How can I correctly configure nginx and phpmyadmin? I've configured nginx and can access phpmyadmin login page through nginx but unable to login, when I try to login it shows Failed to set session cookie. Maybe you are using HTTP instead of HTTPS to access phpMyAdmin.
I'm accessing through https://example.com/phpmyadmin/
and this is the nginx config
location /myphpadminroute/{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header host $host;
proxy_pass_request_headers on;
root path_to_phpmyadmin/phpMyAdmin/;
proxy_pass http://localhost:8080/phpmyadmin/; # apache is running on 8080
}
The login is working fine when using apache url either http://localhost:8080/phpmyadmin/ or https://localhost:8443/phpmyadmin/
I've also tried with proxy_pass https://localhost:8443/phpmyadmin/; in nginx but same error rises.
Whether it is nginx configuration problem or phpmyadmin I just couldn't figure it out.
Edit: The cookie path is not correct phpMyAdmin_https=utd7tbihn9qp9r4e0f0dvj6tpo; path=/phpmyadmin/; secure; HttpOnly and it's working fine if I change nginx path to /phpMyAdmin/ now how can I change cookie path in phpmyadmin
Finally it's working perfectly fine.
For those who are also facing this type of problem the trick is to just set variable in config.inc.php $cfg['PmaAbsoluteUri'] to the url that your user should see
for example $cfg['PmaAbsoluteUri'] = https://example.com/myphpadminroute
Related
I'm running Plesk Obsidian on my centOS server and manually installed Jenkins on it. Jenkins is up and running. It can be used by calling http://my-server.de:38080 without any problems. I also created a new subdomain in Plesk (jenkins.my-server.de), which is secured with a lets encrypt certificate.
My idea was to use the nginx reverse proxy to call Jenkins using the new subdomain: https://jenkins.my-server.de. Therefore I disabled the use of Apache in the Plesk Apache & nginx Settings for the subdomain and added the following additional nginx directives in the Plesk web interface:
location ~ / {
proxy_pass http://localhost:38080;
proxy_read_timeout 90;
proxy_redirect http://localhost:38080 https://jenkins.my-server.de;
}
The problem is, that some sites are working and on other sites I get a 404.
Calling https://jenkins.my-server.de should show me the login page, but I get a 404. Only if I enter https://jenkins.my-server.de/index in the browser, I see the login page.
Calling https://jenkins.my-server.de/manage on the other hand loads the wanted page without error. The page https://jenkins.my-server.de/configureSecurity shows a 404 again and only works if I add /index at the end.
Am I missing something in the nginx settings?
The following configuration is working for me in combination with Plesk.
location ^~ / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://localhost:38080 https://jenkins.my-server.de;
proxy_pass http://localhost:38080;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off;
add_header 'X-SSH-Endpoint' 'jenkins.my-server.de:50022' always;
}
I want to ask if there is a way to deploy my Flask project to a Plesk subdomain. The site is going to be created with wordpress inside Plesk. Also, i would like to have database support.
I was struggeling with a similar issue. What i did was the following:
Installed nginx
In the subdomain -> Apache & nginx Settings, make sure to disable the proxy-mode under the nginx settings
add the following to Additional nginx directives:
location / {
# Define the location of the proxy server to send the request to
proxy_pass http://127.0.0.1:5000;
# Redefine the header fields that NGINX sends to the upstream server
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Define the maximum file size on file uploads
client_max_body_size 5M;
}
location /static/ {
alias /var/www/vhosts/PATH/TO/FLASK/app/static/;
}
The rest is handled by gunicorn, you can find a great tutorial here: https://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-xvii-deployment-on-linux
hope that helps
I have setup a reverse proxy between Nginx and Artifactory, following instructions from here : https://www.jfrog.com/confluence/display/RTF/nginx
I've also enabled HTTP SSO in Artifactory so that a user authenticated by Artifactory is able to log in to Artifactory automatically. Instructions followed from here : https://www.jfrog.com/confluence/display/RTF/Single+Sign-on
Everything is working except that Artifactory is really slow. When I go to the website (eg. artifactory.myorg.com/webapp/#/home,) a progress wheel comes up and it keeps rolling and on every page.
If I turn off Nginx and access Artifactory using its embedded Tomcat engine then everything works fine.
Is there anything I can do to fix this ?
Update
The browsing is fine as soon as I turn off the following setting:
proxy_set_header REMOTE_USER $remote_user;
I am guessing that Artifactory is currently processing this user setting for every request and maybe I need to do something at Tomcat side or to Artifactory settings to resolve that.
Here's how my nginx/artifactory config looks (They were generated by Reverse Proxy setup page in Artifactory 4.4):
ssl_certificate /etc/ssl/certs/dummy.crt;
ssl_certificate_key /etc/ssl/keys/dummy.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
server {
listen 443 ssl;
server_name dummy.net;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
access_log /var/log/nginx/dummy-access.log;
error_log /var/log/nginx/dummy-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory$ /artifactory/webapp/ redirect;
location /artifactory/ {
auth_pam "Secure Zone";
auth_pam_service_name "sevice";
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://127.0.0.1:8081/artifactory/;
proxy_set_header DUMMY_USER $remote_user;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Yes. Using Nginx as a reverse proxy should not add noticeable overhead, and could speed up the experience if you use it to serve the static assets.
Your testing so far as implicated Nginx, so posting your related Nginx configuration would be helpful.
But I'll go out a limb and make a guess without seeing it. You are likely using proxy_pass in Nginx to send requests on to Artifactory. If Artifactory is on the same host as Nginx, the proxy_pass address should be a port on 127.0.0.1. If you are instead including a domain name there, then your traffic might doing some like being routed from Nginx back to a load balancer, through CloudFlare, or some other inefficient route.
After trying to reproduce your scenario a few times would recommend to try one more thing to isolate the problem.
Try to set a fix username in the REMOTE_USER value, instead of a variable.
proxy_set_header REMOTE_USER username;
BTW, from the snippet it appears the header name is DUMMY_USER and in the example you specified REMOTE_USER. Make sure you the header name is the same as configured in Artifactory under the Admin > Security | HTTP-SSO .
If this issue still reproduces, please contact support#jfrog.com.
I have set up nginx as a reverse proxy for our jenkins server. Nginx is using proxy_pass to the jenkins server so it should just be forwarding the requests and responses.
When I go to my.domain.com/jenkins (hitting the nginx server) the url is fine. I can click on the url for each project and the url will still look like: my.domain.com/jenkins/job/myProject/. Even going to jenkins configure is fine.
The problem:
When I click on Configure Global Security the url changes to jenkin's sever IP. This wouldn't be such an issue but the Google Login Plugin is hitting it as well and my OAuth callbacks are set to hit the nginx server.
What I've Done:
I have set the Jenkins URL in configure to be my.domain.com/jenkins
Made sure the JENKINS_ARGS have the --prefix=/jenkins
Restarted Jenkins after setting the url in the configuration.
Verified jenkins.model.JenkinsLocationConfiguration.xml has the correct location
Any ideas or suggestions would be amazing! Thank You!
The issue was nginx and the way I was redirecting.
I was using:
location /jenkins/ {
proxy_pass $scheme://ip.address.to.server:port;
}
But needed:
location /jenkins/ {
proxy_pass $scheme://ip.address.to.server:port;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
I have an Ubuntu 14.04 server and I have a meteor application that runs at localhost:3000 on this server. The public FQDN of my server is sub.example.com. The meteor application uses Google OAuth 2.0, I have the following configured in the Google API Console:
URI REDIRECTION
http://sub.example.com/_oauth/google
http://sub.example.com/_oauth/google?close
ORIGINES JAVASCRIPT
http://sub.example.com
My Nginx config file looks like this:
server {
listen 80 default_server;
server_name sub.example.com www.sub.example.com;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000;
}
}
The proxy works and I can access my meteor application when I go to sub.example.com. But when in this application I try to use Google OAuth 2.0, a pop up opens as it should and I get :
Error: redirect_uri_mismatch
The redirect URI in the request: http://localhost:3000/_oauth/google?close did not match a registered redirect URI.
I have played with the header in the nginx config file with no luck.
I'm obviously missing something.
You should rewrite the Location headers that your backend sends to Nginx described in http://wiki.nginx.org/HttpProxyModule#proxy_redirect, so:
proxy_redirect http://localhost:3000/_oauth/google http://sub.example.com/_oauth/google;
the other option, that would work for popup-style login as well is to set the ROOT_URL environment variable for Meteor at startup as follows:
ROOT_URL="http://sub.example.com" PORT=3000 node main.js