JSF and Nginx: uploading files fails when server behind Nginx - nginx

with JSF 2.3, Jakarta EE 8 and Wildfly 23 / Payara 5
Uploading a file with <h:input> or <p:fileUpload> works fine but fails when Nginx is turned on. The file is never received by the backing bean.
is there any configuration to add to the server? (Payara or Wildfly)
the Nginx config file has surely errors in it?
app.conf:
upstream payara{
least_conn;
server localhost:8080 max_fails=3 fail_timeout=5s;
server localhost:8181 max_fails=3 fail_timeout=5s;
}
server {
if ($host = nocodefunctions.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
access_log /var/log/nginx/payara-access.log;
error_log /var/log/nginx/payara-error.log;
#Replace with your domain
server_name nocodefunctions.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name nocodefunctions.com;
ssl_certificate /etc/letsencrypt/live/xxxxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxx/privkey.pem; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location /nocodeapp-web-front-1.0 {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://payara$request_uri;
}
location = / {
proxy_pass http://payara;
return 301 https://nocodefunctions.com/nocodeapp-web-front-1.0;
}
}

The issue was: my file was larger than the size limit for uploads by nginx, which is set by default to 1m.
The solution consists in adding client_max_body_size 8M; (or any other value) to the config file, more details available in this SO post.

Related

NextJs: Nginx returning 404 on API routes

I'm having an issue here where my NextJs API is returning 404 not found when executed from getInitialProps during a page reload in production.
The error message from my PM2 logs were mentioning the 404 not found was returned by Nginx.
It seems like NGINX is not able to detect my routes in /api/*.
This issue doesn't happen on local and I'm suspecting it is an issue or configuration I have missed out in nginx.
Here are my current versions that I am using
NextJs: 9.4.0
nginx/1.18.0 (Ubuntu) - On AWS EC2
UPDATE
I was able to scope down the issue into a SSL problem where if i disable my SSL in my nginx.conf file. The APIs are working fine. However I am still not able to find a solution to this.
nginx config file
server {
# Your domain
server_name mydomain.com;
# Proxy to nuxt renderer.
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
# Redirect from /path/ to /path
rewrite ^/(.*)/$ /$1 permanent;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain.com;
return 404; # managed by Certbot
}
NextJs getInitialProps code
static async getInitialProps(context) {
const isServer = !!context.req
const { employerAccessToken } = nextCookie(context)
api.setBaseURL('/')
api.setAuthToken(employerAccessToken)
if (isServer) {
api.setCookie(nextCookie(context))
}
let apiResponse = await api.get('/api/employer/profile')
if (!apiResponse.ok) {
console.log('not OK');
console.log(apiResponse);
redirectToEmployerLogin(context)
return {}
}
let wrappedProps = {}
if (WrappedComponent.getInitialProps) {
wrappedProps = await WrappedComponent.getInitialProps(context)
}
}
api/employer/profile
const handler = async (req, res) => {
if (req.method == 'GET') {
try {
const { employerAccessToken } = nextCookie({ req, res })
api.setBaseURL(process.env.NEXT_PUBLIC_API_URL)
api.setAuthToken(employerAccessToken)
const apiResponse = await api.get('/employers/me', req.query)
console.log('apiResponse in /api/employer/profile');
console.log(apiResponse);
res.status(apiResponse.status).json(apiResponse.data)
} catch (error) {
logger.error(`message - ${error.message}, stack trace - ${error.stack}`)
res.status(500).json({})
}
}
}
PM2 Log Error
SOLVED
Apparently the issue is caused by nginx redirecting a server request from http to https however NextJs is not able to identify the route when its in https hence Nginx returns a 404 not found.
The solution would be to allow a proxy pass for localhost to maintain request at port 80 instead of forwarding all port 80 request to 443.
server_block conf
# redirect http to https
server {
listen 80;
listen [::]:80;
server_name 127.0.0.1 localhost;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name yourserver.com www.yourserver.com;
return 301 https://$server_name$request_uri;
}
server {
# listen on *:443 -> ssl;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name yourserver.com;
ssl_certificate /etc/letsencrypt/live/yourserver.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/yourserver.com/privkey.pem; # managed by Certbot
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
# reverse proxy for next server
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
# we need to remove this 404 handling
# because next's _next folder and own handling
# try_files $uri $uri/ =404;
}
location ~ /.well-known {
allow all;
}
}

Odoo 12: Link Redirects broken using Nginx

Ok, I'm using Odoo 12 on Ubuntu 18.04, nginx/1.14.0 with letsencrypt for my ssl certs.
Most everything is working perfectly, however links from the website that redirect are returning the variable I named in the nginx domain config file instead of using the domain.
# Odoo servers
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# HTTP -> HTTPS
server {
if ($host = www.qa.moddulu.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = qa.moddulu.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.qa.moddulu.com qa.moddulu.com;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
}
# WWW -> NON WWW
server {
listen 443 ssl http2;
server_name www.qa.moddulu.com;
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
server {
listen 443 ssl http2;
server_name qa.moddulu.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
server {
listen 443 ssl http2;
server_name qa.moddulu.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
# log files
access_log /var/log/nginx/qa.moddulu.com.access.log;
error_log /var/log/nginx/qa.moddulu.com.error.log;
# Handle longpoll requests
location /longpolling {
proxy_pass http://odoochat;
}
# Handle / requests
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
so, for example, I'm trying to log in and and the url is going to 'https://odoo/web' instead of 'https://qa.moddulu.com/web'. the 'odoo' in the link changes with whatever the upstream variable for the server is. I haven't been able to find a solution to this. I've tried rebuilding the server, but that didn't fix the problem.
EDIT: I am also using google cloud services for my hosting.
Ok, so what I did was to change upstream odoo to upstream qa.moddulu.com. this fixes the problem I was having.
It is the bug of odoo12 source code.
Updating it to the newest version solved the problem.

Can I use WordPress blog as a subfolder of my main domain with a https NGINX?

I am developing a plateform on node/meteorjs stack and I want to add a WordPress blog for our website as well.
https//www.XXXXXX.com --> go to meteor app
https//www.XXXXXX.com/blog --> go to blog
I've got a NGINX front with https certificate
My NGINX config is :
`
server {
listen 80;
server_name XXXX.ovh;
return 301 https://XXXX.ovh$request_uri;
}
upstream meteorapp {
server 127.0.0.1:3000;
}
upstream blog {
server 52.16.157.100;
}
server {
listen 80;
server_name www.XXXX.ovh;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name XXXX.ovh;
return 301 https://www.XXXX.ovh$request_uri;
}
server {
listen 443 ssl default_server;
root /var/www/html;
server_name www.XXXX.ovh;
ssl_certificate /etc/letsencrypt/live/XXXX.ovh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/XXXX.ovh/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location /blog {
proxy_pass http://blog;
proxy_set_header Host $host;
}
location /wp-content {
proxy_pass http://blog;
proxy_set_header Host $host;
}
location /wp-admin {
proxy_pass http://blog;
proxy_set_header Host $host;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
proxy_pass http://meteorapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
location ~ /.well-known {
allow all;
}
}
My blog is hosted on other server and my meteor is in a docker container.
With this configuration, css and image of my blog doesn't work (i try to access the http ressources...
so I got some errors as :
Mixed Content: The page at 'https://www.cdispo.ovh/blog' was loaded over
HTTPS, but requested an insecure image 'http://www.XXXX.ovh/wp-content/themes/twentyseventeen/assets/images/header.jpg'. This content should also be served over HTTPS.
how can I do ?
You should instead use a subdomain in this manner "blog.myapp.com". Otherwise if the Meteor app controls the root ie "myapp.com" you will need to redirect all requests coming in to "myapp.com/blog" in your router.

Deploying a node js app with proxypass with ssl enabled

I have ameteor ap which i am running as is the norm and it runs on my server like
http://my-ip:3000
I have nginx installed and i can access the meteor app using this sites-enabled configuration
My file looks like this
server {
listen *:80;
server_name _;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
I am following this tutorial to get letsencrypt to work https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
How would i enable ssl in my configuration above
To run with ssl,make sure you have a letencrypt certificate and this is my configuration
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/meteor.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:3000;
proxy_read_timeout 90;
proxy_redirect http://localhost:3000 https://domain.com;
}
}
The above runs the meteor app with ssl enabled.

How do I fix this Nginx configuration to properly proxy WebSocket requests instead of returning a 301?

Nginx noob. Trying to configure Nginx to act as an SSL proxy server in front of another web server running at http://localhost:8082. That is, I want all requests to http://localhost to be redirected to https://localhost. That part is working just fine.
Problem is, the app on port 8082 also uses WebSocket connections at ws://localhost:8082/public-api/repossession-requests-socket. I'm trying to redirect any connections to ws://localhost/public-api/repossession-requests-socket to wss://localhost/public-api/repossession-requests-socket and have Nginx proxy those WebSocket requests to ws://localhost:8082/public-api/repossession-requests-socket.
Instead, the WebSocket connections are failing because Nginx is returning a 301 for both ws://localhost/public-api/repossession-requests-socket & wss://localhost/public-api/repossession-requests-socket. My configuration is below; I'm using the Docker image nginx:alpine in my tests ($PWD is mapped to /app).
How do I need to change this so that I no longer see 301s?
events {
worker_connections 1024;
}
http {
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name localhost;
ssl_certificate /app/docker/public.pem;
ssl_certificate_key /app/docker/private.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /app/access-443.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8082;
proxy_read_timeout 90;
proxy_redirect http://localhost:8082 https://localhost;
}
location /public-api/repossession-requests-socket/ {
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
Found the problem. The trailing slash on the end of the location stanza.
location /public-api/repossession-reqeuests-socket/ should have been location /public-api/repossession-reqeuests-socket.

Resources