I have nodejs application working with a main domain, and its connecting thought nginx proxy pass to nodejs application, with redirection rule , as per the redirection rule if request is coming from mobile, it will redirect into a sub-domain, it is working fine.
both main domain and sub-domain are different version ,and running deferent server.
Now I want to mask this sub-domain , I don't want to see my sub-domain in browser, how can I do this.
Below mentioned my nginx conf.
server {
listen 80;
server_name mydomain;
return 301 https://$server_name$request_uri;
}
include mime.types;
server {
listen 443 ssl;
server_name mydomain;
ssl_certificate /etc/ssl/CA_Bundle.ca-bundle;
ssl_certificate_key /etc/ssl/2021/server.key;
location / {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8080;
proxy_redirect off;
expires off;
set $agentflag 0;
if ( $http_user_agent ~* "(Mobile)" ){
set $agentflag 1;
}
if ($request_uri ~ "user-agent"){
set $agentflag 0;
}
if ( $agentflag = 1 ) {
rewrite ^/(.*)/$ /$1 permanent;
return 307 https://mobile.mydomain$request_uri;
}
}
}
server {
listen 80;
server_name mobile.mydomain;
return 301 https://$server_name$request_uri;
}
include mime.types;
server {
listen 443 ssl;
server_name mobile.mydomain;
ssl_certificate /etc/ssl/CA_Bundle.ca-bundle;
ssl_certificate_key /etc/ssl/2021/server.key;
location / {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host $host;
proxy_pass http://172.17.22.1:8081;
proxy_redirect off;
expires off;
}
}
It is working fine now,
I have used proxy_pass , instead of rewrite.
if ( $agentflag = 1 ) {
proxy_pass http://IP-address-mobile-app;
Related
my nginx conf, goal to make all not https to https, and from www to not www, make by few tutorials by i got this all the time
The page isn’t redirecting properly
An error occurred during a connection to example.com.
This problem can sometimes be caused by disabling or refusing to
accept cookies.
.
server {
listen 80;
server_name "~^www\.(.*)$" ;
return 301 https://example.com$request_uri ;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate pathto/fullchain.pem;
ssl_certificate_key pathto/privkey.pem;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl on;
ssl_certificate pathto/fullchain.pem;
ssl_certificate_key pathto/privkey.pem;
ssl_trusted_certificate pathto/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Frame-Options "SAMEORIGIN";
client_max_body_size 4G;
location /static/ {
alias /asd/ads/static/;
}
location /media/ {
alias /asd/ads/media/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
It looks like your post is mostly code; please add some more details.
i remove from my django settings
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
And it work!!!
I would like to redirect my website after entering www.lombo.pl to only lombo.pl (with SSL certificate).
Now when something write www.lombo.pl it does not redirect. I tried to change my nginx file but still to no avail. The user can visit my website via www.lombo.pl (which at the same time shows an error because I do not have a SSL certificate configured for this domain).
upstream app_server {
server unix:/home/app/run/gunicorn.sock fail_timeout=0;
}
server {
#listen 80;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
listen 443 ssl;
server_name lombo.pl;
ssl_certificate /etc/letsencrypt/live/lombo.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lombo.pl/privkey.pem;
server_name 157.245.228.127;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /home/app/logs/nginx-access.log;
error_log /home/app/logs/nginx-error.log;
location /static/ {
alias /home/app/static/;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
server {
listen 80;
server_name lombo.pl;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.lombo.pl;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name www.lombo.pl;
return 301 https://$host$request_uri;
}
I have an Artifactory server as a gem repository. In order to use the local server I need to setup my gem sources with this ugly url.
gem source -a gems.example.com/api/gems/gems/
I'd like to remove the need for developers to know the URI /api/gems/gems/ so they can simply access gems.example.com
server {
listen *:443 ssl default;
server_name artifactory.example.com gems.example.com;
ssl on;
ssl_certificate /etc/ssl/certs/artifactory.example.com.crt.pem;
ssl_certificate_key /etc/ssl/private/artifactory.example.com.key.pem;
location / {
if ( $request_uri ~ ^/(.*)$ ) { proxy_pass http://localhost:8081/artifactory/$1; }
proxy_cookie_path ~*^/.* /;
proxy_pass http://localhost:8081/artifactory/;
proxy_pass_header Server;
proxy_read_timeout 2400s;
}
A rewrite would work, however the nginx configs already have the following if, and nginx does not allow for multiple conditionals.
not valid:
if ( $request_uri ~ ^/(.*)$ && $server_name) { proxy_pass http://localhost:8081/artifactory/$1; }
How can I eliminate /api/gems/gems/ from the url https://gems.example.com/api/gems/gems/ ?
Use multiple server blocks like so:
Note that the second server block has the following changes.
- server_name
- no 'default' on the listen line
- proxy_pass http://localhost:8081/artifactory/api/gems/gems/
/etc/nginx/sites-enabled/artifactory.conf
server {
listen *:443 ssl default;
server_name artifactory.example.com;
ssl on;
ssl_certificate /etc/ssl/certs/artifactory.example.com.crt.pem;
ssl_certificate_key /etc/ssl/private/artifactory.example.com.key.pem;
location / {
if ( $request_uri ~ ^/(.*)$ ) { proxy_pass http://localhost:8081/artifactory/$1; }
proxy_cookie_path ~*^/.* /;
proxy_pass http://localhost:8081/artifactory/;
proxy_pass_header Server;
proxy_read_timeout 2400s;
}
# ....
/etc/nginx/sites-enabled/artifactory-gems.conf
server {
listen *:443 ssl;
server_name gems.example.com;
ssl on;
ssl_certificate /etc/ssl/certs/artifactory.example.com.crt.pem;
ssl_certificate_key /etc/ssl/private/artifactory.example.com.key.pem;
location / {
if ( $request_uri ~ ^/(.*)$ ) { proxy_pass http://localhost:8081/artifactory/api/gems/gems/$1; }
proxy_cookie_path ~*^/.* /;
proxy_pass http://localhost:8081/artifactory/api/gems/gems/;
proxy_pass_header Server;
proxy_read_timeout 2400s;
}
# ....
Note /gems/gems corresponds to the virtual repo on artifactory called 'gems'. If you have multiple gem repositories, you will need to add a vhost for every repo.
I use a nginx instance in front of a Go service.
I want to redirect anything on port 80 to https. [done]
All (non-websocket) https requests at /* should go to https://localhost:8443/* [done]
All websocket https requests at /ws/* should go to https://localhost:8443/ws/* [missing]
My current config:
ssl_certificate ...
ssl_certificate_key ...
ssl_ciphers ...
ssl_prefer_server_ciphers on;
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name www.mydomain.com mydomain.com;
add_header Strict-Transport-Security "max-age=31536000";
location /ws { <--- This only works for /ws but not /ws/app1
proxy_pass http://localhost:8443/ws;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / { <--- Catches anything, even without wildcard ?!
proxy_pass http://localhost:8443;
}
}
server {
listen 443 ssl;
server_name *.mydomain.com;
return 444;
}
Why is this necessary ? Well, as I understand, you have to set the upgrade headers explicitly, so I guess you have to specify another location.
Ideally, I would just use one location, but then websockets are blocked (because upgrade headers never make it to the Go service...)
I'm not a nginx expert, so bear with me =).
[EDIT]
I got it working now. I'm not sure if its ok to always set_header Upgrade/Connection, even if it's not a websocket request, but my Go service doesn't give a ****, so it works for me =]
ssl_certificate ...
ssl_certificate_key ...
ssl_ciphers ...
ssl_prefer_server_ciphers on;
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name www.mydomain.com mydomain.com;
add_header Strict-Transport-Security "max-age=31536000";
location / { <--- Catches anything, even without wildcard ?!
proxy_pass http://localhost:8443;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443 ssl;
server_name *.mydomain.com;
return 444;
}
Check out the article at https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
You are not using any location_match, so the match is a prefix match.
Use ~ as the location match modifier to have it interpreted as a regular expression.
The line location /ws should match every query starting with /ws.
Below is my nginx config. I want to redirect IE users to a specific page. But if I change "return 403" to "return 301 mysite.com/a_page.html, there will be a redirection loop. How could I fix that?
server {
listen 80;
listen 443 default_server ssl;
server_name mysite.com
ssl_certificate /etc/nginx/ssl/mysite.crt ;
ssl_certificate_key /etc/nginx/ssl/mysite.key
if ($http_user_agent ~ MSIE) {
return 403;
}
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
client_max_body_size 10M;
location / {
proxy_pass http://localhost:2368/;
proxy_set_header Host $host;
proxy_buffering off;
}
Try to move the condition inside your generic location / {} block, then create a new location block for the redirect target.