My NGINX conf is-
server {
listen 80;
server_name site.com ;
location / {
include proxy_params;
proxy_pass http://0.0.0.0:8000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I am running a Flask app on Gunicorn on Port 8000. When I try to access my site, I get a 504 Gateway Time-out nginx/1.14.0 (Ubuntu).
In the error.log , it says-
upstream timed out (110: Connection timed out) while connecting to upstream, client:myip server: site.com, request: "GET / HTTP/1.1", upstream: "http://0.0.0.0:8000/", host: "mysite.com"
You have some errors in your config.
You cannot have one server who is listening on multiple ports.
You should not write 0.0.0.0:8000, but try 127.0.0.1:8000 instead
Also I dont understand why you include proxy params, just delete that line.
Here is an example of what you could do.
server {
server_name site.com www.site.com;
location / {
proxy_pass http://127.0.0.1:8000/;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.site.com) {
return 301 https://$host$request_uri;
}
if ($host = site.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name site.com www.site.com;
return 404;
}
Good Luck :-)
Suggest to keep like below values, which could resolve the timeout issue.
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
Related
I have a two servers that serve the same static content behind an Nginx load balancer
`
upstream backend {
server xxx.xxx.xxx.xx;
server xxx.xxx.xxx.xx;
}
server {
server_name example.com www.example.com;
location / {
proxy_pass http://backend;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host !~* ^(www\.)?example.com$) {
return 444;
}
listen 80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
`
So far I have blocked access to the load balancer from the IP and I want to do the same for the servers I want only the requests that goes through the load balancer to be accpted by both backend servers.
servers have same configuration here is how it looks:
`
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
access_log /var/log/nginx/access.log;
}
`
FIXED:
I created a special header that the load balancer adds to the request and if it is not included the server will close the connection.
I have a nodejs server running with nginx as a reverse proxy. https://example.com and http://example.com run correctly with http://example.com redirecting to https, but http://www.example.com gives an nginx error 404 Not Found. https://www.example.com does work, though.
This is my server block configuration:
server {
root /var/www/partyshare.shop/html;
index index.html index.htm index.nginx-debian.html;
server_name partyshare.shop www.partyshare.shop;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/partyshare.shop/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/partyshare.shop/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = partyshare.shop) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name partyshare.shop www.partyshare.shop;
return 404; # managed by Certbot
I believe the error is on the second server block, where $host = www.partyshare.shop when requesting the http version, so it skips past the redirect and returns a 404 error. I tried adding an if statement for the www version, but it errored out, and wouldn't recognize my SSL certificate as the http was crossed out in red, so if anybody could help that would be great.
You should update the 2nd server block to do the same for both partyshare.shop and www.partyshare.shop, and not just partyshare.shop.
server {
listen 80;
listen [::]:80;
server_name partyshare.shop www.partyshare.shop;
return 301 https://$host$request_uri;
}
I have a subdomain https://test.shop.com, I'm running a Nginx server and it's working fine. But I have to accept the request with https://test.shop.com:8080/graphql/ and redirect to http://127.0.0.1:8000 to the same machine. I've added this block
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
But when I try to access https://test.shop.com:8080/graphql/ from the browser it shows me This site can’t be reached seems something to do with dns. Although I can access https://test.shop.com/graphql/ and it works fine.
My whole config file is
server {
server_name test.shop.com;
root /var/www/html/test;
index index.html;
location / {
try_files $uri $uri/ /index.html?$args;
}
# dashboard app
location /dashboard/ {
try_files $uri $uri/ /dashboard/index.html?$args;
}
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/test.shop.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.shop.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = test.shop.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name test.shop.com;
return 404; # managed by Certbot
}
You must create new virtualhost and listen that virtualhost to port 8080.
server {
listen 8080 ssl;
server_name test.shop.com;
root /var/www/html/test;
index index.html;
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
ssl_certificate /etc/letsencrypt/live/test.shop.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.shop.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I want to redirect https://*.example.com to https://www.example.com (* being any subdomain).
My Nginx configuration (unrelated lines removed):
server {
server_name www.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/vpsuser/example/example;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 http2 ssl; # managed by Certbot
listen [::]:443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name example.com *.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
return 301 https://www.example.com$request_uri;
}
When I go to https://s.example.com no redirection happens and browser displays "this connections isn't secure". My code for same logic for http works without any problem.
And when I enter https://example.com it redirects to https://www.example.com successfully.
I tried return 404 to see if it is really done by the same code block and I got 404 page. So, why it redirects https://example.com but not https://*.example.com? How can I solve it?
I am using Django. Just saying if there can be any relation.
This is my configuration file:
server {
server_name domain1.com www.domain1.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:3000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name domain1.com www.domain1.com;
return 404; # managed by Certbot
}
server {
server_name domain2.com www.domain2.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:4000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name domain2.com www.domain2.com;
listen 80;
return 404; # managed by Certbot
}
server {
listen <server-ip>:80;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:4000;
}
}
I'm running 3 websites on the same server using this config file:
domain1.com which points to port 3000
domain2.com which points to port 3001
main server IP which points to port 4000
All domains are automatically configured to use SSL, which is done by Certbot.
This morning, the agency that I work with called me and told me that domain1.com and domain2.com are both showing the server on port 80. Out of nowhere! I tested this once and it was working fine. Overnight, it changed to that port. Why would this happen and how can I avoid it or make my config better?