I am trying to configure Nginx as reverse proxy keeping Uvicorn behind it.
When I try to access "example.com", it returns the home page but gives 404 for all static files.
When I try to access any other endpoint like "example.com/blog", it returns "404 not found" page.
Here is the Nginx config:
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream uvicorn {
server unix:/tmp/uvicorn.sock;
}
What changes should I do to make it work?
As per the suggestion given by #richard-smith in the comment, I tried commenting out this line
location / {
#try_files $uri $uri/ =404; <-- here
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
and it worked fine. It is now able to serve all the endpoints.
Related
I have a problem with adding some new routes to the current proxy which I have on the server .
The current file is located on :
/etc/nginx/sites-enabled/proxy_nginx
with this content :
# proxy cache
proxy_cache_path /tmp/cache keys_zone=cache:10m levels=1:2 inactive=600s max_size=100m;
# redirect all HTTP to HTTPS
server {
listen 80 default_server;
return 301 https://$host$request_uri;
}
server {
return 301 https://$host$request_uri;
server_name www.api.mysite.org; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.mysite.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.mysite.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.api.mysite.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name www.api.mysite.org;
return 404; # managed by Certbot
}
Now I need to add these lines into it but I'm confused where to put them :
server {
listen 80 default backlog=16384;
listen [::]:80 default backlog=16384;
location /route1{
proxy_set_header Host decide.externalURL.com;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://z.externalURL.com/route1;
}
location /route2 {
proxy_set_header Host api.externalURL.com;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://api.externalURL.com/route2;
}
I know that I shouldn't have a duplicate default-server because I wasn't able to add the above lines into my default nginx.conf file.
So the question is how to mix these lines into the /etc/nginx/sites-enabled/proxy_nginx file.
Here is my code.
I think I am running the node server now and then connecting it to the nginx server.
I want to deploy next.js with Nginx but without node.js server
How Can I..?
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com;
return 301 https://example.com$request_uri;
}
server{
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}
I am testing some APIs with POSTMAN.
When i am sending data in request body (raw section in POSTMAN) , data is present when i call the url with https i.e https://example.com/api-url/ but i am receiving empty body when i send the request with http url i.e http://example.com/api-url/
Non-secure requests are working fine. They are being directed to https. Only issue is request body is not being there when any request is called from http url.
What is wrong in nginx configuration?
This is the nginx configuration.
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
access_log /home/myuser/myproject/logs/nginx-access.log;
error_log /home/myuser/myproject/logs/nginx-error.log;
server_name example.com ;
add_header Content-Security-Policy "frame-ancestors *.exampledomain.com" always;
location /static/ { alias /home/myuser/myproject/staticfiles/; }
location /media/ { alias /home/myuser/myproject/media/; }
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com ;
return 404; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com;
return 404; # managed by Certbot
}
Maybe Express body-parser/json-parser didn't parse the body when you call with http, and did not pass it to req.body.
Add this into your / proxy handler May correct your problem :
proxy_set_header content-type "application/json";
like this :
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header content-type "application/json";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
I found this answer by #miknik . It states that there is an issue while redirecting with 301/302 status codes. I replaced 301 with 307 in my nginx configuration and it started working.
I have a website which performs proxy pass and I want to block some sub path access and not sure how can I do this. Following is the nginx conf file snippet:
server {
root /usr/share/nginx/html;
server_name testnginx.com www.testnginx.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testnginx.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testnginx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~* /ng\/f\?p {
return 404;
}
location / {
rewrite ^/$ /ng/testnginx/r/100/home permanent;
}
location /ng/ {
proxy_pass https://127.0.0.1:2000/ng/;
# set Origin to blank to avoid Chrome problems with CORS
proxy_set_header Origin "" ;
# pass along some header variables with the public host name/port/and so on
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I want to redirect all the subpath such as /ng/f?p to /ng/testnginx/r/100/home but it is not working for me.
I am using node.js project in a nginx digital ocean server.
I have configured the server with reverse proxy to the node project. All works great. But my socket doesn't work. It seems 80 and 443 problems.
I tried to do this bellow configuration in my server
server {
root /home/sadek/project/node;
index index.html index.htm index.nginx-debian.html;
server_name domain.com www.domain.com;
location / {
proxy_pass http://localhost:8181;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 443 ssl;
server_name domain.com www.domain.com;
return 404; # managed by Certbot
}
But I get this error conflicting server name "domain.com" on 0.0.0.0:443, ignored
Thank you.
Try this:
server {
listen 443 ;
server_name abc.com www.abc.com;
large_client_header_buffers 8 32k;
if ($http_user_agent ~* Googlebot) {
return 403;
}
access_log /var/log/nginx/access.log;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://localhost:8181;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffers 8 32k;
proxy_buffer_size 64k;
}
}