NGINX - Reverse Proxy Issues. Not re-writing URLS? I think? - nginx

I expect I am doing something just simply incorrect here. Essentially I have 3 apps that I have configured a NGINX reverse proxy for. Each one seems to start to load but what I think is happening is something wrong with the re-write. So I can see in chrome network trace each load the first item ok but then instead of example.com/app1/applicationdirx it attempts example.com/applicationdirx (this returns a 404 for every item it tries to load) This is happening for all 3 apps running on seperate machines. So I expect its my config somewhere. Please dont judge my config. I have spent hours and hours playing with it so its a bit of a mess. haha. I would assume its proxy_redirect but I have tried every combination (including default and off with no avail). If i change the location to root "/" and update the config accordingly, the apps work fine. its just when I am trying to do it under /app1/,/app2/ and /app3/ it doesnt. :(
Any assistance would be greatly appreciated.
çmap $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
set $app1 192.168.5.3:443;
set $app2 192.168.5.3:8443;
set $app3 192.168.5.79:8123;
**app1*
location /app1/ {
proxy_pass https://$app1/;
proxy_redirect https://$app1 https://$server_name/app1/;
proxy_cache off;
proxy_store off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_read_timeout 36000s;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Referer "";
client_max_body_size 0;
}
## app2 ##
location /app2/
{
proxy_pass https://$app2/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_redirect https://$app2/ https://$server_name/app2/;
}
## app3##
location /app3/ {
proxy_pass http://$app3/;
proxy_set_header Host $host;
#proxy_redirect http://$app3 https://$server_name/app3;
proxy_redirect http://192.168.5.79:8123/ https://$server_name/app3/;
# proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection $connection_upgrade;
}
server_name example.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullcapp3in.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Related

How to remove port number in nginx when redirecting

This is my domain.conf file in nginx:
server {
listen 80;
listen 8080;
server_name EXAMPLE.COM www.EXAMPLE.COM;
return 301 https://EXAMPLE.COM$request_uri;
}
server {
listen 443 ssl;
root /home/path;
ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Now when I type http://EXAMPLE.COM:8080 or http://EXAMPLE.COM:8080/some_folder/, my website over the port number 8080 works, but I want to remove this port number.
But what I want is:
--> Whenever I type http://EXAMPLE.COM:8080/folder, it redirects to https://EXAMPLE.COM/folder
I think the answer of what you are looking for is in proxy_redirect option, after proxy_pass.
This nginx configuration sample can be useful: (Take a look on proxy redirect line)
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect http://upstream:port/two/ /one/;
I think adding this should do the trick:
proxy_redirect http://127.0.0.1:8000 /blog;
You can find full documentation and examples in the nginx documentation.
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect

Why am I lost the WSO2 APIM Store session after click in all API?

I have an specific node for my APIM store which is configured for https://mydomain.store.
I'm using nginx for front-end all APIM nodes or cluster. And for almost every thing its running fine.
The problem is: After access the I lost the session every time that I click on all available API..
In my opinion it is a problem with NGINX. If a config Store to maintain original context (https://mydomain.store/store) i don´t have problems.
After all my research, my nginx config files are:
upstream loja{
server localhost:9443;
}
server {
listen 443 ssl;
server_name mydomain.store;
proxy_set_header X-Forwarded-Port 443;
error_log /var/log/nginx/lojahml.log ;
access_log /var/log/nginx/access-lojahml;
#SSL CONFIG
...
location /{
proxy_set_header X-WSO2-Tenant "carbon.super";
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://loja/store/;
proxy_redirect https://loja/store/ https://mydomain.store;
proxy_cookie_path /store /;
}
location /carbon{
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://localhost:9443/carbon;
}
location ~ ^/(.*)registry/(.*)$ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass https://localhost:9443/$1registry/$2;
}
location /registry {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass https://localhost:9443/registry;
}
location /services{
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://localhost:9443/services;
}
}
The site.json for store jaggery APP is like that:
...
"reverseProxy" : {
"enabled" : "true", // values true , false , "auto" - will look for X-Forwarded-* headers
"host" : "mydomain.store", // If reverse proxy do not have a domain name use IP
"context":"",
//"regContext":"" // Use only if different path is used for registry
},
...
P.S. Before everything running fine using apache as front-end.

Nginx regex's aren't matching properly

I've got a pretty basic nginx/nginx.conf but unfortunately I can't get 1 of the servers to match properly, I'm pretty sure it's because they use some text which is exactly the same as another domain
I've tested the regex's on regex101.com and they seem to be matching the way they should be, but nginx is doing something else with them
this is what my whole nginx conf looks like
https://pastebin.com/E3N8awGk
key area:
# lopudesigns
server {
listen 80;
server_name ~^(.*|)(\.|)lopudesigns\.dev$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:7777;
}
}
# lopudesigns example sites
server {
listen 80;
server_name ~^ozledgrowlights\.lopudesigns\.dev$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:1337;
}
}
# ozledgrowlights
server {
listen 80;
server_name ~^(.*|)(\.|)ozledgrowlights\.dev\.au$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:1337;
}
}
# a lopu client
server {
listen 80;
server_name ~^(.*|)(\.|)alopu\.com$;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name ~^(.*|)(\.|)alopu\.com$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:8888;
}
ssl_certificate /usr/local/etc/nginx/certs/alopu/server.crt.pem;
ssl_certificate_key /usr/local/etc/nginx/certs/alopu/server.key.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}
ozledgrowlights.dev.au matches correctly
alopu.com matches correctly
but lopudesigns.dev gets proxied to http://127.0.0.1:8888 instead of http://127.0.0.1:7777
which is evident because the url doesn't change, so it doesn't actually get redirected to alopu.com, which means that the alopu.com regex/server block is capturing those http requests, which is pretty weird since the regex
~^(.*|)(\.|)lopudesigns\.dev$; captures lopudesigns.dev perfectly and ~^(.*|)(\.|)alopu\.com$; doesn't capture lopudesigns.dev at all
I should also note that ~^(.*|)(\.|)ozledgrowlights\.dev\.au$; doesn't capture anything at all, so ozledgrowlights.lopudesigns.dev doesn't load anything at all
so I'm a bit confused? :O
Sorry but it was some local issue with the .dev domain, not sure what it was but changing .dev to .ved made it work... odd

Nginx 404 Error to some subfolders

Noobie question here.
I've setted up Parse-Server in my Ubuntu droplet and i'm currently dealing with an issue here.
My ssl is from letsencrypt
In this file
/etc/nginx/sites-enabled/default
I have the following
# HTTP - redirect all requests to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
server_name example.com;
return 301 https://$host$request_uri;
}
# HTTPS - serve HTML from /usr/share/nginx/html, proxy requests to /parse/
# through to Parse Server
server {
listen 443;
server_name example.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# Pass requests for /parse/ to Parse Server instance at localhost:1337
location /parse/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:1337/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /test/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:1337/test/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /dashboard/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4040/dashboard/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location / {
try_files $uri $uri/ =404;
}
}
So the followin links are working fine
https://example.com/parse/
https://example.com/dashboard/
https://example.com/test/
but they are working cause of the default file has the code to work fine.
I can't do that for all the directories that parse has for example
https://example.com/parse/serverInfo/
is getting a 404 error.
Is there any way to make all the pages available without having to configure them in the default file?
Update
So when I put this inside my default file
location /parse/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:1337/parse/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
I get no 404 error. This is because of the proxy_pass http://localhost:1337/parse/ that is different from the first file that I've posted here.
But how can i do that for ALL the requests no matter /parse/ or /something/ etc? I cannot right down here ALL the folders and possible links that i will create inside server. Because at this domain I will also setup a website which will have /assets/ etc and it will need each single one.
Isn't there any code to include ALL the possible links that it will be created?
You can capture parts of the location entry using regex group, e.g.
location /(.*) {
...
proxy_pass http://localhost:1337/$1;
...
}

Rewrite plex media server url on nginx?

I have very limited knowledge with rewriting url in nginx. I have a plex media server running behind on nginx, i can access the dashboard with http://domain.com/web/index.html with these config i found on github:
upstream plex-upstream {
server plex-server.example.com:32400;
}
server {
listen 80;
server_name domain.com
location / {
if ($http_x_plex_device_name = '') {
rewrite ^/$ http://$http_host/web/index.html;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_pass http://plex-upstream;
}
}
What i want is to remove /web/index.html so when i go to http://domain.com, the PMS dashboard will load. I tried some one liner rewrite rules already but all failed. Thanks.
I am not nginx specialist, but I had similar problem.
The diference is that I was not trying to alias domain.name/ to domain.name/web/,
My goal was to alias domain.name/plex/ to domain.name/web/.
I was getting redirects to web/index.html with all solutions I could find except this one Configure Plex Media Server Reverse Proxy nginx Linux.
The only one problem with this one was that if you go to web/ you will stay there.
So here is my creepy yet working solution:
upstream plex {
server localhost:32400;
}
server {
listen 80;
server_name domain.name;
server_name_in_redirect off;
location / {
proxy_pass http://localhost:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location /web/index.html {
if ($http_x_should_not_redirect = ""){
return 301 https://domain.name/plex/index.html;
}
proxy_pass https://plex;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x_should_not_redirect $host;
}
location /web {
proxy_pass https://plex;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x_should_not_redirect $host;
}
location /plex {
proxy_pass https://127.0.0.1/web;
proxy_set_header X-should-not-redirect $host;
}
location /transmission/rpc {
proxy_pass http://localhost:9091;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location /transmission/web {
proxy_pass http://localhost:9091;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dovgastreetnas.viewdns.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dovgastreetnas.viewdns.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
Hope this will help somebody.

Resources