Nginx Bad Gateway 502 when accessing istio-envoy deployed on kubernetes - nginx

My web application is running on One Server and two worker nodes
my nginx config file is
server {
listen ip-address:80 ;
server_name subdomain.domain.com;
server_name www.subdomain.domain.com;
server_name ipv4.subdomain.domain.com;
location / {
proxy_pass http://ip-address:32038/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
fastcgi_read_timeout 3000;
}
}
server {
listen ip-address:443 ssl http2;
server_name subdomain.domain.com;
server_name www.subdomain.domain.com;
server_name ipv4.subdomain.domain.com;
ssl_certificate /opt/psa/var/certificates/scf83NyxP;
ssl_certificate_key /opt/psa/var/certificates/scf83NyxP;
ssl_client_certificate /opt/psa/var/certificates/scfrr8L8y;
proxy_read_timeout 60;
location / {
proxy_pass https://ip-address:30588/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
my website on http://subdomain.mydomain.com is running fine . but when i use https://subdomain.mydomain.com it displays bad gateway error page server by nginx
through ssh when i run following command everything works fine
For http
curl -v -HHost:subdomain.mydomain.com http://ip-address:32038
curl -v subdomain.mydomain.com
For https
curl -v -HHost:subdomain.mydomain.com https://subdomain.mydomain.com:30588
From server node SSH
curl -v -HHost:subdomain.mydomain.com --resolve subdomain.mydomain.com:30588:ip-address --cacert /opt/psa/var/certificates/scf83NyxP https://subdomain.mydomain.com:30588
Any help will be really appreciated.
Thanks

Without knowing anything about the backend service, I would guess that perhaps it is not equiped for HTTPS. You may simply need to change this line...
proxy_pass https://ip-address:30588/;
to...
proxy_pass http://ip-address:30588/;
If the backend service does in-fact need to be called by https (unusual), then we would need to see how that service in configured, as the nginx error suggests that it is not correctly processing the SSL connection.

502 Bad Gateway in Nginx commonly occurs when Nginx runs as a reverse proxy, and is unable to connect to backend services. This can be due to service crashes, network errors, configuration issues, and more. How do we pinpoint the issue? We need to look at what is returning an invalid response to nginx.
Assuming nginx errored because of configuration issues ---
I have run into a 502 Bad Gateway - nginx simply because I had inconsistencies with white space on my config file.
Probably the result of copy/pasting your config file code here, but there are spacing inconsistencies that could trigger a parsing fail for the file.
i.e. My 502 bad gateway - nginx error was solved by deleting a space that I had accidentally added in front of a line in the config file.

Related

Setting up reverse proxy for organizr (nginx) on docker

I have tried a lot of searching and trial and errors to set up reverse proxy for organizr but it seems to not work. need help from you experts.
My Setup: All on Dockers
nginx: docker instance setup to serve my multiple domains using wordpress.
organizr: separate docker instance for my media. The config files are in separate folder. I can access this locally without any issues. I intend to put this behind one of my domains as a subdomain ex. organizr.domain.com.
with below config, I always get upstream timed out (110: Connection timed out). I have followed many tutorials but may have mixed up the config now. I would appreciate if someone could help with clear instructions to set this up.
conf file in nginx's folder
# Organizr Subdomain
upstream organizr_backend {
server 192.168.X.X:9999;
}
server {
listen 443 ssl http2;
server_name organizr.domain.co.uk;
ssl_certificate /etc/letsencrypt/live/domain.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.co.uk/privkey.pem;
ssl_prefer_server_ciphers on;
error_log /var/log/nginx/organizr.domain.co.uk.error.log error;
access_log /var/log/nginx/organizr.domain.co.uk.access.log main;
location / {
proxy_pass http://organizr_backend;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Searched google for many combinations, but i am unable to get the desired results.

nginx reverse proxy for application

I use nginx for reverse proxy with domain name. I've some application publish on IIS and i want to proxy different location name for each application.
For example;
Domain name on nginx :
example.com.tr
application end points for app:
1.1.1.1:10
1.1.1.2:10
upstream for app in nginx.conf:
upstream app_1 {
least_conn;
server 1.1.1.1:10;
server 1.1.1.2:10;
}
server {
listen 443 ssl;
server_name example.com.tr;
proxy_set_header X-Forwarded-Port 443;
ssl_certificate /etc/cert.crt;
ssl_certificate_key /etc/cert.key;
location /app_1/ {
proxy_pass http://app_1/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-REAL-SCHEME $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /etc/nginx/log/access.log;
error_log /etc/nginx/log/error.log;
}
}
When I try to access example.com.tr/app_1/ , I can access application but not all data.
I inspected this site and so many requests of application were failed.
All requests sended to example.com.tr/uri instead of example.com.tr/app_1/uri. How can I fix this ?
thanks,
You need a transparent path proxy setup. Means NGINX should use the requested URI without removing the matched location from it.
proxy_pass http://app_1;
Remove the tailing slash to tell NGINX not to do so. Using an upstream definition is great but make sure you apply keepalive.

Geoserver behind Nginx : strange behavior with HTTPS

I need your help for a strange problem :)
I have Geoserver on my server :
it is a standalone daemon (not a WAR deployed in Tomcat)
it is listening on 127.0.0.1:8280
I have a PROXY_BASE_URL configured like this: https://geoserver.example.com/geoserver
the option "Use headers for Proxy URL" is checked at this moment but I tried by unchecking it
I have a Nginx in front of Geoserver to manage the SSL offloading.
The vhost is :
upstream backend-geoserver {
server 127.0.0.1:8280 weight=10 max_fails=3 fail_timeout=15s;
}
server {
server_name geoserver.example.com;
listen 443 ssl;
include snippets/ssl.conf;
access_log /var/log/nginx/access-geoserver.log;
error_log /var/log/nginx/error-geoserver.log;
location / {
rewrite ^ /geoserver;
}
location /geoserver {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://backend-geoserver/geoserver;
}
}
When I reach my server on https://geoserver.example.com it works: I see the home page of Geoserver
Important detail : the port 80 is closed and I can't open it myself: the Nginx server can only answer on 443
When I try to login, I have a connection timeout after X seconds and, at this moment, the URL in my browser (Firefox) is HTTP://geoserver.example.com/geoserver/ <--- please note the protocol is HTTP not HTTPS
If I replace http:// with https:// and press Enter: I reach the page
If I click on a link in Geoserver, same behavior: it switches on http:// and I have to force the URL manually.
Is anyone has an idea please ?!
Thank you very much :)
You really should have to get that port 80 open and configure nginx to redirect unsecure traffic over to https://

Reverse Proxy HTTPS Requests as HTTP to Upstream Server

We are using NGINX on our cPanel server to reverse proxy ZKTeco ZKBioSecurity servers. Due to compatibility with some of their devices not supporting HTTPS, all our servers use HTTP, but, of course, all sessions to our NGINX server is secured with HTTPS and a Sectigo certificate provided by cPanel’s AutoSSL.
Here’s the problem: it seems that the ZKBioSecurity servers are detecting that the client is using HTTPS to connect to them through NGINX, and because of this, give the following prompt each time you want to log in, advising you to download and install the ISSOnline driver and certificate. The certificate, however, is issued to the ZKBioSecurity server for 127.0.0.1, so of course this is rather pointless as we are connecting to the NGINX server using a FQDN. This does not happen if we use HTTP:
So my question: is there something in the request (the HTTP header perhaps?) that NGINX forwards to the upstream server that contains the protocol (HTTPS) the client used to connect to the server? Because this somehow seems to be the case.
Here’s our NGINX config for ZKBioSecurity servers:
location /.well-known {
root /home/novacloud/public_html/subdomain/.well-known;
allow all;
try_files $uri = 404;
}
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
proxy_pass http://192.168.0.1:8080;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
The server_name directive is, of course, managed by cPanel. The above is an example of the include files we use in the main cPanel NGINX configuration file. I thought it was the proxy_set_header X-Forwarded-Proto $scheme, but even if I remove this, I still get the Driver Detection Exception prompt.
Here’s a Pastebin of a cURL of the ZKBioSecurity server from our cPanel/NGINX server

WildFly 8.2.1 and nGinX

I have 2 servers(CentOS7) in LAN WildflyAPP and nGinX.
nGinX is having 2 eth cards. One connected with LAN(192.X.X.X network) and second up to the wild world (external static IP).
I'm trying to use nGinX as Proxy to Wildfly 8.2.1(as a service) using subdomains:
app.mydomain.com to be used as proxy to Wildfly application (8080 port)
wildfly.mydomain.com for management to wildfly (9000 port)
In both cases im receiving 502 error
I used default configuration for nGinx:
server {
listen 80;
server_name app.mydomain.com;
error_log /var/log/nginx/app-error.log;
access_log /var/log/nginx/app-access.log;
location / {
proxy_pass http://192.X.X.X:8080/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
add_header Cache-Control "no-cache, no-store";
}
}
I also tried versions with:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
Nothing i found anywhere in net helped (standalone file checked and looks ok, APP accessible from LAN at 8080 without any problems).
Please help me what i am doing wrong here.

Resources