nginx domain with and without wildcard - nginx

I have nginx configuration file which has to server example.com and www.example.com.
server {
listen 80;
server_name example.com;
return 301 http://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
auth_basic "example Login";
auth_basic_user_file /etc/nginx/.htpasswd;
root /projects/www/example;
index index.html;
location ~* \.(html|js|jpg|png|gif|css|perfumes|imgs|map|fonts|otf)$ {
index index.do index.html index.htm;
access_log off;
}
location /.protected {
access_log off;
auth_basic off;
}
location /health {
access_log off;
auth_basic off;
}
location / {
try_files $uri $uri/index.html;
}
location /hello {
proxy_pass http://localhost:8282;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
I am trying to protect this domain for now, cuz we are preparing the launch. But there is only link which should let the requests pass through without password, if a link has '.protected' in it.
For example,
www.example.com/.protected/file1.txt should be allowed without entering a password.
It is working ok, but the issue is example.com/.protected/file1.txt (without 'www').
If I type only domain name 'example.com' (without 'www'), it automatically redirects to www.example.com as configured, but 'example.com/.protected/file1.txt' doesn't redirect to 'www.example.com/.protected/file1.txt'. It seems if the domain name has some paths, the domain name (without 'www') doesn't redirect to 'www.example.com'
I am getting 'curl: (6) Could not resolve host:'
Is there anything wrong with my configuration file?

Related

is it possible to config nginx certificate in public file

Now this is my nginx server config:
server{
listen 443;
ssl_certificate /etc/nginx/conf.d/cert/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/example.com/privkey1.pem;
server_name super.example.com;
#rewrite ^(.*)$ https://${server_name}$1 permanent;
root /usr/share/nginx/html/pc-super-frontend-fat;
location / {
try_files $uri /index.html;
index index.html index.htm;
}
location ^~ /service/ {
proxy_pass http://k8s-edge-node/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
in every server config file, it contains certificate config:
ssl_certificate /etc/nginx/conf.d/cert/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/example.com/privkey1.pem;
because I have more than 50 sub domains, if change the certificate, it should change more than 100 files config(80 + 443). is it possible to make the certificate config to a seperate file and just reference it in server config file?

Nginx - location block misconfigured?

I have a location block inside of my sites-enabled example.conf that should be routing /testing to a 503 error html page but instead for some reason its hitting my app instead of nginx
[2020-06-30T20:36:13.821768 #6059] FATAL -- : [fc9cb972-f314-4a87-89d9-8334521767b3] ActionController::RoutingError (No route matches [GET] "/testing"):
that is a log line from my actual rails app - why is it even getting this far vs nginx routing to where I thought I told it to???
my nginx .conf
server { listen 443 ssl;
server_name status.* www.status.*;
# SSL
ssl_certificate_key /etc/nginx/ssl/server_example.com.key;
# logging
access_log /var/log/nginx/status.access.log;
error_log /var/log/nginx/status.error.log;
# security
include security.conf;
# reverse proxy
location / {
if (-f /opt/staytus/staytus/maint.on) {
return 503;
}
port_in_redirect off;
proxy_pass http://example.com:8787/;
}
error_page 503 #maintenance;
location #maintenance {
root /usr/share/nginx/html
rewrite ^(.*)$ /Performing-Maintenace.html;
}
location = /testing/ {
return 500;
}
}
server {
listen 80;
server_name www.status.* status.* 11.22.123.456;
root /opt/staytus/staytus/public;
client_max_body_size 50M;
# SSL
ssl_certificate_key /etc/nginx/ssl/example.com.key;
port_in_redirect off;
return 301 https://example.com$request_uri;
location #puma {
proxy_intercept_errors on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://example.com:8787;
}
}

flask with web uwsgi and nginx not able to run index.html

I m very new in flask, try to run a web application with backend as flask. My project folder structure is
~myproject/
~myproject/app (flask api)
~myproject/web (index.html)
running using uwsgi and nginx
uwsgi.ini
[uwsgi]
vhost = true
socket = /tmp/flask.sock
venv = /flask_app/.env
chdir = /flask_app/app
module = app
callable = app
nginx.conf
upstream flask_server {
ip_hash;
server 0.0.0.0;
}
server {
listen 80;
server_tokens off;
server_name _;
root /flask_app/web;
index index.html index.htm index.nginx-debian.html;
charset utf-8;
client_max_body_size 75M;
location / {
#try_files $uri $uri/ =404;
include uwsgi_params;
uwsgi_pass unix:/tmp/flask.sock;
}
#location /static {
# alias /flask_app/static;
#}
location /flask/ {
proxy_redirect off;
proxy_pass http://flask_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
But index.html is not loading , it is only allowing api url (like: 127.0.0.1/login)?
This directive tells Nginx just to send everything matching that location block to the upstream server uwsgi_pass unix:/tmp/flask.sock
If you want to serve just index.html and pass everything else upstream then you could change it like this:
location / {
try_files $uri/index.html #upstream;
}
location #upstream {
include uwsgi_params;
uwsgi_pass unix:/tmp/flask.sock;
}

nginx proxy_pass static assets

I have the following nginx configuration
rewrite_log on;
server {
server_name greymarmita.no-ip.org;
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
server {
server_name greymarmita.no-ip.org;
listen 443 ssl;
error_log /var/log/nginx/main.error;
access_log /var/log/nginx/main.access;
ssl on;
ssl_certificate /etc/ssl/localcerts/autosigned.crt;
ssl_certificate_key /etc/ssl/localcerts/autosigned.key;
root /srv/www;
index index.html /index.html;
location /rasp/ {
proxy_pass http://192.168.2.6:81/;
}
location /cam/ {
proxy_pass http://192.168.2.4:8081;
}
location ^~ /router/ {
proxy_pass http://192.168.2.1/;
}
location /nas/ {
proxy_pass http://192.168.2.13/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
However when I try to access http://192.168.2.6/nas although the html files are served correctly, files under /web/ are not
GET https://greymarmita.no-ip.org/web/images/login.png 404 (Not Found)
The correct path for these assets should be https://greymarmita.no-ip.org/nas/web/images/login.png
You don't have a location to match that file, try adding this
location / {
try_files $uri $uri/;
}

How to redirect requests on IP to domain

Every once in a while someone is trying to access our website through the public ip instead of one of our domains (yes we have multiple country specific domains .dk, .it, .es etc. however we also have .com as the "general").
Now I would like to redirect those requests coming in on the IP-adress to our www.domain.com domain instead. How would I do that in nginx without touching anything BUT requests going directly to the IP?
Here is my nginx.conf
upstream unicorn {
server unix:/tmp/unicorn.mysite.sock fail_timeout=0;
}
server {
listen 80 default deferred;
root /home/deployer/apps/mysite/current/public;
proxy_set_header X-Request-Start "t=${msec}";
if (-f $document_root/system/maintenance.html) {
return 503;
}
error_page 503 #maintenance;
location #maintenance {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
location ~ ^/assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
So the question would be, how do I modify this to redirect e.g. http://123.123.123.123/some_page to http://www.mysite.com/some_page but leave all other like http://www.mysite.dk/some_pageunchanged?
You could setup a catchall server with the following directives:
listen 80 default_server;
server_name _;
If you have multiple server stanzas, you can use default_server to specify the configuration that is used if the hostname doesn't match any of the other server_name entries. Using an ip number fits this scenario. The server_name _; line acts as a null server_name entry.
It's also useful if one of your servers has multiple domain names.

Resources