Hi I am trying to get a nginx conf working with minecraft.
I created several subdomains (A-records) and I want to use only the subdomains (without port).
Therefore I installed nginx (stable release) on CentOS 7.
Added portforward in my router on 25565 to this VM (fixed IP) and added 25565 (tcp, permanent) to the firewall. Testing nginx with default ip (port 80) => Welcome to nginx....
Testing port 25565 (with minecraft) also works.
Left nginx.conf and default.conf intact (no changes) and added my minecraft.conf in /etc/nginx/conf.d/
Minecraft uses tcp protocol (I asume this is supported by nginx) and listens default to 25565 that's why I run my instances on 25566 and 25567
As far as I understood main directives like http(s), stream etc. should be declared in nginx.conf
It's not posible to declare a stream in the minecraft.conf (in ./conf.d/)
Also not possible to proxy_pass to the upstream (directive proxy_pass not allowed here)
(I can use location / { http://..} but that's not tcp)
What do I miss to make it work as I want to use a proxy (Network Solutions does not allow SRV records for subdomains)
my minecraft.conf:
upstream mcserver1 {
server 192.168.1.14:25566;
}
upstream mcserver2 {
server 192.168.1.14:25567;
}
server {
listen 25565;
server_name camelot.xyz.net;
access_log /var/log/nginx/mcs1.access;
error_log /var/log/nginx/mcs1.error;
proxy_pass mcserver1;
}
server {
listen 25565;
server_name cityworld.xyz.net;
access_log /var/log/nginx/mcs2.access;
error_log /var/log/nginx/mcs2.error;
proxy_pass mcserver2;
}
In the default error.log I find
2021/04/11 21:37:12 [notice] 5525#5525: signal process started
2021/04/11 21:37:12 [emerg] 2325#2325: bind() to 0.0.0.0:25565 failed (98: Address already in use)
2021/04/11 21:37:12 [emerg] 2325#2325: still could not bind()
Related
My puprose is to use nginx as a proxy for another application and I get an error above and I get 502 badgateway when I try to access my app.
My nginx configurations are shown below and I already unlinked the default nginx configurations but I still get the error below in /var/log/nginx/error.log.
Any clues ?
server{
listen 80 default_server ;
listen [::]:80 default_server;
server_name pivot.staging.ippen.space;
location / {
resolver 127.0.0.53
proxy_pass https://$server_name:443/;
}
}
and when i used 127.0.0.1 / 8.8.8.8 as a resolver I get the folowing error:
nginx: [emerg] host not found in resolver "proxy_pass" in /etc/nginx/sites-enabled/custom_server.conf:9
I use nginx as a VM instance on Google cloud and I have two firewall rules (allow http and allow ssh access); OS is ubuntu 16.04.
I'm new to nginx.
I have a machine, behind my router, that runs a server and handles correctly 80 and 443 request with Https.
Problem is that I want to host a second website on another device but I have only one IP address. I bought a raspberry pi zero to use it as a reverse proxy behind my router. I install nginx and want to redirect all the request to my other machines. Both the RPI 0 and the old machine have local IP.
To redirect requests from my router to RPI 0 and then to my old machine, I used proxy_pass. On port 80 everything works fine, but on port 443 I get a certificate error on my browser.
Is it possible to let the whole request go on the old machine and let the old machine handles the https certificate like before ? Or is it mandatory to have the certificate processed by nginx ?
Diagram of the old but functional installation
Current installation with certificate error
My configuration:
upstream backend_a {
server 192.168.0.20:80;
}
upstream backend_a_s {
server 192.168.0.20:443;
}
server {
listen 80;
server_name mydomain;
location / {
include proxy_params;
proxy_pass http://backend_a;
}
}
server {
listen 443 ssl;
server_name mydomain;
location / {
include proxy_params;
proxy_pass https://backend_a_s;
}
}
I found a solution. I need to use port forwarding. To do this in nginx, I need to use stream keyword.
stream {
server {
listen 443;
proxy_pass 192.168.0.20:443;
}
}
The stream keyword need to be at the same level as http, so I needed to edit /etc/nginx/nginx.conf source. Other solution is to manually compile a version of nginx, with the parameter --with-stream source.
I'm using a combination of ip6tables and nginx to process http requests from clients. The nginx server listens on port 8081 and must forward a request after examining the header.
Clients can send two types of requests:
GET/POST with no headers. These should be re-directed to https://jaguar.mydomain.com
GET/POST with specific header elb-jaguar.mydomain.com. These should be redirected to https://elb-jaguar.mydomain.com
When run as nginx -c /home/build/v6-only.conf, nginx fails because one server{} directive already has listen on port 8081
nginx: [emerg] duplicate listen options for [::]:8081 in /etc/nginx/v6/v6-only.conf:13
My config is as below:
server {
listen [::]:8081 ssl ipv6only=on;
server_name elb-jaguar.mydomain.com;
ssl_certificate /etc/ssl/elb.crt;
ssl_certificate_key /etc/ssl/elb.key;
location / {
proxy_pass https://elb-jaguar.mydomain.com:443;
}
}
server {
listen [::]:8081 ssl ipv6only=on;
ssl_certificate /etc/ssl/regular.crt;
ssl_certificate_key /etc/ssl/regular.key;
server_name jaguar.mydomain.com;
location / {
proxy_pass https://jaguar.mydomain.com:443;
}
}
How can I fix the above config to get the desired forwarding with proxy_pass?
Difficult to see because that setup should work.
But looking closer at the NGINX docs and your need for IPv6 only, it says (my emphasis):
ipv6only=on|off
this parameter (0.7.42) determines (via the IPV6_V6ONLY socket option) whether an IPv6 socket listening on a wildcard address [::] will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start.
Because the error message complains of 'duplicate listen options', not 'already listening on that port' or similar, it suggests it is complaining about trying to set ipv6only a second time (even to the same value).
Also, it does say This parameter is turned on by default, so you could easily just remove it altogether, if only to try it.
Of course the port is already in use! hence my desire to redirect it! - I don't understand how I'm suppose to be able to redirect an app on 8787 to the https version if I can't start nginx due to this bind error?
nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx: [emerg] bind() to 0.0.0.0:8787 failed (98: Address already in use)
server block:
server {
listen 8787;
listen [::]:8787 ipv6only=on;
server_name www.example.* example.* 45.224.123.199;
# SSL
ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/sample.key;
port_in_redirect off;
return 302 https://example.com$request_uri;
}
Each application , in this case the upstream application and nginx, need their own unique ip and port binding pair. Generally, ONE application per IP can anybind.
You need to either:
choose a unique port for the proxy and upstream pairing (change nginx port, or change application port)
OR
chose a unique IP binding for your application.
Very often, a good practice is to application bind to the LAN ip instead of the public IP, to better isolate your application from the public internet.
In the long run what I'm trying to do is to be able to connect to any domain through any port, for example, mysite.com:8000 and then through Nginx have it get routed to an internal ip through the same port. So for example to 192.168.1.114:8000.
I looked into iptables although I'm planning on having multiple domains so that really doesn't work for me in this case (feel free to correct me if I'm wrong). I made sure that the internal ip and port that I'm trying to access is connectable and running and also that the ports I'm testing with are accessible from outside my network.
Here's my Nginx config that I'm currently using:
server {
set $server "192.168.1.114";
set $port $server_port;
listen 80;
listen 443;
listen 9000;
server_name mysite.com;
location / {
proxy_pass http://$server:$port;
proxy_set_header Host $host:$server_port;
}
}
Currently what happens is that when I send a request it just times out. I've been testing using port 80 and also port 9000. Any ideas on what I might be doing wrong? Thanks!
EDIT:
I changed my config file to look like the following
server {
listen 9000;
server_name _;
location / {
add_header Content-Type text/html;
return 200 'test';
}
I keep getting the same exact error. The firewall is turned off so it just seems like Nginx isn't listening on port 9000. Any ideas on why that might be the case?
The most effective way would be to have three separate server directives, one for each port. That way, the upstream server isn't dynamic, so Nginx knows it can keep long-lived connections open to each one.
If you really don't want to do this, you might be able to get around it by doing something like this:
proxy_pass http://upstream_server.example:$server_port;
$port doesn't exist, but $server_port does, so that should work. (It's not $port because there are two ports for each connection: the server port and the client port, which are $server_port and $remote_port, respectively.)