I have Nginx configuration where I want to allow a DNS name as I cant be certain on IP address.
{
satisfy any;
allow www.domain.com; // want to achieve this
}
With Nginx we cant achieve this.
Looked at this https://github.com/flant/nginx-http-rdns as a solution.
This module says it does reverse lookup but it didnt work and repo is very old and well maintained.
Another alternative is to use a shell script and do a dig or host on IP address but we dont want to use shell script with Nginx.
Alternate solution is to use a side car to do the DNS resolution and to add allow/deny rules.
If this still works you'll need to compile it for the same version of nginx that is installed. If you're using nginx from a repo then dynamically compile it and see if the following helps:
Download nginx src matching installed version and extract it.
$ cd nginx-1.x.x
$ ./configure --with-compat --add-dynamic-module=/path/to/nginx_module
$ make modules
make modules should result in a nginx module that you need to copy to /usr/lib/nginx/modules/ and load it with load_module modules/modulename.so in your nginx.conf.
Related
I'm a Fedora 29 enduser looking for a way perform GeoIP blocking via NGINX without having to pay a lot of $$ for Nginx Plus. I saw NGINX can be setup to include modules and wanted to ask if there are any open-source modules that can be used to perform basic GeoIP blocking.
Thanks,
You can build nginx and add the geoip module from nginx https://nginx.org/en/docs/http/ngx_http_geoip_module.html by adding "--with-http_geoip_module" to the nginx build configuration.
Then in your nginx.conf you specify geoip_country or geoip_city followed by a path to a geoip db
https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-by-geoip/ can also help with setting up geoip for either open-source or nginx plus
Edit: GeoIP is deprecated but will still work for existing installs.
You can build GeoIP2 from source here https://github.com/leev/ngx_http_geoip2_module with nginx in a similar manner as before
Here is the newer geoip2 database Geolite2 Country
I'm using vagrant (VVV actually) to run local wordpress installs. I want to test different behaviors for different GEO's on my local machine instead of upload it every time to the server which is annoying.
So, I've tried to install the GeoIP nginx module to the local machine with the following guide https://piwik.org/faq/how-to/faq_166/ (and a bit more google but it doesn't matter at the moment).
When I'm using ./configure the following is exists:
checking for GeoIP library ... found
checking for GeoIP IPv6 support ... found
I've also set the .dat files in my conf file, and set the $_SERVER (fastcgi_param) parameters - so they displayed when I'm printing the $_SERVER var.
But those GeoIP vars are empty. I'm not sure about the reason, but 2 things is bothering me. First, when I'm write nginx -V in the terminal the argument --with-http_geoip_module is missing. Second, could it actually works if the REMOTE_ADDR (IP) is not my real IP? (192.168.1.50 for example).
nginx is a bit strange for me, so sorry if something isn't exact..
--
Operating system - macOS, nginx version - 1.3.15, running with VVV (vagrant box)
If there is a reverse proxy in front of your nginx, use geoip_proxy to set IPs whose X-Forwarded-For-Header can be trusted.
You can also use that without actually having a reverse proxy when you're developing. Add your local IP to the geoip_proxy-list and set the X-Forwarded-For-Header to your public IP in your browser (use a plugin like Modify Headers).
I am having a website which is working on nginx already .
nginx conf file is in /etc/nginx.conf folder.
Now i want to integrate lua into that project so i installed Openresty .
I created a folder with name "work" as per instruction in doc .And website is working fine at port 8080 as per instructions.
Now i want to use same code into my /etc/nginx/nginx.conf file.
like i can use statements like 'content_by_lua ' there .
I am not able to configure this .
I am getting below error.
Starting nginx: nginx: [emerg] unknown directive "content_by_lua" in /etc/nginx/nginx.conf:25
nginx: configuration file /etc/nginx/nginx.conf test failed
Let me know what i am doing wrong
I started from the same point. Had nginx, had lua, installed openresty and went from there. I was getting the exact same error. After spending considerable time, trying to make the openresty packages play nice with my nginx installation, I found it easiest to uninstall nginx and move forward just with openresty's nginx. Just make backups of your current nginx.conf and any vhost files.
When installing openresty I was sure to include the --with-luajit option. Set up a "hello, world" test, and everything worked wonderfully. My biggest complaint was not being able to start and stop nginx as a service anymore. The issue is a lack of init.d file in the openresty installation. Luckily I ran across this:
https://groups.google.com/forum/#!topic/openresty-en/7UOz-y77CY4
just change the name to openresty (instead of openresty.init.d) and place in /etc/init.d/ (assumed for Ubuntu). and start/stop/reload as sudo service openresty start
The error shows that your nginx don't compiled with the right module.
try type nginx -V to see if your nginx configured with nginx_lua_module
Maybe you should find out where the openresty nginx is and use this nginx instead of the default one.
hi im trying to run my Ruby on rails app in nginx using
passenger start -e production
but it is missing the cache: [HEAD /] miss
im guessing this i dont have actualy a file in public sorry for this question this may be to easy to answer and when i route to www.tock.com it renders a live page in the internet :(
server {
listen 80;
server_name www.tock.com;
passenger_enabled on;
root /home/led/Aptana\ Studio\ 3\ Workspace/djors/public;
}
Where ever you point the webserver, nginx in this case, you need your DNS to match the location. If this is your production server, then you need DNS records to point www.tock.com to your server.
If this is your development or local machine, you probably don't want to name your server something that will overwrite the public DNS records. For example, I name all of my apps in my local nginx config like the following:
server_name my_app_name.local
Once you've given it a name, you'll need to add "my_app_name.local" to your hosts file (your local DNS records). Your hosts file should now have entries like below.
127.0.0.1 localhost
127.0.0.1 my_app_name.local
Restart nginx, and you can now goto my_app_name.local in your browser.
You can get rid of passenger and nginx conf all together, as it looks like you are doing this locally and if you want named links (as opposed to just running bundle exec rails server; use Pow to facilitate this. Personally, i'm a rails server guy, but ymmv.
I'm just starting to explore nginx on my ubuntu 10.04. I installed nginx and I'm able to get the "Welcome to Nginx" page on localhost. However I'm not able to add a new server_name.
Even when I make the changes in site-available/default. I also tried reloading/restarting nginx, but nothing works.
To build on mark's answer, Debian/Ubuntu distros default configuration file has an include /etc/nginx/sites-enabled/*; directive with site configuration file stored in /etc/nginx/sites-available/, a default site is usually included in that dir.
For examples beyond the default config, follow nginx beginner's guide or see wiki.nginx.org for more details.
After creating a new configuration in sites-available, create a symbolic link with this command, assuming that your conf file is named "myapp" and nginx is at /etc/nginx (could also be at /usr/local/etc/nginx):
ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/myapp
By the way, you could always create your conf file directly in sites-enabled but the recommended way above allows you to "enable and disable" sites on the server very quickly without actually moving/deleting your conf files.
P.S: Don't trust the tutorials: check your configuration!
P.P.S: You can use the command nginx -t to test your sites conf and nginx -s reload to reload the conf.
The usual way to add another site in Nginx in Ubuntu is to copy the sites-available/default file to sites-available/new-site-name, then create a symbolic link in sites-enabled to sites-available/new-site-name.
In the new configuration file, you need to edit the listen and server directives. Use listen to specify the IP address and port, and the server directive to specify the hostnames. For more details, see HttpCoremodule.