I am trying to setup tusd with Uppy on https without success. It works well on http.
Here's my nginx conf file:
server {
listen 80;
listen[::]: 80;
server_name
DOMAIN.com
www.DOMAIN.com;
root / srv / users / DOMAIN / apps / DOMAIN / public;
access_log / srv / users / DOMAIN / log / DOMAIN / DOMAIN_nginx.access.log main;
error_log / srv / users / DOMAIN / log / DOMAIN / DOMAIN_nginx.error.log;
proxy_set_header Host $host;
proxy_set_header X - Real - IP $remote_addr;
proxy_set_header X - Forwarded - For $proxy_add_x_forwarded_for;
include / etc / nginx - sp / vhosts.d / DOMAIN.d
/*.nonssl_conf;
include /etc/nginx-sp/vhosts.d/DOMAIN.d/*.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name
DOMAIN.com
www.DOMAIN.com
;
ssl_certificate_key ssl/DOMAIN.key;
ssl_certificate ssl/DOMAIN.combined_crt;
root /srv/users/DOMAIN/apps/DOMAIN/public;
access_log /srv/users/DOMAIN/log/DOMAIN/DOMAIN_nginx.access_ssl.log main;
error_log /srv/users/DOMAIN/log/DOMAIN/DOMAIN_nginx.error_ssl.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx-sp/vhosts.d/DOMAIN.d/*.ssl_conf;
include /etc/nginx-sp/vhosts.d/DOMAIN.d/*.conf;
location /files/ {
#resolver 8.8.8.8 4.2.2.2;
proxy_pass http://localhost:3020/files;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# Disable request and response buffering
proxy_request_buffering off;
proxy_buffering off;
proxy_http_version 1.1;
# Add X-Forwarded-* headers so that response can reference https and
# originating host:port
proxy_set_header X-Forwarded-Host $hostname;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Allow proxying of websockets if required
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 0;
}
}
At another conf file I have this additional configuration:
location / {
proxy_pass $backend_protocol://$backend_host:$backend_port;
}
At Chrome console I have the following output:
upload.js:2 OPTIONS https://DOMAIN/files/2b775a112504ed1222c6ffdd4fbdac03+Dc99JI0Zvgh54FXVfpp5K32GAiZBjV5bY-d9tzj8fDL1FxNKKZrHP_SBE6OERG8SWAm1ZjqtjYMVWSvWCQLba0qsR8krfVBYw8ApHqIBO7DG9Bn1t_tv_a6nuuTuqlXC net::ERR_NAME_NOT_RESOLVED
Notice the domain without the .com extension!
I tried all combinations of configuration, commenting the configuration lines without success. Can you spot the mistake?
A contractor solved it for me and the solution is neat. He did it instead configuring Apache.
At the first nginx conf file he removed the "location /files/" section entirely. At the apache conf file, he added the following lines:
ProxyPass /files http://localhost:3020/files
ProxyPassReverse /files http://localhost:3020/files
And it worked.
This is pretty clearly a network issue which should be a definite mismatch between the data that is advertised in the HTTP Headers and the data transferred over the wire.
It could come from the following:
Server: If a server has a bug with certain modules that changes the content but don't update the content-length in the header or just doesn't work properly. It was the case for the Node HTTP Proxy at some point (see here)
Proxy: Any proxy between you and your server could be modifying the request and not update the content-length header.
This problem could also be the nginx docker container disk space. Just check and if full please clear the files.
Let me know if that helps.
Re-use then adapt (from companion.mywebsite.com to yourdomain.com) this working nginx configuration file :
( don't forget to change also ssl_certificate, ssl_certificate_key and ssl_dhparam )
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
server_name companion.mywebsite.com;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://0.0.0.0:3020;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/companion.mywebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/companion.mywebsite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = companion.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name companion.mywebsite.com;
return 404; # managed by Certbot
}}
Then try again... if you get this error:
Nginx Error: The page you are looking for is temporarily unavailable. Please try again later.
Run:
setsebool -P httpd_can_network_connect 1
To fix permission then restart apache
Related
Good day i'm trying to make a test site to understand nginx, i have this config files. when i make a query to the sites shows me the 404 nginx error page, what im doing wrong... thanks for ur answers
/etc/nginx/sites-enabled: In this part of the file it is supposed to go the configuration for the proxy that will be on the same server, the server is strapi that is practical to make a quite fast API Rest
upstream strapi {
server 127.0.0.1:1337;
}
server {
root /var/www/html;
root /var/www/
index index.html index.htm index.nginx-debian.html;
server_name 0.0.0.0miweb.com www.miweb.com;
location / {
proxy_pass http://strapi;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
sslcertificate /etc/letsencrypt/live/miweb.com/fullchain.pem;
sslcertificatekey /etc/letsencrypt/live/miweb.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssldhparam /etc/letsencrypt/ssl-dhparams.pem;
]
server {
if ($host = miweb.com) { return 301 https://$host$request_uri; }
listen 80 default_server;
listen [::]:80 default_server;
server_name 0.0.0.0 miweb.com www.miweb.com;
return 405;
}
/etc/nginx.conf: In this part of the file it is supposed to use the configuration of the previous file and add it to its allowed routes.
user www-data; worker_processes auto; pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
workerconnections 768;
}
http {
sendfile on;
tcpnopush on;
tcpnodelay on;
keepalivetimeout 65; typeshashmaxsize 2048;
include /etc/nginx/mime.types;
defaulttype application/octet-stream;
sslprotocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
sslpreferserverciphers on;
accesslog /var/log/nginx/access.log;
errorlog /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/.conf;
include /etc/nginx/sites-enabled/;
}
I'd like to ask for advice about configuring nginx and https for a Flask server (Centos 7, nginx 1.20.1).
I've defined a RESTful API which works as designed. I'd now like the user to be able to use any of the following addresses when calling the API:
http://mysiteapi.com
http://www.mysiteapi.com
https://mysiteapi.com
https://www.mysiteapi.com
I set up a generic nginx.conf file which worked fine for the first two addresses (http). I then ran sudo certbot --nginx -d mysite.com -d www.mysite.com. The https addresses now work but the http addresses give a 405 error. This nginx.conf file is shown below.
Is there anything obviously wrong about the 301 redirection here? More generally, is there scope to tidy up the file and reduce the number of 'server' blocks? I'm learning my way around nginx and would appreciate any guidance.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
#include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server
{
client_max_body_size 8M;
server_name mysiteapi.com;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/andrew/myproject/myproject.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysiteapi.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysiteapi.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server
{
client_max_body_size 8M;
server_name www.mysiteapi.com;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/andrew/myproject/myproject.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysiteapi.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysiteapi.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server
{
if ($host = mysiteapi.com)
{
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mysiteapi.com;
return 404; # managed by Certbot
}
server
{
if ($host = www.mysiteapi.com)
{
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.mysiteapi.com;
return 404; # managed by Certbot
}
}
I'm not sure why do you get an HTTP 405 error with the plain HTTP requests, but I can guess it can happened because of requests methods other than GET - an HTTP 301 redirect will change any request method to the GET one, and to prevent it you should use an HTTP 308 redirect instead. But as I understand from your question you don't need any redirects at all, both HTTP and HTTPS schemes should be served equally, and if that is you want to achieve, you can significantly simplify your server block:
server {
server_name mysiteapi.com www.mysiteapi.com;
listen 80;
listen 443 ssl;
... # rest of the config here
}
Here I want to refer this answer:
I don't allow certbot to create my web server configurations. I frankly don't trust it to get it right, since it's already doing some not very efficient practices.
I do the same for my servers, so I suggest you to add this location to your nginx config (you can use any suitable directory instead of /var/www):
location /.well-known/acme-challenge/ {
root /var/www;
try_files $uri =404;
}
and use a certbot for certificate issuing/renewing only:
certbot certonly --webroot -w /var/www -d mysiteapi.com -d www.mysiteapi.com
Hi I'm quite inexperienced with NGINX and am having difficulty understanding why things aren't working as expected. I'm trying to test an API that I made with a docker container, which is being run with the command: docker run -d -v $(pwd):/app -p 8080:8000 --rm wiseeast/ya_bot.
I'm able to make API requests with Postman at http://ffpr.isi.edu:8080/api with a POST request, but the same request on AJAX with javascript returns an apparently frequent No 'Access-Control-Allow-Origin' header is present on the requested resource. error. I tried to bypass this by enabling CORS on my server by adding add_header 'Access-Control-Allow-Origin' '*' always; because I have control over it but it didn't resolve the issue. Also what is bugging me is that with Postman I can make a successful POST request to http://ffpr.isi.edu:8080/api but not to https://ffpr.isi.edu:8080/api.
Also, I have a rerouting issue that I feel should be straightforward given what I've read but isn't working. I have a webpage properly rerouting http://ffpr.isi.edu to https://ffpr.isi.edu but the rest of the rerouting doesn't work. For instance http://ffpr.isi.edu:5050/ loads through port 80 unsecurely and won't reroute to https://ffpr.isi.edu:5050/. On the other hand, https://ffpr.isi.edu:5050/ won't open at all with a time out error.
Here is my full nginx.conf file:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream frontend {
server 0.0.0.0:8000;
}
upstream ased_api {
server 0.0.0.0:5000;
}
upstream ya_bot {
server 0.0.0.0:8080;
}
upstream yesand {
server 0.0.0.0:5050;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
return 301 https://$host$request_uri;
}
# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ffpr.isi.edu;
ssl_certificate "/etc/nginx/ssl/ffpr_isi_edu_cert.cer";
ssl_certificate_key "/etc/nginx/ssl/ffpr_isi_edu.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://frontend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /api {
proxy_pass http://ased_api;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /ya_bot {
proxy_pass http://ya_bot;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
location /yesand {
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://yesand;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/ssl/ffpr_isi_edu_cert.cer";
ssl_certificate_key "/etc/nginx/ssl/ffpr_isi_edu.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
I've been suffering with these issues for so long, any pointers are greatly appreciated!!
In my experience, the add_header 'Access-Control-Allow-Origin' '*'; on the proxy machine did not fix the problem.
However, setting the 'Access-Control-Allow-Origin' header from the backend API as a response header did work. For example, You can run the following Go code on the backend API:
(*w).Header().Set(“Access-Control-Allow-Credentials”, “proxy-host-name”)
As for the redirect issue, you don’t need to use two separate server blocks, try this instead in the nginx.conf:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ffpr.isi.edu;
ssl_certificate "/etc/nginx/ssl/ffpr_isi_edu_cert.cer";
ssl_certificate_key "/etc/nginx/ssl/ffpr_isi_edu.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if ($scheme != https) {
return 301 https://$host$request_uri
}
}
I hope this helps.
I have a droplet on Digital Ocean, that I am using to host a site and an API for that site.
I would like:
https://example.com to serve the website
https://example.com/api to serve the API, running on port 3000.
Here's my /etc/nginx/nginx.conf file:
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/http-error.log;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server {
server_name example.com; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
# SSL settings
ssl_certificate /path/to/file.pem; # managed by Certbot
ssl_certificate_key /path/to/file.pem; # managed by Certbot
include /path/to/file.conf; # managed by Certbot
ssl_dhparam /path/to/file.pem; # managed by Certbot
proxy_http_version 1.1;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
# Routes
location /api/ {
proxy_pass http://127.0.0.1:3000/;
}
location / {
root /usr/share/nginx/html;
}
error_page 404 /404.html;
location = /40x.html {}
error_page 500 502 503 504 /50x.html;
location = /50x.html {}
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name example.com;
return 404; # managed by Certbot
}
}
Serving the static html files works great, but the https://example.com/api/ returns a 502: Bad Gateway error. I don't understand what I am doing wrong... any help would be appreciated. Thank you.
Turns out my config was totally fine. I just need to enable networking on the Droplet. I used this post to do so. Thanks, everyone!
In short:
setsebool httpd_can_network_connect on
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:3000;
}
This normally does not disappoint me. Please try.
I've installed and set up senaite.lims, which is a Plone extension, running on Plone 4.3.18 installed by the Unified Installer, and adding senaite.lims to the buildout.cfg eggs.
It's running fine on port 8080, and I can get Nginx to work redirecting / to :8080, but when I start using https, suddenly the css of the site doesn't work anymore.
I looked at the source, and the produced html page shows a link to the stylesheet with http://.... which I don't know if may cause problems, but if I actually try to open the .css file in the browser it works fine.
I set up and tried both with port 80 redirecting the https, and serving both a version of http and https, but neither one would get the page to render using .css. If anyone has any tips, or sees something wrongly configured in the nginx below, any help would be greatly appreciated.
Here is my nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
default_type application/octet-stream;
include /etc/nginx/mime.types;
sendfile on;
keepalive_timeout 75;
upstream plone {
server 127.0.0.1:8080;
}
server {
listen 80;
listen 443 ssl http2;
server_name 99.99.99.99; # changed for posting on SO
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
proxy_pass http://localhost:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_buffer_size 128k;
proxy_buffers 8 128k;
proxy_busy_buffers_size 256k;
}
}
}
You missed to rewrite the URL, e.g:
rewrite ^(.*)$ /VirtualHostBase/$scheme/$host/senaite/VirtualHostRoot/$1 break;
Here is a complete working config for SENAITE:
server {
listen 80;
server_name senaite.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name senaite.mydomain.com;
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
include snippets/ssl-senaite.mydomain.com.conf;
include snippets/ssl-params.conf;
include snippets/well-known.conf;
access_log /var/log/nginx/senaite.access.log;
error_log /var/log/nginx/senaite.error.log error;
# Allow Cross-Origin Resource Sharing from our HTTP domain
add_header "Access-Control-Allow-Origin" "http://senaite.ridingbytes.com";
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
add_header "X-Frame-Options" "SAMEORIGIN";
if ($http_cookie ~* "__ac=([^;]+)(?:;|$)" ) {
# prevent infinite recursions between http and https
break;
}
# rewrite ^(.*)(/logged_out)(.*) http://$server_name$1$2$3 redirect;
location / {
set $backend http://haproxy;
# API calls take a different backend w/o caching
if ($uri ~* "##API") {
set $backend http://api;
}
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite ^(.*)$ /VirtualHostBase/$scheme/$host/senaite/VirtualHostRoot/$1 break;
# proxy_pass $backend;
proxy_pass http://plone;
}
}