How to mask sub-domain using nginx - nginx

I have nodejs application working with a main domain, and its connecting thought nginx proxy pass to nodejs application, with redirection rule , as per the redirection rule if request is coming from mobile, it will redirect into a sub-domain, it is working fine.
both main domain and sub-domain are different version ,and running deferent server.
Now I want to mask this sub-domain , I don't want to see my sub-domain in browser, how can I do this.
Below mentioned my nginx conf.
server {
listen 80;
server_name mydomain;
return 301 https://$server_name$request_uri;
}
include mime.types;
server {
listen 443 ssl;
server_name mydomain;
ssl_certificate /etc/ssl/CA_Bundle.ca-bundle;
ssl_certificate_key /etc/ssl/2021/server.key;
location / {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8080;
proxy_redirect off;
expires off;
set $agentflag 0;
if ( $http_user_agent ~* "(Mobile)" ){
set $agentflag 1;
}
if ($request_uri ~ "user-agent"){
set $agentflag 0;
}
if ( $agentflag = 1 ) {
rewrite ^/(.*)/$ /$1 permanent;
return 307 https://mobile.mydomain$request_uri;
}
}
}
server {
listen 80;
server_name mobile.mydomain;
return 301 https://$server_name$request_uri;
}
include mime.types;
server {
listen 443 ssl;
server_name mobile.mydomain;
ssl_certificate /etc/ssl/CA_Bundle.ca-bundle;
ssl_certificate_key /etc/ssl/2021/server.key;
location / {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host $host;
proxy_pass http://172.17.22.1:8081;
proxy_redirect off;
expires off;
}
}

It is working fine now,
I have used proxy_pass , instead of rewrite.
if ( $agentflag = 1 ) {
proxy_pass http://IP-address-mobile-app;

Related

nginx The page isn’t redirecting properly, how to fix?

my nginx conf, goal to make all not https to https, and from www to not www, make by few tutorials by i got this all the time
The page isn’t redirecting properly
An error occurred during a connection to example.com.
This problem can sometimes be caused by disabling or refusing to
accept cookies.
.
server {
listen 80;
server_name "~^www\.(.*)$" ;
return 301 https://example.com$request_uri ;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate pathto/fullchain.pem;
ssl_certificate_key pathto/privkey.pem;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl on;
ssl_certificate pathto/fullchain.pem;
ssl_certificate_key pathto/privkey.pem;
ssl_trusted_certificate pathto/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Frame-Options "SAMEORIGIN";
client_max_body_size 4G;
location /static/ {
alias /asd/ads/static/;
}
location /media/ {
alias /asd/ads/media/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
It looks like your post is mostly code; please add some more details.
i remove from my django settings
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
And it work!!!

Redirection www and non www to one server

I would like to redirect my website after entering www.lombo.pl to only lombo.pl (with SSL certificate).
Now when something write www.lombo.pl it does not redirect. I tried to change my nginx file but still to no avail. The user can visit my website via www.lombo.pl (which at the same time shows an error because I do not have a SSL certificate configured for this domain).
upstream app_server {
server unix:/home/app/run/gunicorn.sock fail_timeout=0;
}
server {
#listen 80;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
listen 443 ssl;
server_name lombo.pl;
ssl_certificate /etc/letsencrypt/live/lombo.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lombo.pl/privkey.pem;
server_name 157.245.228.127;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /home/app/logs/nginx-access.log;
error_log /home/app/logs/nginx-error.log;
location /static/ {
alias /home/app/static/;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
server {
listen 80;
server_name lombo.pl;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.lombo.pl;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name www.lombo.pl;
return 301 https://$host$request_uri;
}

Artifactory remove /api/gems/gems from url with nginx

I have an Artifactory server as a gem repository. In order to use the local server I need to setup my gem sources with this ugly url.
gem source -a gems.example.com/api/gems/gems/
I'd like to remove the need for developers to know the URI /api/gems/gems/ so they can simply access gems.example.com
server {
listen *:443 ssl default;
server_name artifactory.example.com gems.example.com;
ssl on;
ssl_certificate /etc/ssl/certs/artifactory.example.com.crt.pem;
ssl_certificate_key /etc/ssl/private/artifactory.example.com.key.pem;
location / {
if ( $request_uri ~ ^/(.*)$ ) { proxy_pass http://localhost:8081/artifactory/$1; }
proxy_cookie_path ~*^/.* /;
proxy_pass http://localhost:8081/artifactory/;
proxy_pass_header Server;
proxy_read_timeout 2400s;
}
A rewrite would work, however the nginx configs already have the following if, and nginx does not allow for multiple conditionals.
not valid:
if ( $request_uri ~ ^/(.*)$ && $server_name) { proxy_pass http://localhost:8081/artifactory/$1; }
How can I eliminate /api/gems/gems/ from the url https://gems.example.com/api/gems/gems/ ?
Use multiple server blocks like so:
Note that the second server block has the following changes.
- server_name
- no 'default' on the listen line
- proxy_pass http://localhost:8081/artifactory/api/gems/gems/
/etc/nginx/sites-enabled/artifactory.conf
server {
listen *:443 ssl default;
server_name artifactory.example.com;
ssl on;
ssl_certificate /etc/ssl/certs/artifactory.example.com.crt.pem;
ssl_certificate_key /etc/ssl/private/artifactory.example.com.key.pem;
location / {
if ( $request_uri ~ ^/(.*)$ ) { proxy_pass http://localhost:8081/artifactory/$1; }
proxy_cookie_path ~*^/.* /;
proxy_pass http://localhost:8081/artifactory/;
proxy_pass_header Server;
proxy_read_timeout 2400s;
}
# ....
/etc/nginx/sites-enabled/artifactory-gems.conf
server {
listen *:443 ssl;
server_name gems.example.com;
ssl on;
ssl_certificate /etc/ssl/certs/artifactory.example.com.crt.pem;
ssl_certificate_key /etc/ssl/private/artifactory.example.com.key.pem;
location / {
if ( $request_uri ~ ^/(.*)$ ) { proxy_pass http://localhost:8081/artifactory/api/gems/gems/$1; }
proxy_cookie_path ~*^/.* /;
proxy_pass http://localhost:8081/artifactory/api/gems/gems/;
proxy_pass_header Server;
proxy_read_timeout 2400s;
}
# ....
Note /gems/gems corresponds to the virtual repo on artifactory called 'gems'. If you have multiple gem repositories, you will need to add a vhost for every repo.

Nginx: WebSocket wildcard location

I use a nginx instance in front of a Go service.
I want to redirect anything on port 80 to https. [done]
All (non-websocket) https requests at /* should go to https://localhost:8443/* [done]
All websocket https requests at /ws/* should go to https://localhost:8443/ws/* [missing]
My current config:
ssl_certificate ...
ssl_certificate_key ...
ssl_ciphers ...
ssl_prefer_server_ciphers on;
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name www.mydomain.com mydomain.com;
add_header Strict-Transport-Security "max-age=31536000";
location /ws { <--- This only works for /ws but not /ws/app1
proxy_pass http://localhost:8443/ws;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / { <--- Catches anything, even without wildcard ?!
proxy_pass http://localhost:8443;
}
}
server {
listen 443 ssl;
server_name *.mydomain.com;
return 444;
}
Why is this necessary ? Well, as I understand, you have to set the upgrade headers explicitly, so I guess you have to specify another location.
Ideally, I would just use one location, but then websockets are blocked (because upgrade headers never make it to the Go service...)
I'm not a nginx expert, so bear with me =).
[EDIT]
I got it working now. I'm not sure if its ok to always set_header Upgrade/Connection, even if it's not a websocket request, but my Go service doesn't give a ****, so it works for me =]
ssl_certificate ...
ssl_certificate_key ...
ssl_ciphers ...
ssl_prefer_server_ciphers on;
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name www.mydomain.com mydomain.com;
add_header Strict-Transport-Security "max-age=31536000";
location / { <--- Catches anything, even without wildcard ?!
proxy_pass http://localhost:8443;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443 ssl;
server_name *.mydomain.com;
return 444;
}
Check out the article at https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
You are not using any location_match, so the match is a prefix match.
Use ~ as the location match modifier to have it interpreted as a regular expression.
The line location /ws should match every query starting with /ws.

How to set nginx so that it will show a specific page for IE users?

Below is my nginx config. I want to redirect IE users to a specific page. But if I change "return 403" to "return 301 mysite.com/a_page.html, there will be a redirection loop. How could I fix that?
server {
listen 80;
listen 443 default_server ssl;
server_name mysite.com
ssl_certificate /etc/nginx/ssl/mysite.crt ;
ssl_certificate_key /etc/nginx/ssl/mysite.key
if ($http_user_agent ~ MSIE) {
return 403;
}
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
client_max_body_size 10M;
location / {
proxy_pass http://localhost:2368/;
proxy_set_header Host $host;
proxy_buffering off;
}
Try to move the condition inside your generic location / {} block, then create a new location block for the redirect target.

Resources