Nginx Flask application - nginx

I've got a flask application, and trying to configure nginx for the app.
For now only '/' page is available, another pages got 500 server error.
I'm newly in nginx, could you tell me how to fix?

I'd recommend a reverse proxy configuration for something like this.
You Flask application will listen on localhost on port 8888 (for example)
And then Nginx would pass requests to that port internally
Below is a basic config for passing inbound http (port 80) requests to your flask application listening internally on port 8888
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
location / {
proxy_pass http://127.0.0.1:8888;
}
}
Serving the flask app is another question. uWSGI and Gunicorn are two great wsgi servers that flask will work great with.
EDIT: adding ssl config. (Change the paths to meet your needs)
server {
listen 443 ssl;
server_name www.example.com example.com;
ssl_certificate /etc/letsencrypt/live/example.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://127.0.0.1:8888;
}
}

Related

Nginx changes url to backend url

i have 2 backend servers listening on 80 and 443 ports:
a.example.com
b.example.com
when i get http://a.example.com at 80 port, backend internal nginx redirect it to 443 port: https://a.example.com, but when i get https port it is not redirect it, opening normally. I have not permissions to change backend nginx configurations.
So, and i have 1 load balancer nginx server, witch route requests to upstreams (backends):
upstream backends {
server 172.20.1.2:443; #a.example.com
server 172.20.2.2:443; #b.example.com
}
server {
listen 80;
server_name a.example.com;
location / {
proxy_pass https://backends;
proxy_set_header HOST a.example.com;
}
}
when i get response from second backend (b.example.com) my URL in browser is changes to https://b.example.com, but i requested https://a.example.com
Q: How i can get always https://a.example.com url from both backends? For example, when a.example.com backend not responding, lb request to second backend (b.example.com), but response url must be a.example.com
Thx!
for routing of https(443) url you need to listen on 443 in nginx also. Eg.
server {
listen 443 ssl;
server_name a.example.com;
ssl_certificate a.example.com.crt;
ssl_certificate_key a.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass https://backends;
proxy_set_header HOST a.example.com;
}
}
and for dynamic routing to any upstreams try this :
upstream backends {
least_conn;
server 172.20.1.2:443; #a.example.com
server 172.20.2.2:443; #b.example.com
}
Hope this will works for you.
Helpful Links :-
https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/

Serve HTTPS traffic on NGINX servers

I'm trying to configure an Ansible NGINX deploy job to enable HTTPS on NGINX servers.
I can see that nginx.conf.je has http{...}. Do I need something similar for HTTPS or how is this configured?
You have to configure it as follows on nginx.conf file -
events {}
http {
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.exaple.com.crt;
ssl_certificate_key www.example.com.key;
location / {
return 200 "Nginx is running";
}
}
}
Found this at nginx.org/en/docs/http/configuring_https_servers.html.

Bind SSL certificate to a port number -- Nginx

Sorry for the limited understanding of Nginx and SSL. I have a React and Django app deployed on a server running on Nginx.
The React app is accessible using "example.org"(name is faked for demo purpose) and for the Django app, I have configured it to be accessible with port 3000 ie "example.org:3000".
The domain has SSL certificates installed and certificates are seen in "example.org" but while accessing "example.org:3000", the certificates are not available to this port.
I have been trying to allow ssl certificates to the port as well but couldnt succeed. I changed nginx conf file with listen 3000 ssl without success.
Please help, is there a way or should we need to modify the ssl certificates?
Nginx config at the moment is:
server {
listen 80 default_server;
server_name example.org;
return 301 https://example.org;
}
server {
listen 443 ssl;
server_name example.org;
ssl_certificate /etc/nginx/ssl/ssl_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
location / {
root /home/ubuntu/example/build;
index index.html index.htm;
}
}
The Port has nothing to do with the certs OR TLS Termination in general. IN case my assumptions are correct and your Django app is exposing its port 3000 by itself you need a proxy configuration that terminates the TLS for you.
server {
listen 8080 ssl;
server_name example.org;
ssl_certificate /etc/nginx/ssl/ssl_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_set_header Host $host;
.....
}
}
This will terminate the TLS Session for you on Port 8080 and forwards the traffic to your Django app. There are other, more advanced options, proxying traffic to your appserver but this one will do it.
Note: In case you want to proxy the traffic through NGINX make sure Port 3000 is not exposed to the public anymore.

Nginx is ignoring www in my rules while I don't want to

What I want:
I want to redirect www.mydomain.eu and mydomain.eu to, let's say, www.google.com, while having access to a local gitea server through git.mydomain.eu.
What I have:
I have this nginx config in /etc/nginx/sites-available:
ssl_certificate /XXX/fullchain.pem;
ssl_certificate_key /XXX/privkey.pem;
server {
listen 443 ssl default_server;
listen 80 default_server;
server_name www.mydomain.eu mydomain.eu;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
return 301 http://google.com;
}
}
server {
listen 443 ssl;
server_name git.mydomain.eu;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://localhost:3000;
}
}
with XXX being an absolute location and mydomain being the actual name of my domain (this config file is also in sites-enabled thanks to a "ln -s" command)
What my problem is
When I go to https://mydomain.eu, I am redirected to https://www.google.com/. => great !
When I go to https://www.mydomain.eu, Firefox (and chrome) says that "This site can’t be reached" => :(, different behavior than mydomain.eu, why ?
Same with https://git.mydomain.eu ("This site can’t be reached") => why ? I am sure that http://localhost:3000 is a valid website, as I can access it through its IP address.
It seems that nginx ignores the "www" in my first rule, and I can't figure out why.
This is not related to nginx but your domain host configuration as the net traffic not even reach to your nginx server yet.
In order to be able to access git.example.com, you will need to have a CNAME configured at your host with CNAME host as git, and value as example.com. You also need another one for www, as shown below:
Type Host Value
CNAME git example.com
CNAME www example.com
One more thing to be aware is if you are using a sub-domain like git.example.com, depend on how you configure your ssl certificate and what kind of ssl certificate you purchased, the git.example.com may need a separate ssl certificate, unless you have a multi-site ssl certificate....

IP address to domain redirection in NGINX

My server is running NGINX. My problem is my site is accessible by both IP address and the domain. But I want that when someone browse the IP address the user shoulde be redirected to my domain.
Example :: When any one browse through http://107.170.126.xxx he should be redirected to http://mydomain.com
Please can anybody help me? Thanks in advance
so you can add the server block in the sites-available configuration file like below
server {
listen 80;
server_name 111.11.111.111;
return 301 $scheme://yourname.com$request_uri;
}
so above code will make sure that if you enter 111.11.111.111 it will redirect to http://yourname.com
make sure after editing the config file to reload nginx server
It is known as IP Canonical Issue
You want your ip address to be redirected to your domain name
for that you can add following code in nginx server block or add an additional server block in nginx configuration
server {
listen 80;
server_name www.example.com example.com 192.168.xxx.xx;
return 301 https://www.example.com$request_uri;
}
I use this configuration on my server; if you try an HTTP connection to the IP address of the VPS it will be redirected to my main web site.
i solved redirect from ip adress http/https in ispconfig with:
server {
listen *:80;
listen *:443 ssl http2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/clients/client1/web1/ssl/domain.example-le.crt;
ssl_certificate_key /var/www/clients/client1/web1/ssl/domain.example-le.key;
server_name xxx.xxx.xxx.xxx;
return 301 https://domain.example;
}
server {
listen *:80;
listen *:443 ssl http2;
*#Required TLS Version*
ssl_protocols TLSv1.1 TLSv1.2;
*#SSL Certificate Path*
ssl_certificate /etc/nginx/keyfiles/ssl_certificate.crt;
ssl_certificate_key /etc/nginx/keyfiles/ssl_cert.key;
*#IP Address*
server_name 000.111.222.333;
*#Domain Name to be redirected*
return 301 https://www.domainname.com/;
}

Resources