nginx upstream servers with https authorization - nginx

I have some problem with my config.
If I add upstream HTTPS servers authorization didnt work.
Working config
upstream facturatest {
server s1test.com:443 max_fails=3 fail_timeout=10s;
server s2test.com:443 backup;
}
server {
server_name gw.site.com;
location /tst {
allow all;
proxy_buffering on;
proxy_buffer_size 1k;
proxy_buffers 24 4k;
proxy_busy_buffers_size 8k;
proxy_max_temp_file_size 2048m;
proxy_temp_file_write_size 32k;
#proxy_redirect off;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-for $remote_addr;
include /etc/nginx/cors;
proxy_set_header Authorization "Basic ZGlkb3g6cHJvdjF0Z";
proxy_pass https://s1test.com/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/_________________/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/__________/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gw.site.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name gw.site.com;
listen --.--.--.--:80;
return 404; # managed by Certbot
}
If I change proxy_pass https://s1test.com/; to my upstream proxy_pass https://facturatest/; authorization didnt work

Related

Nginx: rename URL after a redirection

My new website's address is foo.pro, when I go my old website bar.pro, it shows the content of the new foo.pro as expected but the URL remains bar.pro.
How to replace bar.pro by foo.pro in my Nginx configuration below ?
upstream foo_upstream {
server 127.0.0.1:3003;
keepalive 64;
}
server {
server_name www.foo.pro;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://foo_upstream;
proxy_redirect off;
proxy_read_timeout 240s;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.foo.pro/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.foo.pro/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.foo.pro) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.foo.pro;
return 404; # managed by Certbot
}
server {
listen 80;
server_name foo.pro;
return 301 https://www.foo.pro;
}
=== EDIT ===
I tried to add this directive in my conf:
server {
listen 80;
server_name bar.pro;
return 301 https://foo.pro;
}
But it's still not renaming the URL to foo.pro.

How to SSL multiple ports on same server for single domain name using nginx

I am using let's encrypt to get SSL certificates and nginx as reverse proxy. Below is my nginx conf file that I am using :
server {
listen 443 http2 ssl;
server_name example.com;
access_log /var/log/nginx/example.com.log;
error_log /var/log/nginx/example.com.log;
location /.well-known/acme-challenge/ {
root /var/www/html/grafana; # Temp for generating letsencrypt
default_type text/plain;
}
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#Fix the “It appears that your reverse proxy set up is broken” error.
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:3000 http://example.com/;
#Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}
============
My requirement here is :
I am running multiple applications on this server such as Jenkins, Gitlab, Grafana. And these applications are listening on different ports. The above file lets me redirect https://example.com to http://example.com:3000. But I would like to redirect my connections like this :
https://example.com:3000 -> http://example.com:3000
https://example.com:8080 -> http://example.com:8080
https://example.com:81 -> http://example.com:81
I have seen an environment doing it. But can't figure out how this was done.

Request body is not passing in http url but it is present in https url

I am testing some APIs with POSTMAN.
When i am sending data in request body (raw section in POSTMAN) , data is present when i call the url with https i.e https://example.com/api-url/ but i am receiving empty body when i send the request with http url i.e http://example.com/api-url/
Non-secure requests are working fine. They are being directed to https. Only issue is request body is not being there when any request is called from http url.
What is wrong in nginx configuration?
This is the nginx configuration.
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
access_log /home/myuser/myproject/logs/nginx-access.log;
error_log /home/myuser/myproject/logs/nginx-error.log;
server_name example.com ;
add_header Content-Security-Policy "frame-ancestors *.exampledomain.com" always;
location /static/ { alias /home/myuser/myproject/staticfiles/; }
location /media/ { alias /home/myuser/myproject/media/; }
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com ;
return 404; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com;
return 404; # managed by Certbot
}
Maybe Express body-parser/json-parser didn't parse the body when you call with http, and did not pass it to req.body.
Add this into your / proxy handler May correct your problem :
proxy_set_header content-type "application/json";
like this :
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header content-type "application/json";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
I found this answer by #miknik . It states that there is an issue while redirecting with 301/302 status codes. I replaced 301 with 307 in my nginx configuration and it started working.

How to listen only 443 in nginx server

I am using node.js project in a nginx digital ocean server.
I have configured the server with reverse proxy to the node project. All works great. But my socket doesn't work. It seems 80 and 443 problems.
I tried to do this bellow configuration in my server
server {
root /home/sadek/project/node;
index index.html index.htm index.nginx-debian.html;
server_name domain.com www.domain.com;
location / {
proxy_pass http://localhost:8181;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 443 ssl;
server_name domain.com www.domain.com;
return 404; # managed by Certbot
}
But I get this error conflicting server name "domain.com" on 0.0.0.0:443, ignored
Thank you.
Try this:
server {
listen 443 ;
server_name abc.com www.abc.com;
large_client_header_buffers 8 32k;
if ($http_user_agent ~* Googlebot) {
return 403;
}
access_log /var/log/nginx/access.log;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://localhost:8181;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffers 8 32k;
proxy_buffer_size 64k;
}
}

Redirect loop with nginx

Using nginx for SSL and reverse proxy functionality for Odoo. Had some issues earlier and had to rebuild the nginx config from scratch, and now I'm getting an endless redirect. Here's my /etc/nginx/sites-available/default:
upstream odoo {
server 127.0.0.1:8069;
}
server {
listen 80;
server_name odoo.site.com;
root /usr/share/nginx/html;
index index.html index.htm;
access_log /var/log/nginx/odoo-mydomain-local.access.log;
error_log /var/log/nginx/odoo-mydomain-local.error.log;
location / {
proxy_pass http://odoo;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# cache some static data in memory for 60mins
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/odoo.site.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/odoo.site.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
Any ideas?

Resources