I have already deployed in HTTPS. This is my nginx.conf
server {
listen 3000 ssl;
listen [::]:3000 ssl;
server_name localhost hostname.com;
ssl_certificate ssl-bundle.crt;
ssl_certificate_key privatekey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:4000/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
I want to run new app with new port on the same domain, I try to add this:
server {
listen 4000 ssl;
listen [::]:4000 ssl;
server_name localhost hostname.com;
ssl_certificate ssl-bundle.crt;
ssl_certificate_key privatekey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8000/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
When run two app I can use https only port 3000 but can not use app on port 4000. How to config file?
Related
I have a server running on Ubuntu/Nginx. I have subdomains running from different internal ports. I want to expose one application to the public but not associate it with any domain/server name.
Below is my configuration file:
server {
server_name app.example.com www.app.example.com;
access_log /home/hub-app/logs/app.example.com.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8082;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
server_name example.com www.example.com;
access_log /home/hub-public/logs/example.com.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8081;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
The above works well and points to the specified domains ie example.com and app.example.com. Now I want to add another virtual server to run at MY_PUBLIC_IP:8080. The port 8080 should not be accessible on the other domains i.e. example.com:8080/app.example.com:8080 should not be available.
I am having multiple apps each listening on different ports and i am trying to configure nginx so i can proxy pass to each of them separately.
I am able to configure the root location of my domain to proxy pass to a bokeh app which is listening on port 5006 using this config:
server {
listen 80 default_server;
listen 443 ssl;
root /var/www/mydomain/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain www.mydomain;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://127.0.0.1:5006;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
The above part works. However, when i try to create an additional location so that i can have the location / serving a landing page (from root) and then location /env to proxy to localhost:5006 it shows empty page at mydomain/env. Here is the config i am trying with:
server {
listen 80 default_server;
listen 443 ssl;
root /var/www/mydomain/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain www.mydomain;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
location /env/ {
rewrite ^/env/(.*)$ /$1 break;
proxy_cache_bypass $http_upgrade
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
proxy_pass http://127.0.0.1:5006;
}
}
It would be great if someone could point out on where i am making the mistake.
Thanks.
So im wondering if its possible to run a multiple sub directories with my current config of nginx. I would like to have the directories as www.hostname.org/service1 www.hostname.org/service2 is this achievable ? This is my nginx.conf
server {
# Update this line to be your domain
server_name www.hostname.org;
# Ensure these lines point to your SSL certificate and key
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Use these lines instead if you created a self-signed certificate
ssl_certificate /etc/nginx/ssl/www_hostname_org_ee.crt;
ssl_certificate_key /etc/nginx/ssl/hostname.key;
# Ensure this line points to your dhparams file
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# These shouldn't need to be changed
listen [::]:32776 default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
location / {
proxy_pass http://10.0.0.8:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
location ~ ^/service1 {
proxy_pass http://ipforservice1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location ~ ^/service2 {
proxy_pass http://ipforservice2:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
Is this what you wanted? Go to different ips for different services?
I configured a mirror with nginx, but after some time (about 2 minutes) all socket.io connections disconnect from the mirror. I tried to modify timeouts and etc. but nothing changed.
Here my configuration file:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
server_name www.myserver.net;
ssl_certificate /path/to/my/cert.pem;
ssl_certificate_key /path/to/my/key.pem;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
client_max_body_size 50m;
location / {
proxy_pass http://127.0.0.1:7000;
#proxy_pass https://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host "$server_addr:$server_port";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50m;
mirror /mirror;
}
location /mirror {
internal;
resolver 8.8.8.8;
proxy_pass https://bugfix.myserver.net$request_uri;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host bugfix.apio.cloud;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}
What's wrong in it?
I'm having trouble addressing Neo4j via a reverse proxy with NGINX.
The web client works without problems, but I have no idea about the Bolt protocol.
Here's how the web client works:
server {
listen 80;
server_name XXX;
location / {
proxy_pass http://YYY:7474/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
}
}
But how does the Bolt protocol over port 7687 work?
Thanks.
PS: Google translator ftw.
You need to use nginx compiled with --with-stream. Then you can add below section to your nginx config
stream {
server {
listen 7687;
proxy_pass neo4j:7687;
}
}
Basically you need to use tcp reverse proxy and not http proxy. The above configuration section will be at top level and not inside http or server block
You will need to open port 7687 between your laptop and the server hsoting neo4j.
If you are using let's encrypt and try to connect though SSL. neo4j embedded certificate were not signed by an Authority which was generating the error in my chrome browser.
To make it works, I had to copy my certs in neo4j certificates :
sudo su
cp /etc/letsencrypt/live/MYDOMAIN/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert
cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /var/lib/neo4j/certificates/neo4j.key
service neo4j restart
Here is what works:
worker_processes auto;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
"" close;
default upgrade;
}
upstream neo4j_bolt {
server neo4j:7687;
}
upstream neo4j_insecure {
server neo4j:7474;
}
upstream neo4j_secure {
server neo4j:7473;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://neo4j_insecure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_secure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7687 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7688;
server_name localhost;
location / {
proxy_pass http://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Dockerized solution here: https://github.com/joehoeller/nginx-server-neo4j-graph-db