Issue in configuring Nginx for multiple apps on same server - nginx

I am having multiple apps each listening on different ports and i am trying to configure nginx so i can proxy pass to each of them separately.
I am able to configure the root location of my domain to proxy pass to a bokeh app which is listening on port 5006 using this config:
server {
listen 80 default_server;
listen 443 ssl;
root /var/www/mydomain/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain www.mydomain;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://127.0.0.1:5006;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
The above part works. However, when i try to create an additional location so that i can have the location / serving a landing page (from root) and then location /env to proxy to localhost:5006 it shows empty page at mydomain/env. Here is the config i am trying with:
server {
listen 80 default_server;
listen 443 ssl;
root /var/www/mydomain/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain www.mydomain;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
location /env/ {
rewrite ^/env/(.*)$ /$1 break;
proxy_cache_bypass $http_upgrade
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
proxy_pass http://127.0.0.1:5006;
}
}
It would be great if someone could point out on where i am making the mistake.
Thanks.

Related

How can I configure my nginx server to accept different subdomains and also port?

I have a server running on Ubuntu/Nginx. I have subdomains running from different internal ports. I want to expose one application to the public but not associate it with any domain/server name.
Below is my configuration file:
server {
server_name app.example.com www.app.example.com;
access_log /home/hub-app/logs/app.example.com.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8082;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
server_name example.com www.example.com;
access_log /home/hub-public/logs/example.com.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8081;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
The above works well and points to the specified domains ie example.com and app.example.com. Now I want to add another virtual server to run at MY_PUBLIC_IP:8080. The port 8080 should not be accessible on the other domains i.e. example.com:8080/app.example.com:8080 should not be available.

How to remove port number in nginx when redirecting

This is my domain.conf file in nginx:
server {
listen 80;
listen 8080;
server_name EXAMPLE.COM www.EXAMPLE.COM;
return 301 https://EXAMPLE.COM$request_uri;
}
server {
listen 443 ssl;
root /home/path;
ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Now when I type http://EXAMPLE.COM:8080 or http://EXAMPLE.COM:8080/some_folder/, my website over the port number 8080 works, but I want to remove this port number.
But what I want is:
--> Whenever I type http://EXAMPLE.COM:8080/folder, it redirects to https://EXAMPLE.COM/folder
I think the answer of what you are looking for is in proxy_redirect option, after proxy_pass.
This nginx configuration sample can be useful: (Take a look on proxy redirect line)
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect http://upstream:port/two/ /one/;
I think adding this should do the trick:
proxy_redirect http://127.0.0.1:8000 /blog;
You can find full documentation and examples in the nginx documentation.
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect

How to setup nginx multiple apps and mutiple ports with one ssl

I have already deployed in HTTPS. This is my nginx.conf
server {
listen 3000 ssl;
listen [::]:3000 ssl;
server_name localhost hostname.com;
ssl_certificate ssl-bundle.crt;
ssl_certificate_key privatekey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:4000/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
I want to run new app with new port on the same domain, I try to add this:
server {
listen 4000 ssl;
listen [::]:4000 ssl;
server_name localhost hostname.com;
ssl_certificate ssl-bundle.crt;
ssl_certificate_key privatekey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8000/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
When run two app I can use https only port 3000 but can not use app on port 4000. How to config file?

Node Red + Grafana on internet with Nginx

I'm using node red and Grafana on an EC2 instance(AWS).
I have a registered domain and I'm able to join my grafana (port 3000) on internet by searching localhost (without :3000) or my domain on internet. I'm using certbot for my certificates.
But now I can't access to my nodered (port 1880). I would like to have access to my node red with the same website or just with a TCP connection by taping localhost:1880 (it's not important if my node red is not connected to internet).
I have tried many different configurations. This is the last I have tried on /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name domain www.domain;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80 ;
listen [::]:80 ;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name sub.domain www.sub.domain;
location / {
proxy_pass http://localhost:1880;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
Step 1: Go to /home/ubuntu/.node-red/settings.js and then uncomment:
httpRoot: '/nodered',
Step 2: You need to go to /etc/nginx/sites-available/default and edit this:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name yourdomain www.yourdomain;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /nodered {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://localhost:1880;
}
}
Finnaly you cann acces to your grafana with yourdomain
and access to node red with yourdomain/nodered

Nginx regex's aren't matching properly

I've got a pretty basic nginx/nginx.conf but unfortunately I can't get 1 of the servers to match properly, I'm pretty sure it's because they use some text which is exactly the same as another domain
I've tested the regex's on regex101.com and they seem to be matching the way they should be, but nginx is doing something else with them
this is what my whole nginx conf looks like
https://pastebin.com/E3N8awGk
key area:
# lopudesigns
server {
listen 80;
server_name ~^(.*|)(\.|)lopudesigns\.dev$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:7777;
}
}
# lopudesigns example sites
server {
listen 80;
server_name ~^ozledgrowlights\.lopudesigns\.dev$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:1337;
}
}
# ozledgrowlights
server {
listen 80;
server_name ~^(.*|)(\.|)ozledgrowlights\.dev\.au$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:1337;
}
}
# a lopu client
server {
listen 80;
server_name ~^(.*|)(\.|)alopu\.com$;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name ~^(.*|)(\.|)alopu\.com$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:8888;
}
ssl_certificate /usr/local/etc/nginx/certs/alopu/server.crt.pem;
ssl_certificate_key /usr/local/etc/nginx/certs/alopu/server.key.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}
ozledgrowlights.dev.au matches correctly
alopu.com matches correctly
but lopudesigns.dev gets proxied to http://127.0.0.1:8888 instead of http://127.0.0.1:7777
which is evident because the url doesn't change, so it doesn't actually get redirected to alopu.com, which means that the alopu.com regex/server block is capturing those http requests, which is pretty weird since the regex
~^(.*|)(\.|)lopudesigns\.dev$; captures lopudesigns.dev perfectly and ~^(.*|)(\.|)alopu\.com$; doesn't capture lopudesigns.dev at all
I should also note that ~^(.*|)(\.|)ozledgrowlights\.dev\.au$; doesn't capture anything at all, so ozledgrowlights.lopudesigns.dev doesn't load anything at all
so I'm a bit confused? :O
Sorry but it was some local issue with the .dev domain, not sure what it was but changing .dev to .ved made it work... odd

Resources