appreciate any guidance.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
#include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server
{
client_max_body_size 8M;
server_name mysiteapi.com;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/andrew/myproject/myproject.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysiteapi.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysiteapi.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server
{
client_max_body_size 8M;
server_name www.mysiteapi.com;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/andrew/myproject/myproject.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysiteapi.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysiteapi.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server
{
if ($host = mysiteapi.com)
{
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mysiteapi.com;
return 404; # managed by Certbot
}
server
{
if ($host = www.mysiteapi.com)
{
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.mysiteapi.com;
return 404; # managed by Certbot
}
}
I'm not sure why do you get an HTTP 405 error with the plain HTTP requests, but I can guess it can happened because of requests methods other than GET - an HTTP 301 redirect will change any request method to the GET one, and to prevent it you should use an HTTP 308 redirect instead. But as I understand from your question you don't need any redirects at all, both HTTP and HTTPS schemes should be served equally, and if that is you want to achieve, you can significantly simplify your server block:
server {
server_name mysiteapi.com www.mysiteapi.com;
listen 80;
listen 443 ssl;
... # rest of the config here
}
Here I want to refer this answer:
I don't allow certbot to create my web server configurations. I frankly don't trust it to get it right, since it's already doing some not very efficient practices.
I do the same for my servers, so I suggest you to add this location to your nginx config (you can use any suitable directory instead of /var/www):
location /.well-known/acme-challenge/ {
root /var/www;
try_files $uri =404;
}
and use a certbot for certificate issuing/renewing only:
certbot certonly --webroot -w /var/www -d mysiteapi.com -d www.mysiteapi.com
I have a droplet on Digital Ocean, that I am using to host a site and an API for that site.
I would like:
https://example.com to serve the website
https://example.com/api to serve the API, running on port 3000.
Here's my /etc/nginx/nginx.conf file:
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/http-error.log;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server {
server_name example.com; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
# SSL settings
ssl_certificate /path/to/file.pem; # managed by Certbot
ssl_certificate_key /path/to/file.pem; # managed by Certbot
include /path/to/file.conf; # managed by Certbot
ssl_dhparam /path/to/file.pem; # managed by Certbot
proxy_http_version 1.1;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
# Routes
location /api/ {
proxy_pass http://127.0.0.1:3000/;
}
location / {
root /usr/share/nginx/html;
}
error_page 404 /404.html;
location = /40x.html {}
error_page 500 502 503 504 /50x.html;
location = /50x.html {}
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name example.com;
return 404; # managed by Certbot
}
}
Serving the static html files works great, but the https://example.com/api/ returns a 502: Bad Gateway error. I don't understand what I am doing wrong... any help would be appreciated. Thank you.
Turns out my config was totally fine. I just need to enable networking on the Droplet. I used this post to do so. Thanks, everyone!
In short:
setsebool httpd_can_network_connect on
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:3000;
}
This normally does not disappoint me. Please try.
My nginx.conf file looks like this
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
# include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# Settings for a TLS enabled server.
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
server_name serverip;
return 444;
}
server {
listen 443 ssl ;
server_name server.server.com;
root /usr/share/nginx/html;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
proxy_pass http://localhost:8980;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
I have tried various versions of server block but its not redirecting from http to https
like the following ,with most of the answers present here ,its just not working
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name server.server.domain;
return 301 https://$host$request_uri;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name server.server.domain;
return 301 https://$server_name$request_uri;
}
I am accessing my application with domain name and its working if I put https:// server.server.domain ,but when I put http://server.server.domain it just times out with no response