I want to do proxy_pass for
https://atmvpn.appdomain.cloud/sft-ui/sft/api/orgs/v1/org in such a way that should be
https://dev.apnat.net/sft/api/orgs/v1/orgso while proxy_pass we need to remove sft-ui so I add below location in nginx.conf file
`location /sft-ui/sft/api {
access_log off;
rewrite ^/sft-ui/(.*) /$1 break;
proxy_pass <%= ENV["AMS_DOMAIN"] %>;
}`
I have set AMS_DOMAIN as environment variable. But when I hit https://atmvpn.appdomain.cloud/sft-ui/sft/api/orgs/v1/org in browser I get error "502 Bad Gateway".
in Logs of openshift pod I can see:
2020/06/05 07:06:46 [error] 11#11: *1 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 172.30.96.141, server: , request: "GET /sft-ui/sft/api/orgs/v1/org HTTP/1.1", upstream: "https://104.18.12.180:443/sft/api/orgs/v1/org", host: "atmvpn.appdomain.cloud"
2020/06/05 07:06:46 [warn] 11#11: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 172.30.96.141, server: , request: "GET /sft-ui/sft/api/orgs/v1/org HTTP/1.1", upstream: "https://104.18.12.180:443/sft/api/orgs/v1/org", host: "atmvpn.appdomain.cloud"
Just adding proxy_ssl_server_name on; its resolved
location /sft-ui/sft/api {
access_log off;
rewrite ^/sft-ui/(.*) /$1 break;
proxy_pass <%= ENV["AMS_DOMAIN"] %>;
#By setting to "on" can proxy to upstream hosts using SNI
proxy_ssl_server_name on;
}
Related
Here is my nginx config file:
location ~* ^/admin-panel/rest/(.*) {
auth_request /admin/admin_authentication/check_access?url=$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
resolver 127.0.0.11 ipv6=off;
proxy_pass http://nginx:8000/$1$is_args$args;
}
I want to send $request_uri as a GET parameter to my authentication service. but i get errors like this:
2019/06/23 06:30:07 [error] 6#6: *5 auth request unexpected status:
404 while sending to client, client: 192.168.224.1, server: , request:
"POST /admin-panel/rest/update HTTP/1.1", host: "localhost"
2019/06/23 06:30:07 [error] 6#6: *8 auth request unexpected status:
404 while sending to client, client: 192.168.224.1, server: , request:
"POST /admin-panel/rest/update HTTP/1.1", host: "localhost"
2019/06/23 06:31:56 [error] 6#6: *1 auth request unexpected status:
404 while sending to client, client: 192.168.224.1, server: , request:
"POST /admin-panel/rest/update HTTP/1.1", host: "localhost"
2019/06/23 06:31:57 [error] 6#6: *3 auth request unexpected status:
404 while sending to client, client: 192.168.224.1, server: , request:
"POST /admin-panel/rest/update HTTP/1.1", host: "localhost"
when I remove ?url=$request_uri section in auth_request, everything works fine
By using lua-nginx-module (or openresty docker image), You can use access_by_lua_block instead of auth_request like this:
location ~* ^/admin-panel/rest/(.*) {
access_by_lua_block {
local res = ngx.location.capture("/admin/admin_authentication/check_access?url=" .. ngx.var.request_uri)
if res.status == ngx.HTTP_OK then
return
end
if res.status == ngx.HTTP_FORBIDDEN then
ngx.exit(res.status)
end
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
resolver 127.0.0.11 ipv6=off;
proxy_pass http://nginx:8000/$1$is_args$args;
}
Actually, This code implements auth_request with access_by_lua_block and create URL with Lua concatenation operator ...
I want to use nginx as forward proxy, but rewrite (also the host part) the URL based on a header value.
Suppose the browser connect to nginx on port 8888 with a regular http request. The header ha the pair:
X-myattribute: https://somehost.com
nginx should proxy_pass to https://somehost.com
My nginx.conf is now:
server {
listen 8888;
proxy_connect;
proxy_max_temp_file_size 0;
resolver 8.8.8.8;
location / {
proxy_pass https://$http_myattribute;
# proxy_pass http://$http_host$uri$is_args$args;
proxy_set_header Host $http_host;
}
}
}
but I get:
2018/08/16 19:44:08 [error] 9#0: *1 invalid port in upstream "https://somehost.com:443", client: 172.17.0.1, server: , request: "GET / HTTP/1.1", host: "localhost:8888"
2018/08/16 19:47:25 [error] 9#0: *1 invalid URL prefix in "https://somehost.com:443", client: 172.17.0.1, server: , request: "GET / HTTP/1.1", host: "localhost:8888"
(two lines depending if I set proxy_pass http://$X-myattribute or proxy_pass https://$X-myattribute or proxy_pass $X-myattribute. Assume X-myattribute always have http:// or https://)
Any suggestion?
I am trying to run Akka service using nginx. Here is my default.conf:
upstream hello-akka{
server localhost:9000;
}
server {
listen 9000;
location /* {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /akka {
proxy_pass http://hello-akka;
}
location /assets {
root /var/www;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Default nginx page works just fine but when I redirect to /akka I get 500 internal server error. Here is my nginx log file:
2017/12/05 10:58:17 [crit] 11077#11077: *1014 open() "/usr/share/nginx/html/50x.html" failed (24: Too many open files), client: 127.0.0.1, server: , request: "GET /akka HTTP/1.0", upstream: "http://127.0.0.1:9000/akka", host: "hello-akka"
I have changed /etc/security/limits.con file to increase the number of connections from 1024 to 16384. However, after that I keep getting another error:
host: "hello-akka"
2017/12/05 11:40:42 [error] 15916#15916: *37494 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 127.0.0.1, server: , request: "GET /akka HTTP/1.0", upstream: "http://127.0.0.1:9000/akka"
So what is wrong with my configurations and how should I change them to run /akka page normally?
UPDATE: I have changed server localhost:9000 to server localhost:8080 in upstream hello-akka. However, when I redirect to localhost:9000/akka I get An error occurred page.
Error logs shows this error:
*1 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /akka HTTP/1.1", upstream: "http://127.0.0.1:8080/akka", host: "localhost:9000"
We're migrating from old server to a new one, so I've installed Odoo V10.0 on Ubuntu 16.04LTS hosted on Digitalocean.
Everything works just fine, but when I used reverse proxy to access Odoo from port 80 instead of the default 8069 according to this book and upload the old db, all the JS and CSS/LESS files give 404 not found on the website and I get Error 111 connection refused when the server tries to redirect to the online payment gateway.
Here's a screenshot of the error I receive in console
Here's my Nginx configuration in /etc/nginx/sites-available/odoo:
upstream backend-odoo {
server 127.0.0.1:8069;
}
upstream backend-odoo-im {
server 127.0.0.1:8072;
}
server {
listen 80;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
}
server {
listen 443 default;
# ssl settings
ssl on;
ssl_certificate
/etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
keepalive_timeout 60;
#increase the upload file size limit
client_max_body_size 30M;
# proxy header and settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
# odoo log files
access_log /var/log/nginx/odoo-access.log;
error_log /var/log/nginx/odoo-error.log;
# increase proxy buffer size
proxy_buffers 16 64k;
proxy_buffer_size 128k;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500
http_502 http_503;
# enable data compression
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
gzip_vary on;
location / {
proxy_pass http://backend-odoo;
}
location ~* /web/static/ {
# cache static data
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://backend-odoo;
}
location /longpolling {
proxy_pass http://backend-odoo-im;
}
}
Here's Odoo conf file:
[options]
addons_path = /odoo/enterprise/addons,/odoo/odoo-server/addons,/odoo/custom/addons,/odoo/server-tools
admin_passwd = xxxxxxxxxxx
csv_internal_sep = ,
data_dir = /odoo/.local/share/Odoo
db_host = False
db_maxconn = 64
db_name = False
db_password = False
db_port = False
db_template = template1
db_user = xxxx
dbfilter = .*
demo = {}
email_from = False
geoip_database = /usr/share/GeoIP/GeoLiteCity.dat
import_partial =
limit_memory_hard = 2684354560
limit_memory_soft = 2147483648
limit_request = 8192
limit_time_cpu = 60
limit_time_real = 120
limit_time_real_cron = -1
list_db = True
log_db = False
log_db_level = warning
log_handler = :INFO
log_level = info
logfile = /var/log/odoo/odoo-server.log
logrotate = False
longpolling_port = 8072
max_cron_threads = 2
osv_memory_age_limit = 1.0
osv_memory_count_limit = False
pg_path = None
pidfile = None
proxy_mode = True
reportgz = False
server_wide_modules = web,web_kanban
smtp_password = False
smtp_port = 25
smtp_server = localhost
smtp_ssl = False
smtp_user = False
syslog = False
test_commit = False
test_enable = False
test_file = False
test_report_directory = False
translate_modules = ['all']
unaccent = False
without_demo = False
workers = 0
xmlrpc = True
netrpc_interface = 127.0.0.1
xmlrpc_interface = 127.0.0.1
xmlrpc_port = 8069
Here's the output of log file in /var/log/nginx/odoo-error.log
2017/04/01 06:55:24 [error] 24333#24333: *3196 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xxx.xxx, server: , request: "GET /web_planner/static/src/img/odoo_logo.png HTTP/1.1", upstream: "http://127.0.0.1:8069/web_planner/static/src/img/odoo_logo.png", host: "yyy.yy.yyy.yy", referrer: "https://yyy.yy.yyy.yy/?debug=1"
2017/04/01 06:55:25 [error] 24333#24333: *3495 upstream prematurely closed connection while reading response header from upstream, client: xx.xx.xxx.xxx, server: , request: "POST /longpolling/poll HTTP/1.1", upstream: "http://127.0.0.1:8069/longpolling/poll", host: "yyy.yy.yyy.yy", referrer: "https://yyy.yy.yyy.yy/web?debug="
2017/04/01 07:01:29 [error] 24333#24333: *4263 upstream prematurely closed connection while reading response header from upstream, client: xx.xx.xxx.xxx, server: , request: "POST /longpolling/poll HTTP/1.1", upstream: "http://127.0.0.1:8069/longpolling/poll", host: "yyy.yy.yyy.yy", referrer: "https://yyy.yy.yyy.yy/web?"
2017/04/01 08:03:12 [error] 30741#30741: *5413 upstream prematurely closed connection while reading response header from upstream, client: xx.xx.xxx.xxx, server: , request: "POST /longpolling/poll HTTP/1.1", upstream: "http://127.0.0.1:8069/longpolling/poll", host: "yyy.yy.yyy.yy", referrer: "https://yyy.yy.yyy.yy/web?debug=1"
2017/04/01 08:17:38 [error] 30741#30741: *5491 upstream prematurely closed connection while reading response header from upstream, client: xx.xx.xxx.xxx, server: , request: "POST /longpolling/poll HTTP/1.1", upstream: "http://127.0.0.1:8069/longpolling/poll", host: "yyy.yy.yyy.yy", referrer: "https://yyy.yy.yyy.yy/web?debug=1"
2017/04/01 08:35:15 [error] 30741#30741: *6308 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xx.xx.xxx.xxx, server: , request: "POST /longpolling/poll HTTP/1.1", upstream: "http://127.0.0.1:8069/longpolling/poll", host: "yyy.yy.yyy.yy", referrer: "https://yyy.yy.yyy.yy/web?debug="
2017/04/01 08:46:38 [error] 30741#30741: *6897 upstream prematurely closed connection while reading response header from upstream, client: xx.xx.xxx.xxx, server: , request: "POST /longpolling/poll HTTP/1.1", upstream: "http://127.0.0.1:8069/longpolling/poll", host: "yyy.yy.yyy.yy", referrer: "https://yyy.yy.yyy.yy/web?debug="
the output of $netstat -ntlp | grep LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8069 0.0.0.0:* LISTEN -
Lastly the output of $telnet 127.0.0.1 8069
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
the output of $telnet 127.0.0.1 8072
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
the output of $telnet 127.0.0.1
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
PS. I didn't apply the SSL certificate yet or the domain name.
Comment below lines and try like that.
netrpc_interface = 127.0.0.1
xmlrpc_interface = 127.0.0.1
http://nginx.org/en/docs/http/ngx_http_memcached_module.html
Basic config is here:
worker_processes 2;
events {
worker_connections 1024;
}
error_log /var/log/nginx/nginx_error.log warn;
error_log /var/log/nginx/nginx_error.log info;
http {
upstream backend {
server localhost:3000;
}
server {
listen 80;
location / {
set $memcached_key $uri;
memcached_pass 127.0.0.1:11211;
error_page 404 = #fallback;
}
location #fallback {
proxy_pass http://backend;
}
}
}
It reverse proxy's the request when hitting port 80, but the logs always say:
2016/08/23 15:25:19 [info] 68964#0: *4 key: "/users/12" was not found by memcached while reading response header from upstream, client: 127.0.0.1, server: , request: "GET /users/12 HTTP/1.1", upstream: "memcached://127.0.0.1:11211", host: "localhost"
Nginx Memcached module does not write to the Memcached server. You should do this in your backend (for example PHP) using the $memcached_key