I have two apps one for frontend built using ReactJS and one is for backend built using FastAPI. I have server machine where I have deployed both the apps. Now I want to use Nginx (because of SSL) to host both my application on the same machine with same domain name but the ports are different. I know how to do it for different domains or subdomain but I don't have another domain/subdomain with me right now. So I want to aks how I can achive this in Nginx?
For example my FE is using port 5000 & BE is using 8000,I am able to configure Nginx to serve my FE but I am getting this error,
Blocked loading mixed active content
because my FE which is httpstrying to connect to backend on port 8000 which is not https.
Here is my nginx config file,
server {
listen 443 ssl;
ssl_certificate /opt/ssl/bundle.crt;
ssl_certificate_key /opt/ssl/custom.key;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
server_name something-c11.main0.auto.qa.use1.mydomain.net;
keepalive_timeout 5;
client_max_body_size 100M;
access_log /opt/MY_FE/nginx-access.log;
error_log /opt/MY_FE/nginx-error.log;
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://localhost:5000;
proxy_redirect off;
}
}
server {
if ($host = something-c11.main0.auto.qa.use1.mydomain.nett) {
return 301 https://$host$request_uri;
}
listen 80;
server_name something-c11.main0.auto.qa.use1.mydomain.net;
return 404;
}
Any help would be appreciated....
Related
I installed Nginx on my server (my server uses WHM). And on this server has two accounts. Each account will run a server a NextJS site and each account has its own domain.
Site1 will run on port 3000
Site2 will run on port 3004
What I want to do is:
I want to access domain1 I see the content of my site1 in NextJS that runs on localhost:3000
And when I access domain2 I see the content of my site2 on NextJS running on localhost:3004
I tried to do a Nginx implementation for site1. But when I accessed it I saw a Cpanel screen, and the url was dominio1/cgi-sys/defaultwebpage.cgi
Here's the Nginx implementation I tried to do:
server {
listen 80;
server_name computadorsolidario.tec.br www.computadorsolidario.tec.br ;
location / {
proxy_pass http://localhost:3004;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
So how do I do this setting for nginx to have this behavior? And I'm changing the correct file?
Note: I created the configuration file in /etc/nginx/conf.d/users/domain1/domio1.conf And within /etc/nginx/conf.d/users have several configuration files with the name of the accounts you have on the server. (They are already implemented.)
Try
server {
listen 80;
server_name www.domain1.com;
proxy_pass http://127.0.0.1:3000;
}
server {
listen 80;
server_name www.domain2.com domain2.com;
proxy_pass http://127.0.0.1:3004;
}
Each domain listens on same port and reverse-proxies to local network on the ports you specify. To differentiate between hosts, specify the server_name field.
server {
listen 80;
server_name www.domain1.com;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
server {
listen 80;
server_name www.domain2.com domain2.com;
location / {
proxy_pass http://127.0.0.1:3004;
}
}
Let's say I have my main domain on one server and one of the subdomains to another server.
both of these addresses are using Cloudflare DNS to different ip addresses, so:
example.com => ip1
new.example.com => ip2
Now I want to proxy_pass a certain path on example.com to new.example.com without changing the url, so:
example.com/something should show content of new.example.com/somethingElse
These are my nginx config files, the problem is if I point example.com/something to google.com or even an ngrok server that I hosted for test, everything works just fine, but when I point it to new.example.com/something it gives me 502 error, so my guess is there's something wrong with my new.example.com config.
example.com Config:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/key.pem;
server_name example.com www.example.com;
resolver 8.8.8.8;
location = /something {
proxy_set_header X-Forwarded-Host new.example.com;
proxy_set_header Host new.example.com;
proxy_pass https://new.example.com/somethingElse;
}
}
new.example.com Config:
server {
listen 443;
server_name www.new.example.com new.example.com;
ssl_certificate /etc/ssl/private/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
location / {
proxy_pass http://container-name:80;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Please test the connectivity between the servers. Login into example.com server and send CURL request to the new.example.com service.
Looks like example.com server is not able to reach new.example.com server.
Please check nginx service logs.
Another option to achieve your requirements is cloudflare worker service.
I'm new to all of this.
I'm going to put you in context. I bought a domain miweb.pe and an instance in aws. Currently my domain redirects to my aws instance because I have registered the dns servers of my amazon instance in myweb.pe.
I bought an ssl certificate and am trying to install it on my amazon instance, where I also installed nginx. I am unable to make any request to myweb.pe redirect to the aws instance that currently has a nodejs service active under port 3000.
this is my current configuration. What am I doing wrong?
server {
listen 443;
server_name myweb.pe;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/beekey.key;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.myweb.pe;
return 301 https://myweb.pe$request_uri;
}
# Redirige de https://www.tudominio.com a https://tudominio.com
server {
listen 443;
server_name www.miweb.pe;
return 301 $scheme://myweb.pe$request_uri;
}
in summary, I want that when accessing myweb.pe it actually accesses thelocalhost: 3000 which is running on my amazon instance.
So, what is the issue you are facing, I can see one issue in your nginx rule for servername you need to type domain name and not localhost. The other thing is I am assuming your service on port 3000 should already be running.
I have several application server running several Node applications (via PM2).
I have one NGINX server which has the SSL certificate for the domain and reverse-proxies to the Node applications.
Within the NGINX configuration file I set the domains with their location block like this:
server {
listen 443 ssl;
server_name
geolytix.xyz;
ssl_certificate /etc/letsencrypt/live/geolytix.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/geolytix.xyz/privkey.pem;
location /demo {
proxy_pass http://159.65.61.61:3000/demo;
proxy_set_header HOST $host;
proxy_buffering off;
}
location /now {
proxy_pass https://xyz-heigvbokgr.now.sh/now;
proxy_set_header HOST $host;
proxy_buffering off;
}
}
This only works for the application server. The proxy to the Zeit Now deployment yields a bad gateway. The application itself work as expected if I go to the Zeit Now address of my deployment.
Does anybody know whether I might be missing some settings to proxy to Zeit Now?
now servers require the use of SNI for https connections. Like almost all modern webservers.
You need do add
proxy_ssl_server_name on;
to your configuration.
The smallest location block would be the following:
location / {
proxy_set_header host my-app.now.sh;
proxy_ssl_server_name on;
proxy_pass https://alias.zeit.co;
}
I've been trying to wrap my head around load balancing over the past few days and have hit somewhat of a snag. I thought that I'd set up everything correctly, but it would appear that I'm getting almost all of my traffic through my primary server still, while the weights I've set should be sending 1:10 to primary.
My current load balancer config:
upstream backend {
least_conn;
server 192.168.x.xx weight=10 max_fails=3 fail_timeout=5s;
server 192.168.x.xy weight=1 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name somesite.somesub.org www.somesite.somesub.org;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host somesite.somesub.org;
proxy_pass http://backend$request_uri;
}
}
server {
listen 443;
server_name somesite.somesub.org www.somesite.somesub.org;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host somesite.somesub.org;
proxy_pass http://backend$request_uri;
}
}
And my current site config is as follows:
server {
listen 192.168.x.xx:80;
server_name somesite.somesub.org;
index index.php index.html;
root /var/www/somesite.somesub.org/html;
access_log /var/www/somesite.somesub.org/logs/access.log;
error_log /var/www/somesite.somesub.org/logs/error.log;
include snippets/php.conf;
include snippets/security.conf;
location / {
#return 301 https://$server_name$request_uri;
}
}
server {
listen 192.168.x.xx:443 ssl http2;
server_name somesite.somesub.org;
index index.php index.html;
root /var/www/somesite.somesub.org/html;
access_log /var/www/somesite.somesub.org/logs/access.log;
error_log /var/www/somesite.somesub.org/logs/error.log;
include snippets/php.conf;
include snippets/security.conf;
include snippets/self-signed-somesite.somesub.org.conf;
}
~
And the other configuration is exactly the same, aside from a different IP address.
A small detail that may or may not matter: One of the nodes is hosted on the same machine of the load balancer - not sure if that matters.
Both machines have correct firewall config, and can be accessed separately.
No error logs are showing anything of use.
The only possible thing I could think of is that the nginx site config is being served before the load balancer; and I'm not sure how to fix that.
With another look at the configuration and realized I could have just as easily had the site config that's on the load balancer listen on 127.0.0.1 and relist that among my available servers in the load balancer.
nGinx config for site on load balancer listening on localhost:80/443 solved this issue.