I'm running Plesk Obsidian on my centOS server and manually installed Jenkins on it. Jenkins is up and running. It can be used by calling http://my-server.de:38080 without any problems. I also created a new subdomain in Plesk (jenkins.my-server.de), which is secured with a lets encrypt certificate.
My idea was to use the nginx reverse proxy to call Jenkins using the new subdomain: https://jenkins.my-server.de. Therefore I disabled the use of Apache in the Plesk Apache & nginx Settings for the subdomain and added the following additional nginx directives in the Plesk web interface:
location ~ / {
proxy_pass http://localhost:38080;
proxy_read_timeout 90;
proxy_redirect http://localhost:38080 https://jenkins.my-server.de;
}
The problem is, that some sites are working and on other sites I get a 404.
Calling https://jenkins.my-server.de should show me the login page, but I get a 404. Only if I enter https://jenkins.my-server.de/index in the browser, I see the login page.
Calling https://jenkins.my-server.de/manage on the other hand loads the wanted page without error. The page https://jenkins.my-server.de/configureSecurity shows a 404 again and only works if I add /index at the end.
Am I missing something in the nginx settings?
The following configuration is working for me in combination with Plesk.
location ^~ / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://localhost:38080 https://jenkins.my-server.de;
proxy_pass http://localhost:38080;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off;
add_header 'X-SSH-Endpoint' 'jenkins.my-server.de:50022' always;
}
Related
I want to setup nginx basic auth for my server that contains Strapi (we are using this server to query it with GraphQL for static content) to prevent unauthorised visitors while product is in development.
Strapi is located on port 1337, so I can access it via 127.0.0.1:1337 and see here starting page of Strapi that has button to redirect forward to the admin portal login (127.0.0.1:1337/admin that afterwards redirects to 127.0.0.1:1337/admin/auth/login).
If I'm adding basic auth in nginx (successfuly added it on other servers for the project), it works for the first page on root domain, but after going to /admin to the admin panel I spotted 2 different behaviours (depending on the browser)
Chrome constantly asks for basic auth on /admin and refreshes after every input, it's simply not letting me further
Safari bypasses the basic auth prompt, but when I try to login in /admin it just refreshes without any errors and not letting me further.
P.S. I'm not a DevOps guy, I'm project manager but currently our project is not having dedicated DevOps person to solve issues like that, so have to do everything by myself. Don't blame for dooing something wrong here :)
This is how I tried setting up nginx, all I did is generated the .httpasswd file with login and pass and added following code to the /etc/nginx/sites-available/default
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
auth_basic "Login here!";
auth_basic_user_file /etc/nginx/.htpasswd;
}
header parameters taken from here https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/deployment/optional-software/nginx-proxy.html#nginx-virtual-host
Also tried same configuration as works on other server that had NextJS app running under basic auth
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic "Login here!";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Both now working, any ideas why?
I have the standalone version of GeoServer 2.21.0 running behind an NGINX reverse proxy. Whenever I attempt to do anything with the web UI, Wicket is redirecting me to HTTP when I need it to send me to HTTPS.
The server does serve up map tiles correctly. It's just that the web UI is completely dysfunctional as it's running over HTTPS and GeoServer redirects everything to HTTP for some reason.
I also have the CSRF whitelist set but I'm having problems before CSRF comes into play. If I do so much as go to https://myserver/geoserver it redirects me to http://myserver/geoserver/web/?0 which doesn't work.
I have a GeoServer instance running behind NGINX. NGINX is configured like this:
location / {
proxy_pass http://127.0.0.1:9191/; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
I have the Proxy Base URL configured to https://myserver/geoserver and Use headers for Proxy URL is enabled.
What might be causing this? A Google search wasn't very helpful.
The answer was proxy_redirect ~*http://[^/]+(/.*)$ $1;
This rules tells NGINX to remove everything from the beginning http all the way up through the hostname in the redirect so that the redirect sends the user to the reverse proxy's (i.e. NGINX) host.
relevant answer
How can I correctly configure nginx and phpmyadmin? I've configured nginx and can access phpmyadmin login page through nginx but unable to login, when I try to login it shows Failed to set session cookie. Maybe you are using HTTP instead of HTTPS to access phpMyAdmin.
I'm accessing through https://example.com/phpmyadmin/
and this is the nginx config
location /myphpadminroute/{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header host $host;
proxy_pass_request_headers on;
root path_to_phpmyadmin/phpMyAdmin/;
proxy_pass http://localhost:8080/phpmyadmin/; # apache is running on 8080
}
The login is working fine when using apache url either http://localhost:8080/phpmyadmin/ or https://localhost:8443/phpmyadmin/
I've also tried with proxy_pass https://localhost:8443/phpmyadmin/; in nginx but same error rises.
Whether it is nginx configuration problem or phpmyadmin I just couldn't figure it out.
Edit: The cookie path is not correct phpMyAdmin_https=utd7tbihn9qp9r4e0f0dvj6tpo; path=/phpmyadmin/; secure; HttpOnly and it's working fine if I change nginx path to /phpMyAdmin/ now how can I change cookie path in phpmyadmin
Finally it's working perfectly fine.
For those who are also facing this type of problem the trick is to just set variable in config.inc.php $cfg['PmaAbsoluteUri'] to the url that your user should see
for example $cfg['PmaAbsoluteUri'] = https://example.com/myphpadminroute
I want to ask if there is a way to deploy my Flask project to a Plesk subdomain. The site is going to be created with wordpress inside Plesk. Also, i would like to have database support.
I was struggeling with a similar issue. What i did was the following:
Installed nginx
In the subdomain -> Apache & nginx Settings, make sure to disable the proxy-mode under the nginx settings
add the following to Additional nginx directives:
location / {
# Define the location of the proxy server to send the request to
proxy_pass http://127.0.0.1:5000;
# Redefine the header fields that NGINX sends to the upstream server
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Define the maximum file size on file uploads
client_max_body_size 5M;
}
location /static/ {
alias /var/www/vhosts/PATH/TO/FLASK/app/static/;
}
The rest is handled by gunicorn, you can find a great tutorial here: https://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-xvii-deployment-on-linux
hope that helps
My goal is to have under the same domain a Rails web application running on Heroku (website) - responding to requests on root (www.example.com) and a blog hosted on wordpress.com - responding to request on /blog path (www.example.com/blog).
Currently heroku manages the certificate on my domain.com (web dyno) and I also have a wordpress issued certificate for my blog.domain.com.
Should I have a SSL certificate managed by Heroku, only on proxy dyno?
How should I setup nginx.conf to work correctly with SSL?
Is it possible to achieve it with wordpress.com? (the non-tech support said it was not)
Since I am hosting on Heroku, I cannot have an IP address to my dyno, so I have to redirect to my domain (already mapped to heroku dns). For the blog part, I wordpress.com does not give me an IP address, also, so I have to use a subdomain (blog.) that I have already mapped and it works fine.
# nginx.conf
events {}
http {
server {
listen $PORT;
# listen 443 ssl; # localhost debugging
# ssl_certificate localhost.crt; # localhost debugging
# ssl_certificate_key localhost.key; # localhost debugging
location / {
proxy_redirect off;
proxy_ssl_server_name on; # To avoid 502 bad gateway
proxy_set_header Host $host; # If I put this, I stop being redirected to domain.com (URL rewrite) but I face 502 bad gateway issue
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://example.com:443;
}
location /blog/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://blog.example.com:443;
}
}
}
What I was expecting is to navigate through www.domain.com on both website/blog without any kind of redirection or URL rewrite. What I get is either a redirection (302) with url change OR 502 bad gateway (when I try to use the configuration above) - if I setup 'Host' header.