Consolidate NGINX config for my VueJS and Flask App - nginx

I'm working on deploying my VueJS and Flask app. After watching few tutorials I came to the NginX configuration below. It works, but it's getting long. Is there a way I can consolidate the location endpoints to something like this location /*?
I've tried - location /*, location *.
server {
listen $PORT;
root /usr/share/nginx/html;
index index.html index.html;
location / {
try_files $uri /index.html =404;
}
location /ping {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_redirect default;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /query_usdot {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_redirect default;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /subscribe {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_redirect default;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}

As nginx documentation states:
location can either be defined by a prefix string, or by a regular expression.
To join this three location blocks you can use this regexp:
location ~ ^/(?:ping|query_usdot|subscribe) {
...
}

Related

Nginx reverse proxy to server that's specified in the path

I have an nginx reverse proxy location setup like so:
location /192.168.0.10 {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path /phpmyadmin/ /;
proxy_redirect off;
proxy_pass http://192.168.0.10/;
}
location /192.168.0.11 {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path /phpmyadmin/ /;
proxy_redirect off;
proxy_pass http://192.168.0.11/;
}
location /192.168.0.12 {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path /phpmyadmin/ /;
proxy_redirect off;
proxy_pass http://192.168.0.12/;
}
location /192.168.0.13 {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path /phpmyadmin/ /;
proxy_redirect off;
proxy_pass http://192.168.0.13/;
}
location /192.168.0.14 {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path /phpmyadmin/ /;
proxy_redirect off;
proxy_pass http://192.168.0.14/;
}
location /192.168.0.15 {.....
This structure repeats about 96 times so that we can have a reverse proxy to each one. Is there a way to simplify it so that there is only one structure and that the IP in the location's path magically just appears in the proxy_pass directive? Because this is becoming a pain to manage as we add and remove servers.
I think the following regex matching location should work:
location ~ ^/(?<proxy>192\.168\.0\.(?:10|11|12|13|14|15|...))(?:/(?<path>.*))?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path /phpmyadmin/ /;
proxy_redirect off;
proxy_pass http://$proxy/$path;
}
You can additionally optimize that non-capturing group (?:10|11|12|13|14|15|...), for example to match any number from 10 to 105 it can be written as (?:10[0-5]|[1-9]\d).
Update 1
As requested by OP, PCRE regex for any IPv4 address with strict checking (for matching only correct IPv4 addresses from 0.0.0.0 to 255.255.255.255, adapted from this answer) can be written as
location ~ "^/(?<proxy>(?:25[0-5]|2[0-4]\d|[01]?\d?\d\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d?\d))(?:/(?<path>.*))?$" {
...
}
Due to the curly brackets usage regex pattern must be enclosed in double quotes.
Update 2
Previous solutions won't preserve the request query string, more correct solution to keep all the request query arguments is to use proxy_pass http://$proxy/$path$is_args$args directive:
location ~ "^/(?<proxy>(?:25[0-5]|2[0-4]\d|[01]?\d?\d\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d?\d))(?:/(?<path>.*))?$" {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path /phpmyadmin/ /;
proxy_redirect off;
proxy_pass http://$proxy/$path$is_args$args;
}

Nginx Basic authentification for an upstream location

i am trying to get a basic authentification in an nginx conf for an upstream.
location /movies/ {
rewrite /movies/(.*)$ /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_buffering off;
proxy_pass http://jd2movies;
auth_basic "Administrator Login";
auth_basic_user_file /root/.htpasswd;
}
but i get an "500 Internal Server Error"
How can i achieve this to get it working?
Thanks

alertmanager unsee behind nginx proxy

I'm trying to serve alertmanager and unsee from the same container.
In my testing:
I background alertmanager
I background unsee
I run /sbin/nginx
when I visit / I can see alertmanager
when I visit /unsee I get ERR_INVALID_RESPONSE
I can curl http://127.0.0.1:8080 and see that unsee is serving files
I have the below config in /etc/nginx/sites-enable
server {
listen 9093;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:9094;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /unsee/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
so the configuration should be like this ...
server {
listen 9093;
server_name alertmanager.*;
location / {
resolver 127.0.0.11 ipv6=off;
set $target http://container_hostname:9094;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $target;
}
}
server {
listen 9093;
server_name unsee.*;
location / {
resolver 127.0.0.11 ipv6=off;
set $target http://container_hostname:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $target;
}
}

Deploy Udash demo app to NGINX

How can I deploy the Udash framework demo outside of SBT, and run it under NGINX?
I know it is lame, but I am able to run under NGINX with this line:
nohup sbt -Djline.terminal=jline.UnsupportedTerminal run &
and these location mappings:
location /notifications/ {
proxy_pass http://127.0.0.1:12345;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location /atm/ {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /frontend/ {
proxy_pass http://127.0.0.1:12345;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location / {
proxy_pass http://0.0.0.0:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}

Rewrite plex media server url on nginx?

I have very limited knowledge with rewriting url in nginx. I have a plex media server running behind on nginx, i can access the dashboard with http://domain.com/web/index.html with these config i found on github:
upstream plex-upstream {
server plex-server.example.com:32400;
}
server {
listen 80;
server_name domain.com
location / {
if ($http_x_plex_device_name = '') {
rewrite ^/$ http://$http_host/web/index.html;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_pass http://plex-upstream;
}
}
What i want is to remove /web/index.html so when i go to http://domain.com, the PMS dashboard will load. I tried some one liner rewrite rules already but all failed. Thanks.
I am not nginx specialist, but I had similar problem.
The diference is that I was not trying to alias domain.name/ to domain.name/web/,
My goal was to alias domain.name/plex/ to domain.name/web/.
I was getting redirects to web/index.html with all solutions I could find except this one Configure Plex Media Server Reverse Proxy nginx Linux.
The only one problem with this one was that if you go to web/ you will stay there.
So here is my creepy yet working solution:
upstream plex {
server localhost:32400;
}
server {
listen 80;
server_name domain.name;
server_name_in_redirect off;
location / {
proxy_pass http://localhost:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location /web/index.html {
if ($http_x_should_not_redirect = ""){
return 301 https://domain.name/plex/index.html;
}
proxy_pass https://plex;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x_should_not_redirect $host;
}
location /web {
proxy_pass https://plex;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x_should_not_redirect $host;
}
location /plex {
proxy_pass https://127.0.0.1/web;
proxy_set_header X-should-not-redirect $host;
}
location /transmission/rpc {
proxy_pass http://localhost:9091;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location /transmission/web {
proxy_pass http://localhost:9091;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dovgastreetnas.viewdns.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dovgastreetnas.viewdns.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
Hope this will help somebody.

Resources