I'm new to all of this.
I'm going to put you in context. I bought a domain miweb.pe and an instance in aws. Currently my domain redirects to my aws instance because I have registered the dns servers of my amazon instance in myweb.pe.
I bought an ssl certificate and am trying to install it on my amazon instance, where I also installed nginx. I am unable to make any request to myweb.pe redirect to the aws instance that currently has a nodejs service active under port 3000.
this is my current configuration. What am I doing wrong?
server {
listen 443;
server_name myweb.pe;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/beekey.key;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.myweb.pe;
return 301 https://myweb.pe$request_uri;
}
# Redirige de https://www.tudominio.com a https://tudominio.com
server {
listen 443;
server_name www.miweb.pe;
return 301 $scheme://myweb.pe$request_uri;
}
in summary, I want that when accessing myweb.pe it actually accesses thelocalhost: 3000 which is running on my amazon instance.
So, what is the issue you are facing, I can see one issue in your nginx rule for servername you need to type domain name and not localhost. The other thing is I am assuming your service on port 3000 should already be running.
Related
I have a server that I'm trying to set up. I have a Flask server that needs to run on api.domain.com, while I have other subdomains pointing to the server. I have one problem. 2/3 subdomains have no problem using nginx. Meanwhile, my script tries to bind to port 80 on the same machine, therefore failing. Is there a way I can bind my Flask REST script to port 80 ONLY for the subdomain 'api'?
My current config is:
server {
server_name api.domain.me;
location / {
error_page 404 /404.html;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_pass http://127.0.0.1:5050/;
proxy_cache off;
proxy_read_timeout 240s;
}
}
There's a little problem though, nginx likes to turn all POST requests into GET requests, any ideas?
Thanks!
There is no way binding two different applications on port 80 at the same time.
I would set up your api like this:
Bind your Flask API to Port 8080.
On NGINX you can configure you subdomain pointing to your Flask Application
upstream flask_app {
server 127.0.0.1:8080;
}
sever {
listen 80;
server_name api.domain.com;
location / {
proxy_pass http://flask_app/;
proxy_set_header Host $host;
}
}
I actually found out after a bit of diagnosis.
server {
if ($host = api.domain.me) {
return 301 https://$host
}
# managed by Certbot
had to become:
server {
if ($host = api.domain.me) {
return 497 '{"code":"497", "text": "The client has made a HTTP request to a port listening for HTTPS requests"}';
}
Because Certbot tries to upgrade the request to https but the HTTP method gets changed to GET because of the 301 response code.
I installed Nginx on my server (my server uses WHM). And on this server has two accounts. Each account will run a server a NextJS site and each account has its own domain.
Site1 will run on port 3000
Site2 will run on port 3004
What I want to do is:
I want to access domain1 I see the content of my site1 in NextJS that runs on localhost:3000
And when I access domain2 I see the content of my site2 on NextJS running on localhost:3004
I tried to do a Nginx implementation for site1. But when I accessed it I saw a Cpanel screen, and the url was dominio1/cgi-sys/defaultwebpage.cgi
Here's the Nginx implementation I tried to do:
server {
listen 80;
server_name computadorsolidario.tec.br www.computadorsolidario.tec.br ;
location / {
proxy_pass http://localhost:3004;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
So how do I do this setting for nginx to have this behavior? And I'm changing the correct file?
Note: I created the configuration file in /etc/nginx/conf.d/users/domain1/domio1.conf And within /etc/nginx/conf.d/users have several configuration files with the name of the accounts you have on the server. (They are already implemented.)
Try
server {
listen 80;
server_name www.domain1.com;
proxy_pass http://127.0.0.1:3000;
}
server {
listen 80;
server_name www.domain2.com domain2.com;
proxy_pass http://127.0.0.1:3004;
}
Each domain listens on same port and reverse-proxies to local network on the ports you specify. To differentiate between hosts, specify the server_name field.
server {
listen 80;
server_name www.domain1.com;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
server {
listen 80;
server_name www.domain2.com domain2.com;
location / {
proxy_pass http://127.0.0.1:3004;
}
}
I have two apps one for frontend built using ReactJS and one is for backend built using FastAPI. I have server machine where I have deployed both the apps. Now I want to use Nginx (because of SSL) to host both my application on the same machine with same domain name but the ports are different. I know how to do it for different domains or subdomain but I don't have another domain/subdomain with me right now. So I want to aks how I can achive this in Nginx?
For example my FE is using port 5000 & BE is using 8000,I am able to configure Nginx to serve my FE but I am getting this error,
Blocked loading mixed active content
because my FE which is httpstrying to connect to backend on port 8000 which is not https.
Here is my nginx config file,
server {
listen 443 ssl;
ssl_certificate /opt/ssl/bundle.crt;
ssl_certificate_key /opt/ssl/custom.key;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
server_name something-c11.main0.auto.qa.use1.mydomain.net;
keepalive_timeout 5;
client_max_body_size 100M;
access_log /opt/MY_FE/nginx-access.log;
error_log /opt/MY_FE/nginx-error.log;
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://localhost:5000;
proxy_redirect off;
}
}
server {
if ($host = something-c11.main0.auto.qa.use1.mydomain.nett) {
return 301 https://$host$request_uri;
}
listen 80;
server_name something-c11.main0.auto.qa.use1.mydomain.net;
return 404;
}
Any help would be appreciated....
Let's say I have my main domain on one server and one of the subdomains to another server.
both of these addresses are using Cloudflare DNS to different ip addresses, so:
example.com => ip1
new.example.com => ip2
Now I want to proxy_pass a certain path on example.com to new.example.com without changing the url, so:
example.com/something should show content of new.example.com/somethingElse
These are my nginx config files, the problem is if I point example.com/something to google.com or even an ngrok server that I hosted for test, everything works just fine, but when I point it to new.example.com/something it gives me 502 error, so my guess is there's something wrong with my new.example.com config.
example.com Config:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/key.pem;
server_name example.com www.example.com;
resolver 8.8.8.8;
location = /something {
proxy_set_header X-Forwarded-Host new.example.com;
proxy_set_header Host new.example.com;
proxy_pass https://new.example.com/somethingElse;
}
}
new.example.com Config:
server {
listen 443;
server_name www.new.example.com new.example.com;
ssl_certificate /etc/ssl/private/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
location / {
proxy_pass http://container-name:80;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Please test the connectivity between the servers. Login into example.com server and send CURL request to the new.example.com service.
Looks like example.com server is not able to reach new.example.com server.
Please check nginx service logs.
Another option to achieve your requirements is cloudflare worker service.
I have a NodeJS web service which is exposed with a reverse-proxy using Nginx. I am trying to renew an SSL certificate from certbot, and for renewal it looks at domain.com/.well-known for the ACME challenge. However, the way I have the node service configured is that the root path does not serve files, the root of the domain is caught and handled by my web service. My actual public webroot is at domain.com/public, so the ACME challenge is really at domain.com/public/.well-known
So there are two ways to fix this, I could figure out how to tell certbot to look at domain.com/public/.well-known instead of domain.com/.well-known, or figure out how to somehow "proxy" domain.com/public/.well-known to domain.com/.well-known.
Here is my config and failed attempt at redirecting it:
server {
listen 80;
listen 443 ssl;
client_max_body_size 50M;
ssl_certificate <path to cert>;
ssl_certificate_key <path to key>;
server_name domain.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /.well-known {
return 302 "http://{$host}/public{$request_uri}";
}
}
If you cannot use path based (HTTP) domain validation, you can use DNS based domain validation.
certbot certonly --manual --preferred-challenges dns -d mydomain.com
This will prompt you to add a TXT record to your domain's DNS server. Add the record and then wait a few minutes before pressing ENTER to continue.
The copy the new certificates to your desired location.
Certbot User Guide