Issues with Artifactory and NGINX proxy_pass - nginx

I'm having issues with nginx and proxy pass. I have setup an instance of JFrog Artifactory and pointed my domain to it successfully; however the port is still appearing in the "URL to file" (the image). Here is my nginx config
server {
server_name repo.hyperiamc.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://x.x.x.x:8082;
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://x.x.x.x:8081;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/repo.hyperiamc.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/repo.hyperiamc.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
Visiting the site the URL works, it appears that it's only the URL to file. I have set my Base URL inside of artifactory to match that of the proxy.

I believe it is due to the header value we are setting up in the config. Change the line.
From: proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
TO: proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
Hope this helps.

Related

Nginx: 404 Not Found error as reverse proxy

I am trying to configure Nginx as reverse proxy keeping Uvicorn behind it.
When I try to access "example.com", it returns the home page but gives 404 for all static files.
When I try to access any other endpoint like "example.com/blog", it returns "404 not found" page.
Here is the Nginx config:
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream uvicorn {
server unix:/tmp/uvicorn.sock;
}
What changes should I do to make it work?
As per the suggestion given by #richard-smith in the comment, I tried commenting out this line
location / {
#try_files $uri $uri/ =404; <-- here
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
and it worked fine. It is now able to serve all the endpoints.

Request body is not passing in http url but it is present in https url

I am testing some APIs with POSTMAN.
When i am sending data in request body (raw section in POSTMAN) , data is present when i call the url with https i.e https://example.com/api-url/ but i am receiving empty body when i send the request with http url i.e http://example.com/api-url/
Non-secure requests are working fine. They are being directed to https. Only issue is request body is not being there when any request is called from http url.
What is wrong in nginx configuration?
This is the nginx configuration.
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
access_log /home/myuser/myproject/logs/nginx-access.log;
error_log /home/myuser/myproject/logs/nginx-error.log;
server_name example.com ;
add_header Content-Security-Policy "frame-ancestors *.exampledomain.com" always;
location /static/ { alias /home/myuser/myproject/staticfiles/; }
location /media/ { alias /home/myuser/myproject/media/; }
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com ;
return 404; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com;
return 404; # managed by Certbot
}
Maybe Express body-parser/json-parser didn't parse the body when you call with http, and did not pass it to req.body.
Add this into your / proxy handler May correct your problem :
proxy_set_header content-type "application/json";
like this :
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header content-type "application/json";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
I found this answer by #miknik . It states that there is an issue while redirecting with 301/302 status codes. I replaced 301 with 307 in my nginx configuration and it started working.

How setup location block to strip port from url

I'm trying to setup nginx to reverse proxy to a port dynamically based on port found in path.
So https://my-nginx.uksouth.cloudapp.azure.com/58585/some/route goes to https://localhost:58585/some/route
And https://my-nginx.uksouth.cloudapp.azure.com/59595/some/route goes to
https://localhost:59595/some/route
I can hard code the config like this
server {
server_tokens off;
server_name my-nginx.uksouth.cloudapp.azure.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-nginx.uksouth.cloudapp.azure.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-nginx.uksouth.cloudapp.azure.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /58585 {
proxy_pass http://localhost:58585/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location /59595 {
proxy_pass http://localhost:59595/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
server {
if ($host = my-nginx.uksouth.cloudapp.azure.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-nginx.uksouth.cloudapp.azure.com;
return 404; # managed by Certbot
}
and reverse proxy like this
ssh -R 58585:localhost:58585 myuser#my-nginx.uksouth.cloudapp.azure.com
ssh -R 59595:localhost:59595 myuser#my-nginx.uksouth.cloudapp.azure.com
This works as expected; then I've tried to make this dynamic
So https://my-nginx.uksouth.cloudapp.azure.com/targetPort/some/route goes to https://localhost:$targetPort/some/route
The best I can come up with is the following but this keeps failing and with a 502 bad gateway.
location ~ /([0-9]+) {
set $targetPort $1;
proxy_pass http://localhost:$targetPort/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
Can someone guide me with the correct way to do this ?
Thanks!
According to documentation:
In some cases, the part of a request URI to be replaced cannot be determined:
When location is specified using a regular expression, and also inside named locations.
In these cases, proxy_pass should be specified without a URI.
I think you can try to use rewrite here to specify an URI:
location ~ ^/(\d+) {
set $targetPort $1;
rewrite /\d+(.*) $1 break;
proxy_pass http://localhost:$targetPort;
...
}
Maybe this can be optimized for one regex matching instead of two:
location ~ ^/(\d+)(.*) {
set $targetPort $1;
set $newuri $2;
rewrite . $newuri break;
proxy_pass http://localhost:$targetPort;
...
}
But it needs to be tested, nginx behavior is unpredictable sometimes.
Update
This is definitely can be optimized to
location ~ ^/(?<targetPort>\d+)(?<newURI>.*) {
rewrite . $newURI break;
proxy_pass http://localhost:$targetPort;
...
}

Multiple nginx subdomains leads to a single jetty instance

I have added multiple subdomains on nginx and now I would like to proxy pass all subdomains to a single jetty instance.
Let´s say
subdomain1.blog.com -> localhost:8080/subdomain1
jenkins.blog.com -> localhost:8080/jenkins
I tested a lot of examples and in the end I struggled with the url.
If I open http://jenkins.blog.com I will redirect to https://jenkins.blog.com/jenkins/login?from=%2Fjenkins%2F
How can I get rid of this /jenkins/ in my url?
Is it possible to achieve it without using multiple jetty instances and deploying apps on webroot?
upstream jetty {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
server_name jenkins.blog.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name jenkins.blog.com;
ssl_certificate /etc/letsencrypt/live/blog.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.com-0002/privkey.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location /jenkins {
rewrite ^/jenkins(/.*)$ $1 last;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_pass http://jetty/jenkins/;
proxy_read_timeout 90;
#proxy_redirect http://localhost:8080/jenkins https://jenkins.blog.com;
#proxy_redirect http:// https://;
proxy_redirect off;
proxy_buffering off;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.blog.com:50022' always;
}
}
}

conflicting server name "localhost" warning on nginx

I am trying to set up nginx for my localhost on a linux cntainer
Here is the config
## server configuration
server {
listen 443 ssl;
listen 80 ;
## add ssl entries when https has been set in config
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
server_name localhost;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/localhost-access.log timing;
## error_log /var/log/nginx/localhost-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://localhost:8081/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
## server configuration
server {
listen 6555 ssl;
server_name localhost;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/localhost-access.log timing;
## error_log /var/log/nginx/localhost-error.log;
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-virtual/$1/$2;
client_max_body_size 0;
chunked_transfer_encoding on;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://localhost:8081/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
After I retsrat nginx I get the following error
nginx: [warn]nginx: [warn] conflicting server name "localhost" on 0.0.0.0:80, ignored
"localhost" on 0.0.0.0:80, ignored
Also when I navigate to the browser I get a connection refused on localhost:443
What might be wrong?
your server can't resolve your domain name localhost as one IP address
you may have a duplicate entry of your local virtual host name in hosts file
lines should be seen in host file
127.0.0.1 localhost
0.0.0.0 localhost
delete or modify second one
This problem could be caused also by running virtual DNS service like unbound
if you are running so, be sure to configure it correctly

Resources