How can I set up a reverse proxy for the Janus REST api and socket api in Nginx? - nginx

I have a Janus Gateway which exposes a REST api on port 8088. The web socket transport is also enabled on my janus server on port 8188. I have an Nginx reverse proxy set up for https traffic to reach my Janus server. How do I add wss support to my Nginx reverse proxy? Here is my config file "janusserver5.example.com" in nginx/sites-available:
server {
server_name janusserver5.example.com;
location / {
proxy_pass http://10.10.30.27:8088;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/janusserver5.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/janusserver5.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = janusserver5.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name video518.doctogether.com;
listen 80;
return 404; # managed by Certbot
}


By default, the Janus REST api is at the /janus endpoint. To allow Nginx to proxy for the web socket and REST interfaces, create a location entry for /janus that passes to http://yourip:8088/janus and a second one for / that passes to http://yourip:8188.
server {
server_name janusserver5.example.com;
location /janus {
proxy_pass http://10.10.30.20:8088/janus;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://10.10.30.20:8188;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_set_header Connection "upgrade";
proxy_read_timeout 90;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/janusserver5.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/janusserver5.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = janusserver5.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name janusserver5.example.com;
listen 80;
return 404; # managed by Certbot
}
With this configuration I can now connect to https://janusserver5.example.com/janus/info, and wss://janusserver5.example.com with protocol "janus-protocol"

Related

Request in api with nginx as proxy get 504 Gateway Timeout

In a specific route i getting this error 504 Gateway timeout.
That route takes more time, about 7 seconds.
I need in a specific route give more time. Its a POST route.
I have search and configure my nginx (locate: nginx/sites/available) file like this:
server {
server_name servername.com.br;
location /api/branch-company {
proxy_read_timeout 30s;
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
if ($request_method = POST) {
proxy_pass http://localhost:5001;
}
proxy_pass http://localhost:5001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /pdf-generator {
rewrite ^/pdf-generator(/|$)(.*) /$2/ break;
proxy_pass http://localhost:3001;
}
location / {
proxy_pass http://localhost:5001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/servername.com.br/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/servername.com.br/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = servername.com.br) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name servername.com.br;
return 404; # managed by Certbot
}
But that didnt work.

I want to deploy next.js with nginx - without node.js server. How Can I deploy without node.js server?

Here is my code.
I think I am running the node server now and then connecting it to the nginx server.
I want to deploy next.js with Nginx but without node.js server
How Can I..?
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com;
return 301 https://example.com$request_uri;
}
server{
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}

How can I configure my nginx server to accept different subdomains and also port?

I have a server running on Ubuntu/Nginx. I have subdomains running from different internal ports. I want to expose one application to the public but not associate it with any domain/server name.
Below is my configuration file:
server {
server_name app.example.com www.app.example.com;
access_log /home/hub-app/logs/app.example.com.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8082;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
server_name example.com www.example.com;
access_log /home/hub-public/logs/example.com.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8081;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
The above works well and points to the specified domains ie example.com and app.example.com. Now I want to add another virtual server to run at MY_PUBLIC_IP:8080. The port 8080 should not be accessible on the other domains i.e. example.com:8080/app.example.com:8080 should not be available.

how to make cerbot installed ssl work correctly?

i did setup my website on digital ocean i did use ubuntu 20.04 vm the website is basic mern application and i did use nginx 1.18.0 as a reverse proxy and the intital nginx configuration was like that
server {
listen 80
server_name kwarezma.one www.kwarezma.one;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /api {
# This is my nodejs API
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
the path to my conf is /etc/nginx/sites-available/default
after using certbot to install ssl my config changed to this
server {
server_name kwarezma.one www.kwarezma.one;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /api {
# This is my nodejs API
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/kwarezma.one/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kwarezma.one/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.kwarezma.one) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = kwarezma.one) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name kwarezma.one www.kwarezma.one;
return 404; # managed by Certbot
}
but now when i visited my website kwarezma.one or www.kwarezma.com it docent work and i have no clue what happened so any help here will be much appreciated

1- read my answer here :
cannot install certbot on amazon linux2 nginx
2- be sure that you have a A record ( for your domain ) or a CNAME record ( for your subdomain ) well configured.
3- Next check your issue from this step by recreating a ssl certificate for your domain or subdomain :
sudo certbot --nginx
( some where in output, certbot will ask you the
domain name or the subdomain for which you want to install ssl )

nginx + websocket proxy + Ratchet in docker

We have symfony app's who use Ratchet php for websocket. This app is an docker container.
On the server we use nginx with proxy to serve docker app. It works for http request in 443.
But with websocket we have error : failed: Error during WebSocket handshake: Unexpected response code: 502.
Do you have an idea ?
Thank's.
Our nginx config :
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 127.0.0.1:8081;
}
server {
server_name my-domain.fr;
location /ws {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
proxy_redirect off;
}
location /
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_pass http://127.0.0.1:8080;
}
listen [::]:443 ssl ipv6only=on http2; # managed by Certbot
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/my-domain.fr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-domain.fr/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my-domain.fr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name my-domain.fr;
return 404; # managed by Certbot
}

I found the problem, it was my ratchet configuration.
I replaced by
$server = IoServer::factory(
new HttpServer(
new WsServer(
new Chat($this->containerInterface, $this->entityManager)
)
),
$this->params->get('chat.ws_port'),
'127.0.0.1'
);
by
$server = IoServer::factory(
new HttpServer(
new WsServer(
new Chat($this->containerInterface, $this->entityManager)
)
),
$this->params->get('chat.ws_port'),
'0.0.0.0'
);

Resources