I've read similar questions with same error, but nothing matches my problem, because my upstream servers have local IPs.
The server is a proxmox machine with some different vms.
One is for nginx reverse gateway/proxy, the other are vms with several docker containers.
I want to setup a fallback (backup) for one container.
The config of the nginx reverse gateway/proxy containing these machines is:
server {
listen 80;
server_name my-web.page;
return 301 http://www.my-web.page$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name www.my-web.page;
location / {
return 301 https://www.my-web.page$request_uri;
}
}
server {
listen 443 ssl;
server_name my-web.page;
return 301 https://www.my-web.page$request_uri;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
}
upstream backend {
server 192.168.200.210:8030 max_fails=1 fail_timeout=600s;
server 192.168.200.211:8031 backup;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
server_name www.my-web.page;
location ~ ^/$ {
# rewrite only the root page, other urls see next rule
return 301 https://www.my-web-page-microsite.de/;
}
location / {
resolver 127.0.0.1 valid=30s;
# pass to backend-client, failover to second container for the next 5 minutes
proxy_pass http://backend;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Server-Address $server_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
If something is wrong with my backend-client-servers, nginx won't start.
Isn't there a possibilty to override the check on starting/restarting nginx?
Related
I want to configure nginx on my ubuntu 20 for the main domain and subdomain.
server {
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl ipv6only=on ;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/maindomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maindomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host =maindomain) {
return 301 https://$host$request_uri;
}
listen 80 ;
listen [::]:80 ;
server_name maindomain.com
return 404;
}
And this domain works, but I want to launch another subdomain here, and here I already ran into a lot of problems (including cerbor 443 port, etc.) .
Both projects are located in the folder home/webdev/main domain and home/webdav/subdomain. Both projects are on next js . The database of the first project and the decker hung on port 3000, 5432:5432 and 8080:8080. Subdomain 3001 is the port I want , "5433:5433" and 8081:8081. I 'm new to nginx , tried it like this.
server {
location /subdomain {
root home/webDev;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Or
server {
# Binds the TCP port 80.
listen 81;
# Defines the domain or subdomain name.
# If no server_name is defined in a server block then
# Nginx uses the 'empty' name
server_name maindomain/subdomain.com;
# Redirect the traffic to the corresponding
# HTTPS server block with status code 301
return 301 https://$host$request_uri;
}
My application is running on AWS EC2 instance. I have a domain name using HTTPS from cloudflare. I have added "A record" at cloudflare to EC2 IP address
The following in the Nginx configuration i used
step 1)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name inzack.com www.inzack.com;
rewrite ^\/[^\/]+\/(.*) /$1 redirect;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443;
server_name inzack.com www.inzack.com;
ssl on;
ssl_certificate /home/ubuntu/certificates/inzack.crt;
ssl_certificate_key /home/ubuntu/certificates/inzack.key;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:5000;
}
}
step 2) sudo nano /etc/nginx/sites-available/inzack.com
The following is the entry in the file:
upstream inzack.com {
server 127.0.0.1:5000;
}
server {
listen 80;
listen [::]:80;
server_name inzack.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://inzack.com;
proxy_redirect on;
}
}
I tried all these links:
http to https redirection on nginx
Node.js + Nginx - What now?
Any help on this would be really great...
Thanks
k
No need to change in etc/Nginx/Sites-available/ folder
Step 1) # cloudflare changed page rules to Https
Step 2)
server{
listen 80;
server_name inzack.com www.inzack.com;
location /
{
proxy_pass http://127.0.0.1:4000;
}
}
server {
listen 443;
server_name inzack.com www.inzack.com;
ssl on;
# copy these files from cloudflare save it as .crt and .key
# cop
ssl_certificate /home/ubuntu/certificates/inzack.crt;
ssl_certificate_key /home/ubuntu/certificates/inzack.key;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_pass http://127.0.0.1:4000;
}
}
Restart the Nginx server
I am trying configuring nginx (based on bitname/nginx:latest) as equivalent of Synology reverse proxy. This is due to missing wild-card redirect at Synology. While doing so, I face many issues; therfore I am requesting help for proper nginx configuration.
requirements
HTTPS upgrade
Redirect any wild-card subdomain (443) to a port 30'000
Hide the redirect port from user visibility
WebSockets must be supported (At Synology following header: Upgrade $http_upgrade AND Connection $connection_upgrade)
Example
Browser calls http://app1.my-example.com/
re-direct to https://app1.my-example.com:30000/
Browser displays: https://app1.my-example.com/, resolving via Port 30000
Current Code (not working so far)
# Test
server {
listen 8080;
server_name ~^(.*)\.my\-example.com$;
access_log /opt/bitnami/nginx/logs/yourapp_access.log;
error_log /opt/bitnami/nginx/logs/yourapp_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://$host:30000$request_uri/;
proxy_redirect off;
}
}
# Catch malicious requests
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
return 444;
}
I was able to solve my issue and would like to share the results. The only thing I do not get is, why redirect.my-example is OK as proxy_pass. It would hit the very same route (probably an endless-loop). Feedback/Improvement would be apreciated!
# custom code for hop by hop headers
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upgrade connection
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# Redirect Subdomains (incl. Web-Socket)
server {
listen 8443 ssl;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name my-example.de portal.my-example.de;
access_log /opt/bitnami/nginx/logs/yourapp_access.log;
error_log /opt/bitnami/nginx/logs/yourapp_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://redirect.my-example.de:30000;
proxy_redirect off;
}
}
# Catch malicious requests
server {
listen 8443 default_server;
listen [::]:8443 default_server;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name _;
return 444;
}
I have Nextcloud server running fine with ip 192.168.0.1
Installed collabora online server on another machine with IP 192.168.0.2
I have one public IP and two separate domains for those servers pointing at the same piblic IP
what I try to do is use nginx to distribute the traffic accordingly.
The configuration for the Nextcloud is working fine:
upstream php-handler {
server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name first.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name first.domain.com;
...
now I am putting second config for collabora server:
server {
listen 80;
listen [::]:80;
server_name second.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://second.domain.com;
}
}
I have added 192.168.0.2 second.domain.com to the hosts file
this server also has nginx running:
server {
listen 443 ssl;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
the collabora window opens blank in nextcloud when i open a file
nginx on the nextcloud server gives response 400.
"GET /lool/https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v%3Faccess_token%3DOObPuPjPgz7ycgmvNAklYGo1clIANWXU%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v&compat=/ws HTTP/1.1" 400 0
So somehow I am not doing the redirection right. I need help with the nginx configurations. I know collabora server works because when I set second.domain.com 192.168.0.2 in the hosts file of the client and no redirection from nginx then it works fine
Nginx server is at 192.168.5.13.
I have Nginx as reverse proxy for SSL Letsencrypt which works fine.
I would like to add ollowing:
www.nonprofitcloud.be is working fine and returns https://www.nonprofitcloud.be located at 192.168.5.26.
However I would like to add webmail.nonprofitcloud.be to point to 192.168.5.1/mewebmail where my Mailenable Server is residing (Windows Server, IIS 7).
So: webmail.nonprofitcloud.be should point to 192.168.5.1/mewebmail
Any idea?
My conf:
server {
listen 443 ssl;
server_name www.nonprofitcloud.be nonprofitcloud.be;
ssl_certificate /etc/letsencrypt/live/www.nonprofitcloud.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.nonprofitcloud.be/privkey.pem;
location / {
proxy_pass http://192.168.5.26;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name www.nonprofitcloud.be nonprofitcloud.be;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location / {
return 301 https://$host$request_uri;
}
}
You need to add another server block:
server {
listen 80;
server_name webmail.nonprofitcloud.be;
location / {
proxy_pass http://192.168.5.1/mewebmail;
}
}